VIRY.CZ

Omlouvam se za použití kombofixu..Našel jsem zde na foru podobny případ..scan superantispyware,avira,mbam negativní..Smazané položky z Combofix
C:\bassmod.dll
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Šalis\AppData\Roaming\EurekaLog Zde HTJ-Combo posleze..Děkuji.. ComboFix 10-10-22.05 - Šalis 23.10.2010 20:17:53.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2173 [GMT 2:00]
Spuštěný z: c:\users\Šalis\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bassmod.dll
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Šalis\AppData\Roaming\EurekaLog

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-23 do 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-22 10:59 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE5F2C7D-475C-4A50-8244-823691F2A706}\mpengine.dll
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\programdata\Norton
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\windows\system32\drivers\NSS
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\programdata\Symantec
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\program files\Norton Security Scan
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\program files\NortonInstaller
2010-10-21 18:29 . 2010-10-21 18:29 -------- d---a-w- c:\windows\rundll16.exe
2010-10-21 18:29 . 2010-10-21 18:29 -------- d---a-w- c:\windows\logo1_.exe
2010-10-20 10:40 . 2010-10-20 10:40 -------- d---a-w- c:\windows\VDLL.DLL
2010-10-20 10:40 . 2010-10-20 10:40 -------- d---a-w- c:\windows\system32\runouce.exe
2010-10-20 10:40 . 2010-10-20 10:40 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-10-20 10:40 . 2010-10-20 10:40 -------- d---a-w- c:\windows\logo_1.exe
2010-10-20 10:31 . 2010-10-20 10:31 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-10-20 10:31 . 2010-10-20 10:31 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-10-20 10:31 . 2010-10-20 10:31 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-10-20 10:31 . 2010-10-20 10:31 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-10-20 10:31 . 2010-10-20 10:31 -------- d-----w- c:\programdata\MicroWorld
2010-10-20 00:46 . 2010-10-20 00:46 -------- d-----w- c:\windows\cs
2010-10-20 00:46 . 2010-09-22 22:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-20 00:41 . 2010-10-20 00:41 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\995abffc1cb6fef05\DSETUP.dll
2010-10-20 00:41 . 2010-10-20 00:41 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\995abffc1cb6fef05\DXSETUP.exe
2010-10-20 00:41 . 2010-10-20 00:41 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\995abffc1cb6fef05\dsetup32.dll
2010-10-20 00:41 . 2010-10-20 00:41 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\94e64edc1cb6fef03\DSETUP.dll
2010-10-20 00:41 . 2010-10-20 00:41 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\94e64edc1cb6fef03\DXSETUP.exe
2010-10-20 00:41 . 2010-10-20 00:41 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\94e64edc1cb6fef03\dsetup32.dll
2010-10-20 00:41 . 2010-10-20 03:17 -------- d-----w- c:\users\Šalis\AppData\Local\Windows Live
2010-10-20 00:40 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-20 00:36 . 2010-10-20 00:37 -------- d-----w- C:\rsit
2010-10-19 14:16 . 2008-05-24 08:55 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-19 14:16 . 2008-05-24 08:55 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-10-19 14:16 . 2010-10-19 14:16 -------- d-----w- c:\program files\ffdshow
2010-10-17 05:10 . 2010-10-17 05:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-17 03:12 . 2010-10-17 03:12 -------- d-----w- c:\program files\WinPcap
2010-10-15 16:46 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 16:46 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 16:46 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 16:46 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 16:46 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 16:43 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 16:43 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 16:43 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 16:43 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-09 14:33 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-09 14:32 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-03 18:20 . 2010-10-03 18:20 -------- d-----w- c:\program files\Lavalys
2010-10-02 17:36 . 2010-10-02 17:38 -------- d-----w- c:\users\Šalis\Californication
2010-09-26 17:24 . 2010-09-26 17:24 -------- d-----r- c:\users\Public\Recorded TV
2010-09-25 16:36 . 2010-09-25 16:36 -------- d-----w- c:\users\Šalis\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 17:59 . 2010-03-22 12:50 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-10-19 09:41 . 2010-02-20 19:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-17 03:52 . 2009-05-03 23:40 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-17 03:52 . 2010-09-17 03:52 319488 ----a-w- c:\windows\HideWin.exe
2010-08-17 14:11 . 2010-09-15 10:54 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-26 09:27 . 2010-09-17 03:31 238184 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-05-04 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-05-04 47672]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-22 02:19 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 238184]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-13 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-23 c:\windows\Tasks\Norton Security Scan for Šalis.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-22 08:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Šalis\AppData\Roaming\Mozilla\Firefox\Profiles\6r04et7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-NB Probe - (no file)
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 20:42
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-10-23 20:46:30
ComboFix-quarantined-files.txt 2010-10-23 18:46

Před spuštěním: Volných bajtů: 47 734 677 504
Po spuštění: Volných bajtů: 47 665 176 576

- - End Of File - - 5640BF4FB33202B9A793CF700711A6BE
Přikádám aktualní RSIT

Je tam toho hromada,co? Logfile of random's system information tool 1.08 (written by random/random)
Run by Šalis at 2010-10-24 11:52:32
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 45 GB (29%) free of 153 GB
Total RAM: 3070 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Šalis.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-01-22 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-24 7766016]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-05-04 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2009-05-04 47672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2010-01-22 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-24 11:52:33 ----D---- C:\Program Files\trend micro
2010-10-23 20:49:28 ----SHD---- C:\$RECYCLE.BIN
2010-10-23 20:47:28 ----A---- C:\combofix,log.txt
2010-10-23 20:46:37 ----D---- C:\Windows\temp
2010-10-23 20:46:33 ----A---- C:\ComboFix.txt
2010-10-23 19:59:17 ----A---- C:\Windows\NIRCMD.exe
2010-10-23 19:59:17 ----A---- C:\Windows\MBR.exe
2010-10-23 19:59:16 ----A---- C:\Windows\zip.exe
2010-10-23 19:59:16 ----A---- C:\Windows\SWSC.exe
2010-10-23 19:59:16 ----A---- C:\Windows\SWREG.exe
2010-10-23 19:59:16 ----A---- C:\Windows\sed.exe
2010-10-23 19:59:16 ----A---- C:\Windows\PEV.exe
2010-10-23 19:59:16 ----A---- C:\Windows\grep.exe
2010-10-23 19:57:22 ----D---- C:\ComboFix
2010-10-23 19:57:02 ----D---- C:\Qoobox
2010-10-23 19:56:40 ----A---- C:\Windows\SWXCACLS.exe
2010-10-22 03:39:15 ----D---- C:\Windows\system32\drivers\NSS
2010-10-22 03:39:15 ----D---- C:\ProgramData\Symantec
2010-10-22 03:39:15 ----D---- C:\ProgramData\Norton
2010-10-22 03:39:15 ----D---- C:\Program Files\Norton Security Scan
2010-10-22 03:39:14 ----D---- C:\ProgramData\NortonInstaller
2010-10-22 03:39:14 ----D---- C:\Program Files\NortonInstaller
2010-10-21 20:29:46 ----AD---- C:\Windows\rundll16.exe
2010-10-21 20:29:46 ----AD---- C:\Windows\logo1_.exe
2010-10-20 20:36:09 ----A---- C:\log.txt
2010-10-20 12:40:46 ----AD---- C:\Windows\VDLL.DLL
2010-10-20 12:40:46 ----AD---- C:\Windows\system32\runouce.exe
2010-10-20 12:40:46 ----AD---- C:\Windows\RUNDL132.EXE
2010-10-20 12:40:46 ----AD---- C:\Windows\logo_1.exe
2010-10-20 12:31:56 ----A---- C:\Windows\system32\msvcr80.dll
2010-10-20 12:31:55 ----A---- C:\Windows\system32\msvcp80.dll
2010-10-20 12:31:54 ----A---- C:\Windows\system32\eEmpty.exe
2010-10-20 12:31:50 ----D---- C:\Program Files\Common Files\MicroWorld
2010-10-20 12:31:47 ----D---- C:\ProgramData\MicroWorld
2010-10-20 02:46:47 ----D---- C:\Windows\cs
2010-10-20 02:46:28 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2010-10-20 02:40:49 ----A---- C:\Windows\system32\webservices.dll
2010-10-20 02:36:50 ----D---- C:\rsit
2010-10-20 01:37:43 ----RAD---- C:\autorun.inf
2010-10-19 16:16:22 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-10-19 16:16:21 ----A---- C:\Windows\system32\ff_vfw.dll
2010-10-19 16:16:20 ----A---- C:\Windows\system32\pthreadGC2.dll
2010-10-19 16:16:19 ----D---- C:\Program Files\ffdshow
2010-10-17 07:10:28 ----D---- C:\Program Files\Common Files\Adobe
2010-10-17 05:12:13 ----D---- C:\Program Files\WinPcap
2010-10-15 18:46:16 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-15 18:46:15 ----A---- C:\Windows\system32\netevent.dll
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-15 18:45:56 ----A---- C:\Windows\system32\ole32.dll
2010-10-15 18:45:52 ----A---- C:\Windows\system32\mshtml.dll
2010-10-15 18:45:52 ----A---- C:\Windows\system32\ieframe.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\wininet.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\urlmon.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\occache.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\mstime.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-15 18:45:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ieui.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iesetup.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iertutil.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iernonce.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iepeers.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-15 18:45:49 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-15 18:45:49 ----A---- C:\Windows\system32\mfc40.dll
2010-10-15 18:45:48 ----A---- C:\Windows\system32\schannel.dll
2010-10-15 18:45:45 ----A---- C:\Windows\system32\t2embed.dll
2010-10-15 18:45:32 ----A---- C:\Windows\system32\wmp.dll
2010-10-15 18:45:31 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-15 18:43:35 ----A---- C:\Windows\system32\comctl32.dll
2010-10-15 18:43:32 ----A---- C:\Windows\system32\win32k.sys
2010-10-15 18:43:31 ----A---- C:\Windows\system32\msshsq.dll
2010-10-15 18:43:29 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-09 16:33:00 ----A---- C:\Windows\system32\tzres.dll
2010-10-03 20:20:39 ----D---- C:\Program Files\Lavalys

======List of files/folders modified in the last 1 months======

2010-10-24 11:52:33 ----RD---- C:\Program Files
2010-10-24 02:15:32 ----D---- C:\Windows
2010-10-23 21:11:16 ----SHD---- C:\System Volume Information
2010-10-23 20:42:46 ----A---- C:\Windows\system.ini
2010-10-23 20:42:25 ----D---- C:\Windows\system32\drivers\etc
2010-10-23 20:41:46 ----D---- C:\ProgramData
2010-10-23 20:29:57 ----D---- C:\Windows\system32\drivers
2010-10-23 20:29:57 ----D---- C:\Windows\System32
2010-10-23 20:29:57 ----D---- C:\Windows\AppPatch
2010-10-23 20:29:56 ----D---- C:\Program Files\Common Files
2010-10-23 19:59:02 ----A---- C:\Windows\system32\acovcnt.exe
2010-10-23 19:58:57 ----D---- C:\Windows\ERDNT
2010-10-23 15:51:28 ----D---- C:\Windows\Prefetch
2010-10-23 12:58:39 ----D---- C:\Windows\inf
2010-10-23 12:58:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-23 02:34:57 ----D---- C:\Program Files\Mozilla Firefox
2010-10-22 12:06:42 ----D---- C:\Users\Šalis\AppData\Roaming\Skype
2010-10-22 03:39:18 ----D---- C:\Windows\Tasks
2010-10-22 03:39:18 ----D---- C:\Windows\system32\Tasks
2010-10-21 00:56:41 ----SHD---- C:\Windows\Installer
2010-10-21 00:19:05 ----D---- C:\Windows\system32\catroot2
2010-10-20 19:25:50 ----AD---- C:\ProgramData\Temp
2010-10-20 18:26:25 ----D---- C:\TRANSLAT
2010-10-20 16:34:30 ----A---- C:\Windows\ATKPF.ini
2010-10-20 12:55:31 ----D---- C:\Users\Šalis\AppData\Roaming\uTorrent
2010-10-20 12:27:40 ----D---- C:\Users\Šalis\AppData\Roaming\Download Manager
2010-10-20 07:01:06 ----D---- C:\Windows\Microsoft.NET
2010-10-20 07:00:01 ----RSD---- C:\Windows\assembly
2010-10-20 03:54:14 ----D---- C:\Windows\rescache
2010-10-20 02:46:29 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-20 02:45:39 ----D---- C:\Program Files\Windows Live
2010-10-20 02:44:19 ----SD---- C:\ProgramData\Microsoft
2010-10-20 02:44:18 ----RSD---- C:\Windows\Fonts
2010-10-20 02:43:59 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-20 02:41:13 ----D---- C:\Windows\winsxs
2010-10-20 02:41:12 ----D---- C:\Windows\system32\cs-CZ
2010-10-20 02:41:09 ----D---- C:\Windows\system32\catroot
2010-10-20 01:46:00 ----D---- C:\ASUS.SYS
2010-10-19 11:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-17 10:21:36 ----D---- C:\Users\Šalis\AppData\Roaming\Media Player Classic
2010-10-17 10:01:13 ----D---- C:\ProgramData\NOS
2010-10-17 07:10:33 ----D---- C:\ProgramData\Adobe
2010-10-16 05:02:33 ----D---- C:\Windows\Debug
2010-10-16 04:57:55 ----D---- C:\ProgramData\NVIDIA
2010-10-15 18:57:51 ----D---- C:\Program Files\Windows Media Player
2010-10-15 18:57:50 ----D---- C:\Windows\system32\migration
2010-10-15 18:57:50 ----D---- C:\Program Files\Internet Explorer
2010-10-15 18:52:23 ----D---- C:\ProgramData\Microsoft Help
2010-10-15 18:47:05 ----A---- C:\Windows\system32\mrt.exe
2010-10-11 19:24:34 ----D---- C:\Windows\Minidump
2010-10-10 21:30:37 ----D---- C:\Users\Šalis\AppData\Roaming\BSplayer Pro
2010-10-10 14:20:26 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-10 03:13:18 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-03 01:00:00 ----D---- C:\Windows\system32\LogFiles
2010-09-28 21:48:53 ----D---- C:\Windows\system32\WDI
2010-09-26 10:57:07 ----D---- C:\Windows\LiveKernelReports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-07-21 145952]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-07-16 35088]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-12 2159384]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-06-22 105576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 catchme;catchme; \??\C:\Users\ALIS~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 238184]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-13 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 FontCache;Mezipaměť písem Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-20 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-07-16 117264]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 156656]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]

-----------------EOF-----------------

Koukám HJT se neprovedl..přikládám.. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:22, on 24.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Šalis\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6153 bytes

No a AUTORUN.INF je na flashce dál..kdyz ji dám do dvd,je vidět..při scanu combofixem byla zasunuta v pc..Kdyby tam toho bylo moc,přeinstaluju to celé,vše mám zalohované ať to tady neblokuji..Díky za váš čas Posílam podposu přes sazku..

Zdravim a pekny den preji

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Ahoj,tak jsem provedl,posilam.Zatím díky.. ############################## | UsbFix 7.014 | [Deletion]

User: Šalis (Administrator) # SALIS-PC [ASUSTeK Computer Inc. F5GL]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 11:10:08 | 25/10/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18975

Windows Firewall: Disabled /!\
Antivirus: AntiVir Desktop 10.0.1.44 [(!) Disabled | (!) Outdated]
Firewall: Sunbelt Personal Firewall 4.6.1861 T [Enabled]
RAM -> 3070 Mb
C:\ (%systemdrive%) -> Fixed drive # 149 Gb (37 Mb free - 25%) [VistaOS] # NTFS
D:\ -> Fixed drive # 137 Gb (46 Mb free - 33%) [DATA] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 7 Gb (3 Mb free - 45%) [ANIM] # FAT32
I:\ -> Removable drive # 4 Gb (2 Mb free - 49%) [] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Windows\rundl132.exe
Deleted ! C:\log.txt

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun

################## | Mountpoints2 |


################## | Listing |

[25/10/2010 - 11:11:16 | SHD ] C:\$RECYCLE.BIN
[25/04/2010 - 04:33:18 | D ] C:\27a5e2552bc5a1814abb5724fb850517
[24/10/2009 - 10:03:31 | A | 15773] C:\aaw7boot.log
[12/03/2009 - 04:11:47 | A | 23] C:\app3.LOG
[20/10/2010 - 01:46:00 | D ] C:\ASUS.SYS
[08/02/2010 - 21:54:11 | D ] C:\Boot
[11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
[04/04/2007 - 21:50:44 | A | 19] C:\CK21.txt
[25/10/2010 - 10:51:16 | D ] C:\ComboFix
[23/10/2010 - 20:47:28 | A | 15346] C:\combofix,log.txt
[23/10/2010 - 20:46:33 | A | 15346] C:\ComboFix.txt
[18/09/2006 - 23:43:37 | A | 10] C:\config.sys
[04/05/2009 - 02:05:04 | A | 15508] C:\devlist.txt
[02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings
[04/11/2009 - 12:16:54 | RH | 1048576] C:\F5GL.BIN
[09/09/2008 - 10:47:57 | A | 13] C:\F5GL_VISTA.10
[04/05/2009 - 02:05:00 | A | 9] C:\Finish.log
[17/04/2008 - 02:36:14 | RASH | 171136] C:\grldr
[25/10/2010 - 10:54:23 | ASH | 3220385792] C:\hiberfil.sys
[04/05/2009 - 01:17:41 | A | 481] C:\igoogle_log.txt
[04/05/2009 - 01:46:02 | A | 19791872] C:\inject.log
[04/05/2009 - 01:46:02 | A | 17233438] C:\inject.log.txt
[13/05/2010 - 14:17:59 | RD ] C:\MSOCache
[08/08/2008 - 09:22:19 | A | 30] C:\NERO.LOG
[07/01/2009 - 11:16:08 | A | 30] C:\NIS2009.TXT
[08/08/2010 - 09:17:44 | D ] C:\NVIDIA
[16/03/2007 - 01:18:45 | A | 25] C:\OFFICE2007_K.TXT
[25/10/2010 - 10:54:21 | ASH | 3533963264] C:\pagefile.sys
[03/05/2009 - 13:04:16 | A | 105] C:\Pass.txt
[19/03/2009 - 03:37:23 | A | 3240] C:\Patch.LOG
[27/06/2010 - 21:27:30 | D ] C:\PerfLogs
[24/10/2010 - 11:52:33 | RD ] C:\Program Files
[23/10/2010 - 20:41:46 | D ] C:\ProgramData
[23/10/2010 - 20:46:36 | D ] C:\Qoobox
[16/01/2009 - 04:11:41 | A | 15] C:\READER_K.TXT
[09/09/2008 - 10:47:57 | A | 6] C:\RECOVERY.DAT
[23/03/2010 - 00:05:53 | A | 780] C:\RHDSetup.log
[16/12/2009 - 14:53:34 | A | 39630] C:\RootRepeal report 12-16-09 (13-53-34).txt
[20/10/2010 - 02:37:07 | D ] C:\rsit
[23/03/2010 - 00:05:53 | A | 206] C:\setup.log
[16/05/2006 - 02:22:24 | A | 5] C:\store.log
[04/05/2009 - 01:00:42 | A | 166] C:\SumHidd.txt
[04/05/2009 - 00:59:39 | A | 98] C:\SumOS.txt
[24/10/2010 - 23:36:47 | SHD ] C:\System Volume Information
[22/01/2010 - 12:05:14 | D ] C:\totalcmd
[20/10/2010 - 18:26:25 | D ] C:\TRANSLAT
[25/10/2010 - 11:11:16 | D ] C:\UsbFix
[25/10/2010 - 11:10:10 | A | 4012] C:\UsbFix.txt
[12/09/2010 - 01:45:09 | RD ] C:\Users
[12/02/2009 - 20:24:08 | A | 25] C:\V554.txt
[28/12/2009 - 17:47:38 | A | 77] C:\wepkeys.txt
[25/10/2010 - 11:11:16 | D ] C:\Windows
[09/02/2009 - 07:33:54 | A | 41] C:\WindowsLive_K.TXT
[22/01/2010 - 03:43:07 | D ] C:\_appdata_
[25/10/2010 - 11:11:16 | D ] D:\$RECYCLE.BIN
[07/08/2010 - 19:58:47 | D ] D:\acer dokumenty
[02/10/2010 - 19:42:20 | D ] D:\District.9.2009.DVDRip.XviD-MAXSPEED
[03/08/2009 - 11:36:40 | D ] D:\dokumenty barak
[11/10/2010 - 19:31:02 | D ] D:\filmy
[05/09/2010 - 10:54:47 | RD ] D:\Hudba
[29/07/2009 - 04:42:15 | RA | 528] D:\MediaID.bin
[18/09/2010 - 18:02:49 | D ] D:\ML.slovo
[24/06/2009 - 13:29:46 | RD ] D:\Oblíbené položky
[31/05/2010 - 00:07:27 | RD ] D:\Obrázky
[05/09/2010 - 11:02:39 | D ] D:\Stažené
[04/05/2009 - 00:50:09 | SHD ] D:\System Volume Information
[24/06/2009 - 13:29:53 | D ] D:\telefon
[10/02/2010 - 18:39:30 | D ] D:\Telefone travail
[02/10/2010 - 19:42:20 | H | 6858] D:\treeinfo.wc
[23/10/2010 - 08:24:38 | D ] D:\Utility
[11/10/2010 - 19:23:55 | D ] D:\XXX
[31/01/2010 - 10:12:59 | D ] D:\Zaloha tel
[11/09/2009 - 06:27:20 | D ] G:\Private
[11/09/2009 - 12:36:52 | D ] G:\Images
[01/10/2009 - 11:41:36 | D ] G:\cities
[20/03/2010 - 23:30:42 | SHD ] G:\FOUND.001
[16/06/2009 - 08:00:08 | D ] G:\Videos
[16/06/2009 - 08:00:08 | D ] G:\Sounds
[15/12/2008 - 10:10:00 | ASH | 78879] G:\DevIcon.fil
[20/03/2010 - 22:54:24 | SHD ] G:\FOUND.000
[08/10/2009 - 09:56:46 | D ] G:\SportsTracker
[14/10/2009 - 17:43:18 | D ] G:\Playlists
[05/12/2009 - 16:20:38 | D ] G:\Others
[31/01/2010 - 22:17:46 | D ] G:\Activenotes
[11/08/2010 - 20:26:30 | A | 157] G:\qf
[17/06/2009 - 00:17:08 | D ] G:\system
[19/07/2010 - 20:16:14 | A | 617488] G:\16072010537.jpg
[15/12/2008 - 10:10:00 | ASH | 3812] G:\DevLogo.fil
[09/06/2009 - 16:48:30 | D ] G:\Music
[07/07/2009 - 04:02:46 | HD ] G:\_PAlbTN
[05/09/2010 - 10:54:50 | D ] I:\Cafe_Lounge_Cigrette_Copenhagen_Blue_2009
[17/10/2010 - 09:34:28 | D ] I:\dnb
[05/09/2010 - 11:11:20 | D ] I:\goffy dj mix
[05/09/2010 - 11:13:24 | D ] I:\mix mp3
[05/09/2010 - 11:13:24 | RD ] I:\Neznámé album (21.9.2009 22-23-23)
[05/09/2010 - 11:14:06 | D ] I:\The Prodigy
[26/09/2010 - 22:28:22 | A | 766538904] I:\Zoufalci.2009.DVDRip.XviD.CZ.avi

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_SALIS-PC.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

Flash disky by mely byt na vir autorun.inf ciste

• USBFix vytvoril na vsech discich ochranou slozku autorun.inf - viz navod na USBFix funkce Vaccination

• salis331 píše: ################## | Vaccin |
  
  C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
  D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
  I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

Jsou s PC nejake problemy

Díky,tak tu složku jsem nepochopil,myslel jsem ze to je vir..Tak teď snad žadný problem není,snad krom režimu spanku..tomu se nechce naběhnout..Ještě se zeptam,Dr.web mi smazal Combofix z plochy,musím jej znovu stahout a odinstalovat?Díky

ComboFix pouzivejte jen na doporuceni radce

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Znovu spusťte Usbfix a zvolte možnost Uninstall.

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

A po haveti by melo byt cisto...

Dobrý podvečer,tak jsem chvíli sledoval chod Pc..a našel jsem asi problém,ktery to všechno zpúsoboval,je to nejaky vir v Ms office,našel jsem slozky se soubory ktere přišli včera a dnes do pc,aniž bych měl outlook zapnuty,zřejmě díky aviře ktera nemá funkci kontroly pošty,složky nejdou odstranit,tak jsem alespon zkopíroval adresu umístění..našel jsem je v indexovanych místech,při poklepání jdou jen otevřít a to jsem neriskoval.Jedna ze složek či souborů je "Kiloword.jpg" ale je jich tam víc,když jsem do nich začal drbat schovaly se posílam tedy aspon co jsem zjistil,umístění v registrech a žřejmě umístění složky kterou jsem nenašel..Zatím děkuji.. Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CrawlScopeManager\Windows\SystemIndex\DefaultRules\12]
"URL"="iehistory://{s-1-5-21-1118820279-2686567435-2704455506-1000}/"
"Include"=dword:00000001
"Suppress"=dword:00000000
"IncludeSubdirs"=dword:00000001
"Default"=dword:00000001
"Hierarchical"=dword:00000001
"Policy"=dword:00000000

toť registr..A kdyz jsem skopíroval adresu té složky,vyplivlo to na mě tohle.. search-ms:displayname=Přijato%20dne%20?5.?6.?2010&crumb=Přijato%3A(>%3D"4.6.2010%2022%3A00%3A00"%20<%3D"5.6.2010%2021%3A59%3A59")&crumb=location:mapi%3A%2F%2F{S-1-5-21-1118820279-2686567435-2704455506-1000} A na druhý pokus mi to zkopírovalo tohle.. search-ms:query=crumb Zdrojové kody ze starších mailů vypadaji normalně,zatímco z této pošty vypadají tak nějak..no nevím,jsou divné,mužu vložit jako text?

Přidávám ještě RSIT,jinak se mi v pc vytváří složka SCREEN,což by mohlo patřit k tomu.. Logfile of random's system information tool 1.08 (written by random/random)
Run by Šalis at 2010-10-26 19:06:40
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 36 GB (24%) free of 153 GB
Total RAM: 3070 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:06:47, on 26.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Šalis\Desktop\RSIT.exe
C:\Program Files\trend micro\Šalis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5872 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Šalis.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-01-22 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-24 7766016]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-05-04 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2009-05-04 47672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2010-01-22 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-26 19:06:41 ----D---- C:\Program Files\trend micro
2010-10-26 19:06:40 ----D---- C:\rsit
2010-10-25 11:11:19 ----RASHD---- C:\Autorun.inf
2010-10-23 20:49:28 ----SHD---- C:\$RECYCLE.BIN
2010-10-23 20:46:37 ----D---- C:\Windows\temp
2010-10-22 03:39:15 ----D---- C:\Windows\system32\drivers\NSS
2010-10-22 03:39:15 ----D---- C:\ProgramData\Symantec
2010-10-22 03:39:15 ----D---- C:\ProgramData\Norton
2010-10-22 03:39:15 ----D---- C:\Program Files\Norton Security Scan
2010-10-22 03:39:14 ----D---- C:\ProgramData\NortonInstaller
2010-10-22 03:39:14 ----D---- C:\Program Files\NortonInstaller
2010-10-20 02:46:47 ----D---- C:\Windows\cs
2010-10-20 02:46:28 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2010-10-20 02:40:49 ----A---- C:\Windows\system32\webservices.dll
2010-10-19 16:16:22 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-10-19 16:16:21 ----A---- C:\Windows\system32\ff_vfw.dll
2010-10-19 16:16:20 ----A---- C:\Windows\system32\pthreadGC2.dll
2010-10-19 16:16:19 ----D---- C:\Program Files\ffdshow
2010-10-17 07:10:28 ----D---- C:\Program Files\Common Files\Adobe
2010-10-17 05:12:13 ----D---- C:\Program Files\WinPcap
2010-10-15 18:46:16 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-15 18:46:15 ----A---- C:\Windows\system32\netevent.dll
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-15 18:45:56 ----A---- C:\Windows\system32\ole32.dll
2010-10-15 18:45:52 ----A---- C:\Windows\system32\mshtml.dll
2010-10-15 18:45:52 ----A---- C:\Windows\system32\ieframe.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\wininet.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\urlmon.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\occache.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\mstime.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-15 18:45:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ieui.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iesetup.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iertutil.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iernonce.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iepeers.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-15 18:45:49 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-15 18:45:49 ----A---- C:\Windows\system32\mfc40.dll
2010-10-15 18:45:48 ----A---- C:\Windows\system32\schannel.dll
2010-10-15 18:45:45 ----A---- C:\Windows\system32\t2embed.dll
2010-10-15 18:45:32 ----A---- C:\Windows\system32\wmp.dll
2010-10-15 18:45:31 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-15 18:43:35 ----A---- C:\Windows\system32\comctl32.dll
2010-10-15 18:43:32 ----A---- C:\Windows\system32\win32k.sys
2010-10-15 18:43:31 ----A---- C:\Windows\system32\msshsq.dll
2010-10-15 18:43:29 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-09 16:33:00 ----A---- C:\Windows\system32\tzres.dll
2010-10-03 20:20:39 ----D---- C:\Program Files\Lavalys

======List of files/folders modified in the last 1 months======

2010-10-26 19:06:47 ----D---- C:\Windows\Prefetch
2010-10-26 19:06:41 ----RD---- C:\Program Files
2010-10-26 12:44:21 ----D---- C:\Windows
2010-10-26 09:40:54 ----D---- C:\Windows\system32\drivers
2010-10-26 03:27:48 ----D---- C:\Windows\System32
2010-10-26 03:27:48 ----D---- C:\ProgramData
2010-10-26 03:27:48 ----D---- C:\Program Files\Common Files
2010-10-25 13:07:24 ----A---- C:\Windows\system32\acovcnt.exe
2010-10-24 23:36:47 ----SHD---- C:\System Volume Information
2010-10-23 20:42:46 ----A---- C:\Windows\system.ini
2010-10-23 20:42:25 ----D---- C:\Windows\system32\drivers\etc
2010-10-23 20:29:57 ----D---- C:\Windows\AppPatch
2010-10-23 12:58:39 ----D---- C:\Windows\inf
2010-10-23 12:58:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-23 02:34:57 ----D---- C:\Program Files\Mozilla Firefox
2010-10-22 12:06:42 ----D---- C:\Users\Šalis\AppData\Roaming\Skype
2010-10-22 03:39:18 ----D---- C:\Windows\Tasks
2010-10-22 03:39:18 ----D---- C:\Windows\system32\Tasks
2010-10-21 00:56:41 ----SHD---- C:\Windows\Installer
2010-10-21 00:19:05 ----D---- C:\Windows\system32\catroot2
2010-10-20 19:25:50 ----AD---- C:\ProgramData\Temp
2010-10-20 18:26:25 ----D---- C:\TRANSLAT
2010-10-20 16:34:30 ----A---- C:\Windows\ATKPF.ini
2010-10-20 12:55:31 ----D---- C:\Users\Šalis\AppData\Roaming\uTorrent
2010-10-20 12:27:40 ----D---- C:\Users\Šalis\AppData\Roaming\Download Manager
2010-10-20 07:01:06 ----D---- C:\Windows\Microsoft.NET
2010-10-20 07:00:01 ----RSD---- C:\Windows\assembly
2010-10-20 03:54:14 ----D---- C:\Windows\rescache
2010-10-20 02:46:29 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-20 02:45:39 ----D---- C:\Program Files\Windows Live
2010-10-20 02:44:19 ----SD---- C:\ProgramData\Microsoft
2010-10-20 02:44:18 ----RSD---- C:\Windows\Fonts
2010-10-20 02:43:59 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-20 02:41:13 ----D---- C:\Windows\winsxs
2010-10-20 02:41:12 ----D---- C:\Windows\system32\cs-CZ
2010-10-20 02:41:09 ----D---- C:\Windows\system32\catroot
2010-10-20 01:46:00 ----D---- C:\ASUS.SYS
2010-10-19 11:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-17 10:21:36 ----D---- C:\Users\Šalis\AppData\Roaming\Media Player Classic
2010-10-17 10:01:13 ----D---- C:\ProgramData\NOS
2010-10-17 07:10:33 ----D---- C:\ProgramData\Adobe
2010-10-16 05:02:33 ----D---- C:\Windows\Debug
2010-10-16 04:57:55 ----D---- C:\ProgramData\NVIDIA
2010-10-15 18:57:51 ----D---- C:\Program Files\Windows Media Player
2010-10-15 18:57:50 ----D---- C:\Windows\system32\migration
2010-10-15 18:57:50 ----D---- C:\Program Files\Internet Explorer
2010-10-15 18:52:23 ----D---- C:\ProgramData\Microsoft Help
2010-10-15 18:47:05 ----A---- C:\Windows\system32\mrt.exe
2010-10-11 19:24:34 ----D---- C:\Windows\Minidump
2010-10-10 21:30:37 ----D---- C:\Users\Šalis\AppData\Roaming\BSplayer Pro
2010-10-10 14:20:26 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-10 03:13:18 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-03 01:00:00 ----D---- C:\Windows\system32\LogFiles
2010-09-28 21:48:53 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-07-21 145952]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-07-16 35088]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-12 2159384]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-06-22 105576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 238184]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-13 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 FontCache;Mezipaměť písem Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-20 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-07-16 117264]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 156656]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]

-----------------EOF-----------------

Pokud pouzivate postovni klienty, tak je potreba AV s postovnim stitem - dejte si Avast, ten jej ma

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Zdravím,MBAM jsem provaděl večer i rano,nic nenalezlo..Pro jistotu jsem odinstaloval office nebo během dneška přisli další zprávy aniž by byl zapnuty a vyčistil registry Wise reg.utility,chtel bych se ještě zeptat na soubor "lmhost.sam" vim že jsem se v tom už kdysi hrabal a vypadal jako "hosts" niní je přejmenovany na "hosts.old" a parametry -
# The following example illustrates all of these extensions:
#
# 102.54.94.97 rhino #PRE #DOM:networking #net group's DC
# 102.54.94.102 "appname \0x14" #special app server
# 102.54.94.123 popular #PRE #source server
# 102.54.94.117 localsrv #PRE #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add .. nezdá se mi to vůbec..jinak proběhl Ccleaner,Avira,Mbam a Superantispywere... Zatím moc děkuji..

Takže jsem sledoval a sledoval a Kerio mi hlásí,že že Mrkwosoft office se snaží připojit k síťi..I když je odinstalované přes you unistall..Takže buď tam ještě běhá nejaký bazilišek,nebo tam nekde zustal schovany ovladač,nebo je to jiná služba Win-live,mesenger..Jestli se s tím už někdo setkal..Zajímavý tohle.Přitom si tak dávam pozor..Většina souborů byla modifikována mezi 10-26. tohoto měsíce,vesměs se změnilo datum vytvoření většiny souborů..docela jsem ty složky prolezl a málokterá si zachovala datum instalace..Neuvědomil jsem si tu aviru..přitom stačilo tak málo..Bylo mi divné že si sám sobe posílam spam Ješte přidam zdroj.kod z jednoho mailu co se mi podařilo nějakym zazrakem dostat a obnovit..Doufam že se to může a neuďělá to nejakou neplechu..Zatím díky..

Ještě mi Wise cleaner nedoporučil vymazat 3položky z registru jelikož k nim není přiřazený žadny program.. Vkládám.... Data: WLPG Detection
HKEY_CLASSES_ROOT\.wlpginstall\Default
Důvod: Bez informací o připojeném souboru (přípona není přiřazena)
lze odebrat, ale nedoporučujeme.
Data: WLPG Detection
HKEY_CLASSES_ROOT\.wlpginstall3\Default
Důvod: Bez informací o připojeném souboru (přípona není přiřazena)
lze odebrat, ale nedoporučujeme.
Data: wvFile
HKEY_CLASSES_ROOT\.wv\Default
Důvod: Bez informací o připojeném souboru (přípona není přiřazena)
lze odebrat, ale nedoporučujeme.