VIRY.CZ

Po spusteni PC vse nabehne jen ikony na plose nejsou videt. Ale pres commander jsou videt ze na te plose jsou. Prosim o radu.

sLogfile of random's system information tool 1.08 (written by random/random)
Run by Ondrasek at 2010-11-04 19:59:54
Microsoft Windows 7 Home Premium
System drive C: has 23 GB (37%) free of 61 GB
Total RAM: 3071 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:02:37, on 4.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Ondrasek\AppData\Roaming\QipGuard\QipGuard.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\QIP 2010\qip.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Ondrasek\Desktop\RSIT.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Ondrasek.exe
C:\Windows\System32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=102352&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondrasek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondrasek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Free PDF Print Dispatcher] C:\Program Files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [Panda Security Toolbar Antiphishing] "C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Ondrasek\AppData\Roaming\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Služba Google Update (gupdate1cb08df62b31c04) (gupdate1cb08df62b31c04) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11238 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-10-20 2922848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Ondrasek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
Panda Security Toolbar - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [2010-10-25 86696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
aTube Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440} - aTube Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Panda Security Toolbar - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [2010-10-25 86696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-07-23 13797920]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2009-07-24 2068480]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-20 7625248]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-10 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Free PDF Print Dispatcher"=C:\Program Files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe [2010-01-15 25600]
"PSUNMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-05-14 406848]
"Panda Security Toolbar Antiphishing"=C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe [2010-10-24 449192]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\Ondrasek\AppData\Roaming\QipGuard\QipGuard.exe [2010-04-12 184272]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-04 19:59:56 ----D---- C:\Program Files\trend micro
2010-11-04 19:59:54 ----D---- C:\rsit
2010-11-04 19:49:09 ----D---- C:\Users\Ondrasek\AppData\Roaming\AVG
2010-11-04 19:47:55 ----AD---- C:\ProgramData\TEMP
2010-11-04 19:07:06 ----D---- C:\Users\Ondrasek\AppData\Roaming\AVG10
2010-11-04 19:06:30 ----HD---- C:\ProgramData\Common Files
2010-11-04 19:06:25 ----D---- C:\ProgramData\AVG Security Toolbar
2010-11-04 19:05:41 ----D---- C:\windows\system32\drivers\AVG
2010-11-04 19:05:41 ----D---- C:\ProgramData\AVG10
2010-11-04 19:05:03 ----D---- C:\Program Files\AVG
2010-11-04 18:59:26 ----D---- C:\ProgramData\MFAData
2010-11-04 18:45:54 ----D---- C:\Users\Ondrasek\AppData\Roaming\Panda Security
2010-11-04 18:45:32 ----D---- C:\Users\Ondrasek\AppData\Roaming\SurfSecret Privacy Suite
2010-11-04 18:45:10 ----A---- C:\windows\system32\temp.txt
2010-11-04 18:45:09 ----D---- C:\ProgramData\Panda Security Toolbar Antiphishing
2010-11-04 18:44:51 ----D---- C:\ProgramData\Panda Security
2010-11-04 18:44:51 ----D---- C:\Program Files\Panda Security
2010-11-04 12:57:13 ----D---- C:\Users\Ondrasek\AppData\Roaming\InfraRecorder
2010-11-04 12:57:11 ----D---- C:\Program Files\InfraRecorder
2010-11-04 12:51:05 ----D---- C:\Users\Ondrasek\AppData\Roaming\Canneverbe Limited
2010-11-04 12:50:47 ----D---- C:\ProgramData\Canneverbe Limited
2010-11-03 13:04:21 ----D---- C:\Program Files\AutoCAD 2009
2010-11-03 13:04:05 ----A---- C:\windows\system32\d3dx9_35.dll
2010-11-03 13:03:56 ----A---- C:\windows\system32\d3dx9_30.dll
2010-11-01 15:19:58 ----D---- C:\Program Files\ScreenVCR
2010-10-30 17:03:03 ----D---- C:\Users\Ondrasek\AppData\Roaming\Toshiba
2010-10-27 13:15:36 ----A---- C:\windows\system32\msdri.dll
2010-10-27 13:15:36 ----A---- C:\windows\system32\CPFilters.dll
2010-10-27 13:15:31 ----A---- C:\windows\system32\drivers\Diskdump.sys
2010-10-13 08:12:31 ----A---- C:\windows\system32\ole32.dll
2010-10-13 08:12:29 ----A---- C:\windows\system32\iertutil.dll
2010-10-13 08:12:28 ----A---- C:\windows\system32\mshtml.dll
2010-10-13 08:12:27 ----A---- C:\windows\system32\ieframe.dll
2010-10-13 08:12:26 ----A---- C:\windows\system32\urlmon.dll
2010-10-13 08:12:26 ----A---- C:\windows\system32\msfeeds.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\wininet.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\mstime.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\mshtmled.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\msfeedssync.exe
2010-10-13 08:12:25 ----A---- C:\windows\system32\msfeedsbs.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\licmgr10.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\jsproxy.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\ieui.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\iepeers.dll
2010-10-13 08:12:25 ----A---- C:\windows\system32\iedkcs32.dll
2010-10-13 08:12:20 ----A---- C:\windows\system32\t2embed.dll
2010-10-13 08:12:19 ----A---- C:\windows\system32\mfc40u.dll
2010-10-13 08:12:19 ----A---- C:\windows\system32\mfc40.dll
2010-10-13 08:12:10 ----A---- C:\windows\system32\comctl32.dll
2010-10-13 08:12:09 ----A---- C:\windows\system32\schannel.dll
2010-10-13 08:12:08 ----A---- C:\windows\system32\srvsvc.dll
2010-10-13 08:12:08 ----A---- C:\windows\system32\drivers\srvnet.sys
2010-10-13 08:12:08 ----A---- C:\windows\system32\drivers\srv2.sys
2010-10-13 08:12:08 ----A---- C:\windows\system32\drivers\srv.sys
2010-10-13 08:12:07 ----A---- C:\windows\system32\win32k.sys
2010-10-13 08:12:04 ----A---- C:\windows\system32\wmploc.DLL
2010-10-13 08:12:04 ----A---- C:\windows\system32\wmp.dll
2010-10-13 08:12:03 ----A---- C:\windows\system32\wmpmde.dll
2010-10-13 08:12:02 ----A---- C:\windows\system32\StructuredQuery.dll
2010-10-11 09:50:02 ----D---- C:\Program Files\Common Files\PS
2010-10-11 09:50:01 ----A---- C:\windows\system32\itFPCPortMon.dll
2010-10-11 09:50:01 ----A---- C:\windows\system32\iSED.dll
2010-10-11 09:50:00 ----D---- C:\Program Files\pdfconverter.com
2010-10-10 20:02:22 ----D---- C:\Program Files\Common Files\Skype
2010-10-10 20:02:21 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 months======

2010-11-04 20:02:11 ----D---- C:\windows\Temp
2010-11-04 19:59:56 ----D---- C:\Program Files
2010-11-04 19:54:34 ----SHD---- C:\System Volume Information
2010-11-04 19:51:19 ----D---- C:\windows\Downloaded Program Files
2010-11-04 19:49:11 ----SHD---- C:\windows\Installer
2010-11-04 19:47:56 ----D---- C:\windows\system32\Tasks
2010-11-04 19:47:55 ----HD---- C:\ProgramData
2010-11-04 19:14:39 ----D---- C:\windows\system32\config
2010-11-04 19:08:26 ----D---- C:\windows\Prefetch
2010-11-04 19:06:37 ----D---- C:\windows\System32
2010-11-04 19:06:15 ----D---- C:\windows\system32\drivers
2010-11-04 19:04:31 ----D---- C:\windows\winsxs
2010-11-04 18:45:44 ----RSD---- C:\windows\assembly
2010-11-04 18:16:17 ----D---- C:\windows\inf
2010-11-04 18:16:17 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-11-04 18:13:18 ----D---- C:\Users\Ondrasek\AppData\Roaming\Skype
2010-11-04 17:58:30 ----D---- C:\windows\system32\catroot2
2010-11-04 17:55:24 ----D---- C:\Users\Ondrasek\AppData\Roaming\skypePM
2010-11-04 12:20:35 ----D---- C:\Users\Ondrasek\AppData\Roaming\vlc
2010-11-03 13:08:03 ----D---- C:\ProgramData\Autodesk
2010-11-03 13:06:53 ----D---- C:\windows\Microsoft.NET
2010-11-03 13:05:53 ----D---- C:\Program Files\Common Files\Autodesk Shared
2010-11-03 13:05:26 ----RSD---- C:\windows\Fonts
2010-11-03 13:04:42 ----D---- C:\windows\Help
2010-11-03 13:04:21 ----D---- C:\Users\Ondrasek\AppData\Roaming\Autodesk
2010-11-03 13:03:36 ----D---- C:\Program Files\Common Files\DESIGNER
2010-11-03 13:03:35 ----D---- C:\Program Files\Microsoft Office
2010-11-03 13:03:35 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-01 15:25:31 ----A---- C:\windows\win.ini
2010-11-01 09:33:03 ----D---- C:\windows\system32\NDF
2010-10-30 17:00:45 ----D---- C:\windows\ModemLogs
2010-10-29 17:25:24 ----D---- C:\Program Files\Mozilla Firefox
2010-10-28 19:05:16 ----D---- C:\Program Files\Ask.com
2010-10-28 09:22:57 ----D---- C:\windows\rescache
2010-10-27 23:17:41 ----D---- C:\windows\ehome
2010-10-27 23:17:31 ----D---- C:\windows\AppPatch
2010-10-27 13:15:21 ----D---- C:\windows\system32\catroot
2010-10-26 19:02:26 ----D---- C:\Users\Ondrasek\AppData\Roaming\dvdcss
2010-10-21 14:58:04 ----SD---- C:\Users\Ondrasek\AppData\Roaming\Microsoft
2010-10-19 10:41:44 ----N---- C:\windows\system32\MpSigStub.exe
2010-10-14 13:57:30 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-14 13:55:04 ----D---- C:\Program Files\Half-Life 2
2010-10-14 13:51:55 ----D---- C:\Program Files\Winamp Toolbar
2010-10-14 13:51:50 ----D---- C:\Program Files\Winamp
2010-10-14 13:51:13 ----D---- C:\Program Files\Opera
2010-10-13 22:12:20 ----D---- C:\windows\system32\migration
2010-10-13 22:12:20 ----D---- C:\Program Files\Internet Explorer
2010-10-13 22:12:19 ----D---- C:\Program Files\Windows Media Player
2010-10-13 08:12:25 ----A---- C:\windows\system32\MRT.exe
2010-10-11 09:50:02 ----D---- C:\Program Files\Common Files
2010-10-10 20:02:21 ----D---- C:\ProgramData\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-06-13 691696]
R1 Avgldx86;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 PSINKNC;PSINKNC; C:\windows\system32\DRIVERS\psinknc.sys [2010-06-17 126024]
R1 Tosrfcom;Bluetooth RFCOMM; C:\windows\System32\Drivers\tosrfcom.sys [2009-07-29 69480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 npf;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2009-11-16 50704]
R2 PSINAflt;PSINAflt; C:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
R2 PSINFile;PSINFile; C:\windows\system32\DRIVERS\PSINFile.sys [2010-07-21 99400]
R2 PSINProc;PSINProc; C:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
R2 PSINProt;PSINProt; C:\windows\system32\DRIVERS\PSINProt.sys [2010-07-21 112712]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-04-07 1161664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-07-16 1176064]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-07-10 4994048]
R3 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 21072]
R3 enecir;ENE CIR Receiver; C:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-07-20 2664032]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 tosporte;Bluetooth COM Port; C:\windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 a53uso4u;a53uso4u; C:\windows\system32\drivers\a53uso4u.sys []
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 enecirhid;ENE CIR HID Receiver; C:\windows\system32\DRIVERS\enecirhid.sys [2009-05-19 11776]
S3 enecirhidma;ENE CIR HIDmini Filter; C:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-24 5632]
S3 ENTECH;ENTECH; \??\C:\windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\windows\system32\DRIVERS\nvmf6232.sys [2009-07-31 287392]
S3 nvsmu;nvsmu; C:\windows\system32\DRIVERS\nvsmu.sys [2009-06-29 17920]
S3 nvstor32;nvstor32; C:\windows\system32\DRIVERS\nvstor32.sys [2009-08-05 213024]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 smserial;smserial; C:\windows\system32\DRIVERS\smserial.sys []
S3 toshidpt;Bluetooth HID Port; C:\windows\system32\drivers\Toshidpt.sys [2009-06-19 9608]
S3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2009-08-28 169064]
S3 tosrfbnp;Bluetooth RFBNEP; C:\windows\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
S3 Tosrfhid;Bluetooth RFHID; C:\windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
S3 tosrfnds;Bluetooth Personal Area Network; C:\windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 TosRfSnd;Bluetooth Audio; C:\windows\system32\drivers\tosrfsnd.sys [2009-08-05 61168]
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2009-08-05 49400]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;Filtr VIA sběrnice AGP; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;Ovladač procesoru VIA C7; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-28 14336]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2009-07-10 176128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-08-11 387616]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2009-07-10 160768]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-08-09 140608]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-08-11 178720]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2009-07-23 211488]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2010-06-20 66872]
R2 PnkBstrB;PnkBstrB; C:\windows\system32\PnkBstrB.exe [2010-06-20 107832]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-07-31 144752]
S2 gupdate1cb08df62b31c04;Služba Google Update (gupdate1cb08df62b31c04); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-10 133104]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-11-03 85096]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-10 1045256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly

stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet

zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci

skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install

Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho

malware k nezadoucim kolizim s rezidentem antispyware

Zde je log z COMBOFIX

ComboFix 10-11-03.04 - Ondrasek 04.11.2010 21:18:21.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2252 [GMT 1:00]
Spuštěný z: c:\users\Ondrasek\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-04 do 2010-11-04 )))))))))))))))))))))))))))))))
.

2010-11-04 20:23 . 2010-11-04 20:23 -------- d-----w- c:\users\Ondrasek\AppData\Local\temp
2010-11-04 20:23 . 2010-11-04 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-04 18:59 . 2010-11-04 19:02 -------- d-----w- c:\program files\trend micro
2010-11-04 18:59 . 2010-11-04 19:02 -------- d-----w- C:\rsit
2010-11-04 18:49 . 2010-11-04 18:57 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\AVG
2010-11-04 18:06 . 2010-11-04 18:06 -------- d--h--w- c:\programdata\Common Files
2010-11-04 18:05 . 2010-11-04 19:57 -------- d-----w- c:\programdata\AVG10
2010-11-04 18:05 . 2010-11-04 19:57 -------- d-----w- c:\program files\AVG
2010-11-04 17:59 . 2010-11-04 18:05 -------- d-----w- c:\programdata\MFAData
2010-11-04 17:45 . 2010-11-04 17:45 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\Panda Security
2010-11-04 17:45 . 2010-11-04 17:45 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\SurfSecret Privacy Suite
2010-11-04 17:45 . 2010-11-04 17:45 -------- d-----w- c:\users\Ondrasek\AppData\Local\panda2_0dn
2010-11-04 17:44 . 2010-11-04 20:11 -------- d-----w- c:\program files\Panda Security
2010-11-04 17:44 . 2010-11-04 17:44 -------- d-----w- c:\programdata\Panda Security
2010-11-04 11:57 . 2010-11-04 11:57 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\InfraRecorder
2010-11-04 11:57 . 2010-11-04 11:57 -------- d-----w- c:\program files\InfraRecorder
2010-11-04 11:51 . 2010-11-04 11:51 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\Canneverbe Limited
2010-11-04 11:50 . 2010-11-04 11:50 -------- d-----w- c:\programdata\Canneverbe Limited
2010-11-04 01:22 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{910DDB6F-E258-4150-9251-E9C33532B5D9}\mpengine.dll
2010-11-03 12:04 . 2010-11-03 12:05 -------- d-----w- c:\program files\AutoCAD 2009
2010-11-03 12:04 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-11-01 14:19 . 2010-11-01 14:26 -------- d-----w- c:\program files\ScreenVCR
2010-10-30 16:03 . 2010-10-30 16:03 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\Toshiba
2010-10-27 12:15 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 12:15 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 12:15 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 12:15 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 12:15 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-11 08:50 . 2010-10-11 08:50 -------- d-----w- c:\program files\Common Files\PS
2010-10-11 08:50 . 2010-01-27 12:31 110592 ----a-w- c:\windows\system32\itFPCPortMon.dll
2010-10-11 08:50 . 2005-04-01 02:26 1455616 ----a-w- c:\windows\system32\iSED.dll
2010-10-11 08:50 . 2010-10-11 08:50 -------- d-----w- c:\program files\pdfconverter.com
2010-10-10 19:02 . 2010-10-10 19:02 -------- d-----w- c:\program files\Common Files\Skype
2010-10-10 19:02 . 2010-10-10 19:02 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-06-07 10:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 09:22 . 2010-09-24 09:22 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-21 05:32 . 2010-09-14 20:39 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\users\Ondrasek\AppData\Roaming\QipGuard\QipGuard.exe" [2010-04-12 184272]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-07-24 2068480]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Free PDF Print Dispatcher"="c:\program files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe" [2010-01-15 25600]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R2 gupdate1cb08df62b31c04;Služba Google Update (gupdate1cb08df62b31c04);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 133104]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-19 11776]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-24 5632]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-13 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-10 176128]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Obsah adresáře 'Naplánované úlohy'

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 20:56]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 20:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=102352&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\users\Ondrasek\AppData\Roaming\Mozilla\Firefox\Profiles\3n7vzyje.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=00000001&p=
FF - component: c:\users\Ondrasek\AppData\Roaming\Mozilla\Firefox\Profiles\3n7vzyje.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Ondrasek\AppData\Roaming\Mozilla\Firefox\Profiles\3n7vzyje.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\users\Ondrasek\AppData\Roaming\Mozilla\Firefox\Profiles\3n7vzyje.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-11-04 21:24:35
ComboFix-quarantined-files.txt 2010-11-04 20:24

Před spuštěním: Volných bajtů: 24 493 977 600
Po spuštění: Volných bajtů: 24 405 704 704

- - End Of File - - 20664A9DE9A5DDFF934084D27A598F9B

Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 10-11-03.04 - Ondrasek 04.11.2010 21:43:11.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2295 [GMT 1:00]
Spuštěný z: c:\users\Ondrasek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondrasek\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_93e5.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-04 do 2010-11-04 )))))))))))))))))))))))))))))))
.

2010-11-04 20:47 . 2010-11-04 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-04 20:24 . 2010-11-04 20:47 -------- d-----w- c:\users\Ondrasek\AppData\Local\temp
2010-11-04 18:59 . 2010-11-04 19:02 -------- d-----w- c:\program files\trend micro
2010-11-04 18:59 . 2010-11-04 19:02 -------- d-----w- C:\rsit
2010-11-04 18:49 . 2010-11-04 18:57 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\AVG
2010-11-04 18:06 . 2010-11-04 18:06 -------- d--h--w- c:\programdata\Common Files
2010-11-04 18:05 . 2010-11-04 19:57 -------- d-----w- c:\programdata\AVG10
2010-11-04 18:05 . 2010-11-04 19:57 -------- d-----w- c:\program files\AVG
2010-11-04 17:59 . 2010-11-04 18:05 -------- d-----w- c:\programdata\MFAData
2010-11-04 17:45 . 2010-11-04 17:45 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\Panda Security
2010-11-04 17:45 . 2010-11-04 17:45 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\SurfSecret Privacy Suite
2010-11-04 17:45 . 2010-11-04 17:45 -------- d-----w- c:\users\Ondrasek\AppData\Local\panda2_0dn
2010-11-04 17:44 . 2010-11-04 20:11 -------- d-----w- c:\program files\Panda Security
2010-11-04 17:44 . 2010-11-04 17:44 -------- d-----w- c:\programdata\Panda Security
2010-11-04 11:57 . 2010-11-04 11:57 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\InfraRecorder
2010-11-04 11:57 . 2010-11-04 11:57 -------- d-----w- c:\program files\InfraRecorder
2010-11-04 11:51 . 2010-11-04 11:51 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\Canneverbe Limited
2010-11-04 11:50 . 2010-11-04 11:50 -------- d-----w- c:\programdata\Canneverbe Limited
2010-11-04 01:22 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{910DDB6F-E258-4150-9251-E9C33532B5D9}\mpengine.dll
2010-11-03 12:04 . 2010-11-03 12:05 -------- d-----w- c:\program files\AutoCAD 2009
2010-11-03 12:04 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-11-01 14:19 . 2010-11-01 14:26 -------- d-----w- c:\program files\ScreenVCR
2010-10-30 16:03 . 2010-10-30 16:03 -------- d-----w- c:\users\Ondrasek\AppData\Roaming\Toshiba
2010-10-27 12:15 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 12:15 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 12:15 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 12:15 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 12:15 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-11 08:50 . 2010-10-11 08:50 -------- d-----w- c:\program files\Common Files\PS
2010-10-11 08:50 . 2010-01-27 12:31 110592 ----a-w- c:\windows\system32\itFPCPortMon.dll
2010-10-11 08:50 . 2005-04-01 02:26 1455616 ----a-w- c:\windows\system32\iSED.dll
2010-10-11 08:50 . 2010-10-11 08:50 -------- d-----w- c:\program files\pdfconverter.com
2010-10-10 19:02 . 2010-10-10 19:02 -------- d-----w- c:\program files\Common Files\Skype
2010-10-10 19:02 . 2010-10-10 19:02 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-06-07 10:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 09:22 . 2010-09-24 09:22 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-21 05:32 . 2010-09-14 20:39 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\users\Ondrasek\AppData\Roaming\QipGuard\QipGuard.exe" [2010-04-12 184272]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-07-24 2068480]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Free PDF Print Dispatcher"="c:\program files\pdfconverter.com\FreePDF Creator\itFPCPrnDisp.exe" [2010-01-15 25600]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

R2 gupdate1cb08df62b31c04;Služba Google Update (gupdate1cb08df62b31c04);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 133104]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-19 11776]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-24 5632]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-13 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-10 176128]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Obsah adresáře 'Naplánované úlohy'

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 20:56]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 20:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=102352&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\users\Ondrasek\AppData\Roaming\Mozilla\Firefox\Profiles\3n7vzyje.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=00000001&p=
FF - component: c:\users\Ondrasek\AppData\Roaming\Mozilla\Firefox\Profiles\3n7vzyje.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Ondrasek\AppData\Roaming\Mozilla\Firefox\Profiles\3n7vzyje.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\users\Ondrasek\AppData\Roaming\Mozilla\Firefox\Profiles\3n7vzyje.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-11-04 21:48:16
ComboFix-quarantined-files.txt 2010-11-04 20:48
ComboFix2.txt 2010-11-04 20:24

Před spuštěním: Volných bajtů: 24 496 365 568
Po spuštění: Volných bajtů: 24 442 884 096

- - End Of File - - DB3314CCFE8D3C7461A4C12AE9DBBE17

Log již vypadá čistý. Nastala nějaká změna?