ok podarilo sa tu je log
ComboFix 14-01-08.03 - Dida . 01. 2014 20:21:07.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3036.1970 [GMT 1:00]
Running from: c:\users\Dida\Documents\ComboFix.exe
Command switches used :: c:\users\Dida\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\logo1_.exe"
"c:\windows\rundll16.exe"
"c:\windows\system32\drivers\abwmmgxe.sys"
"c:\windows\system32\drivers\aqxrksip.sys"
"c:\windows\system32\drivers\cbzeqxhw.sys"
"c:\windows\system32\drivers\duuiqpic.sys"
"c:\windows\system32\drivers\enixakfk.sys"
"c:\windows\system32\drivers\kbmtydzm.sys"
"c:\windows\system32\drivers\lynmeyde.sys"
"c:\windows\system32\drivers\qzjrxamv.sys"
"c:\windows\system32\drivers\wutnecso.sys"
"c:\windows\system32\drivers\xrvfcyge.sys"
"c:\windows\system32\drivers\yxyahtlk.sys"
"c:\windows\system32\drivers\yzjzcbzu.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\abwmmgxe.sys
c:\windows\system32\drivers\aqxrksip.sys
c:\windows\system32\drivers\cbzeqxhw.sys
c:\windows\system32\drivers\duuiqpic.sys
c:\windows\system32\drivers\enixakfk.sys
c:\windows\system32\drivers\kbmtydzm.sys
c:\windows\system32\drivers\lynmeyde.sys
c:\windows\system32\drivers\qzjrxamv.sys
c:\windows\system32\drivers\wutnecso.sys
c:\windows\system32\drivers\xrvfcyge.sys
c:\windows\system32\drivers\yxyahtlk.sys
c:\windows\system32\drivers\yzjzcbzu.sys
.
.
((((((((((((((((((((((((( Files Created from 2013-12-11 to 2014-01-11 )))))))))))))))))))))))))))))))
.
.
2014-01-11 19:26 . 2014-01-11 19:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-11 19:26 . 2014-01-11 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-10 21:57 . 2014-01-10 21:59 -------- d-----w- c:\program files\trend micro
2014-01-10 21:57 . 2014-01-10 21:59 -------- d-----w- C:\rsit
2014-01-10 19:58 . 2014-01-10 19:58 -------- d---a-w- c:\windows\rundll16.exe
2014-01-10 19:58 . 2014-01-10 19:58 -------- d---a-w- c:\windows\logo1_.exe
2014-01-10 19:56 . 2013-07-02 17:58 28136 ----a-w- c:\windows\system32\drivers\eRootDrv.sys
2014-01-10 19:32 . 2014-01-10 19:32 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2014-01-10 19:13 . 2014-01-10 19:13 -------- d-----w- c:\programdata\AVAST Software
2014-01-10 16:15 . 2014-01-10 19:44 -------- d-----w- C:\OETemp
2014-01-09 21:06 . 2014-01-09 21:06 -------- d-----w- c:\programdata\APN
2014-01-09 18:39 . 2014-01-10 16:30 -------- d-----w- c:\programdata\Avira
2014-01-08 16:23 . 2014-01-08 16:27 -------- d-----w- c:\users\Dida\AppData\Local\Adrvworks
2014-01-08 16:20 . 2014-01-08 17:09 -------- d-----w- c:\programdata\lVlXn373
2013-12-31 15:23 . 2013-12-31 15:23 -------- d-----w- c:\programdata\BitGuard
2013-12-30 18:58 . 2013-12-30 18:58 -------- d-----w- c:\windows\system32\jmdp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-11 19:27 . 2009-07-27 16:50 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-01-11 19:27 . 2009-07-27 15:21 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2014-01-11 19:27 . 2011-08-08 13:50 58288 ----a-w- c:\windows\system32\rpcnet.dll
2014-01-10 14:49 . 2012-06-21 15:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-10 14:49 . 2011-08-08 13:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-29 10:08 . 2012-09-18 06:18 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-12-25 08:03 . 2012-09-18 06:18 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-12-25 08:03 . 2012-09-18 06:18 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-12-25 08:03 . 2012-09-18 06:18 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-12-21 12:13 . 2013-12-21 12:12 17305688 ----a-w- c:\windows\REGBK00.ZIP
2008-12-23 20:36 . 2008-12-23 20:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Adrvworks"="regsvr32.exe" [2006-11-02 14336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-12-29 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-27 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-27 47672]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1748391619-1199234601-265589567-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 14:49]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dida\AppData\Roaming\Mozilla\Firefox\Profiles\6jnax4f7.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: !HIDDEN! 1970-05-29 12:51; {0165D79E-ECB2-45ED-70EF-9E1A7E09C3D2}; -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112465&tt=3112_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://
www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 4845b89c0000000000000025d35d8405
FF - user.js: extensions.BabylonToolbar.instlDay - 15551
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.113:51
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQFxr71SB&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4845b89c0000000000000025d35d8405
FF - user.js: extensions.incredibar_i.instlDay - 15556
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:59
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQFxr71SB
FF - user.js: extensions.incredibar_i.upn2n - 92543348064612821
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 201%5F4
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - 4845b89c0000000000000025d35d8405
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15794
FF - user.js: extensions.mixidj.vrsn - 1.8.4.1
FF - user.js: extensions.mixidj.vrsni - 1.8.4.1
FF - user.js: extensions.mixidj_i.vrsnTs - 1.8.4.112:02
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj_i.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - mdelta
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj_i.excTlbr - false
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj_i.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2014-01-11 20:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(1940)
c:\program files\RocketDock\RocketDock.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\regsvr32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-01-11 20:31:56 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-11 19:31
ComboFix2.txt 2014-01-10 23:47
ComboFix3.txt 2012-10-28 19:12
ComboFix4.txt 2011-12-17 10:37
.
Pre-Run: 41 818 558 464 bytes free
Post-Run: 41 771 896 832 bytes free
.
- - End Of File - - 766DE46CFCAD1771942098D05D4544E2
64B1E91C5C6C2157642651010728F90F
Stahnete AdwCleaner 