VIRY.CZ

Dobrý den, dnes ráno se mi v počítači objevil nějaký (zřejmě) fake antivirus. Zpočátku mi házel oznámení (v angličtině), že by moje PC mohlo být infikováno, a že mi doporučují stáhnout si tuším AV antivirus. Oznámení jsem zpočátku nevěnoval pozornost, ale během chvíle jsem se již v žádném prohlížeči nedostal nikam - vždy se objevilo jen oznámení, že bych si měl stáhnout ten jejich AV a občas se mi samovolně spustil ie nejčastěji s nějakým pornowebem, kde mi AVG našlo trojského koně a zablokoval ho. Na fake antivir ale AVG nestačil (navíc se mi problém stal asi měsíc poté, co jsem přešel od Avastu, myslím, že se k němu brzy zase vrátím).
Nešel spustit žádný program ani AVG, a tak jsem PC spustil v nouzovém režimu. Našel jsem jeden návod v angličtině, ale na konci scanu jsem zjsitil, že bych si daný program musel zakoupit - než to, tak radši naformátuji disc a znovu nainstaluji windows. Spustil jsem několik antispyware free programů a test v AVG, všechny něco našly, ale v konečném výsledku problém nevyřešily. Po obvyklém spuštění má nad mým PC vždy "kontrolu" fake antivirus. A tak jsem se rozhodl obrátit na Vás. Mohly byste mi prosím poradit, co s tím?

Screen z Rogue removeru (kupodivu čistý, ale scan běžel asi dvě sekundy, což mi přijde zvláštní)

Kód: Vybrat vše

http://img5.imageshack.us/img5/5637/rogueremover.jpg

Screen ze scanu spyware doctora (nemám placenou verzi)

Kód: Vybrat vše

http://img259.imageshack.us/img259/5603/spywaredoctor.jpg

LOG RSIT

Kód: Vybrat vše

)Logfile of random's system information tool 1.08 (written by random/random)
Run by Tryman at 2011-02-23 15:20:49
Microsoft Windows 7 Home Premium  
System drive C: has 45 GB (38%) free of 119 GB
Total RAM: 4095 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:20:55, on 23.2.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files\trend micro\Tryman.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [SRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
O4 - HKCU\..\Run: [fbvtkdjf] C:\Users\Tryman\AppData\Local\Temp\wouasgbmm\iwnyjewsika.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Kooperativa - PDF Server.lnk = C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KoopPdfService - Unknown owner - C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8669 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Program Files (x86)\Opera\opera.exe" 
 /heur=ON /pup=ON /ads=ON /clean=ON /report="avgrep.txt" /comp=ON /boot=ON /proc=ON /reg=ON 
\??\C:\Windows\system32\conhost.exe
 /pipeName=921eef4f-2479-4152-86d6-cd22e6ff77f5 /coreSdkOptions=1 /binaryPath="C:\Program Files (x86)\AVG9\"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe"
"C:\Users\Tryman\AppData\Local\Opera\Opera\temporary_downloads\RSITx64.exe" 
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\AWC Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG9\avgssiea.dll [2010-11-24 2334560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll [2011-01-07 1132496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG9\avgssie.dll [2010-11-24 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll [2011-01-07 1132496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"=C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [2009-08-25 947472]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-06-12 619392]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-08-29 1238528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"=C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [2009-07-10 3754232]
"fbvtkdjf"=C:\Users\Tryman\AppData\Local\Temp\wouasgbmm\iwnyjewsika.exe [2011-02-23 335360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-26 98304]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-13 2244096]
"AVG9_TRAY"=C:\PROGRA~2\AVG9\avgtray.exe [2010-11-24 2069344]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"PCTools FGuard"=C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [2011-01-07 108496]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=grpconv -o []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe

C:\Users\Tryman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Kooperativa - PDF Server.lnk - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrssta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdAuxService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdCoreService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\"="C:\Windows\system\dwm.exe:*:Enabled:KL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-23 15:20:49 ----D---- C:\rsit
2011-02-23 15:20:49 ----D---- C:\Program Files\trend micro
2011-02-23 15:08:48 ----A---- C:\Windows\SGDetectionTool.dll
2011-02-23 15:08:48 ----A---- C:\Windows\PCTBDCore.dll
2011-02-23 15:08:48 ----A---- C:\Windows\BDTSupport.dll
2011-02-23 15:08:47 ----A---- C:\Windows\PCTBDRes.dll
2011-02-23 15:08:17 ----A---- C:\Windows\system32\drivers\pctEFA64.sys
2011-02-23 15:08:17 ----A---- C:\Windows\system32\drivers\pctDS64.sys
2011-02-23 15:08:16 ----A---- C:\Windows\system32\drivers\pctwfpfilter64.sys
2011-02-23 15:08:16 ----A---- C:\Windows\system32\drivers\pctgntdi64.sys
2011-02-23 15:08:11 ----A---- C:\Windows\system32\drivers\PCTCore64.sys
2011-02-23 15:08:07 ----A---- C:\Windows\system32\drivers\pctplsg64.sys
2011-02-23 15:07:47 ----D---- C:\Users\Tryman\AppData\Roaming\PC Tools
2011-02-23 15:07:47 ----D---- C:\Program Files (x86)\PC Tools Security
2011-02-23 15:06:20 ----D---- C:\ProgramData\PC Tools
2011-02-23 14:57:19 ----D---- C:\Program Files (x86)\RogueRemover FREE
2011-02-23 11:36:08 ----D---- C:\Windows\XSxS
2011-02-23 11:36:08 ----D---- C:\Program Files (x86)\Xenocode
2011-02-23 10:33:37 ----D---- C:\Program Files (x86)\GridinSoft Trojan Killer
2011-02-23 10:11:40 ----A---- C:\Windows\reimage.ini
2011-02-23 10:11:21 ----D---- C:\rei
2011-02-23 10:11:01 ----D---- C:\Program Files\Reimage
2011-02-23 10:08:04 ----A---- C:\Windows\ntbtlog.txt
2011-02-09 03:39:10 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-02-09 03:39:10 ----A---- C:\Windows\system32\kerberos.dll
2011-02-09 03:38:56 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 03:38:55 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-02-09 03:38:53 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 03:38:53 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 03:38:52 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-02-09 03:38:52 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-02-09 03:38:52 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-02-09 03:38:50 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-02-09 03:38:50 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 03:38:49 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-02-09 03:38:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-02-09 03:38:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-02-09 03:38:49 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-02-09 03:38:49 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-02-09 03:38:49 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 03:38:49 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 03:38:49 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 03:38:49 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 03:38:49 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 03:38:49 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 03:38:49 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 03:38:48 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-02-09 03:38:48 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-02-09 03:38:48 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-02-09 03:38:48 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-02-09 03:38:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-02-09 03:38:48 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 03:38:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 03:38:48 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 03:38:48 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 03:38:45 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 03:38:43 ----A---- C:\Windows\system32\vbscript.dll
2011-02-09 03:38:43 ----A---- C:\Windows\system32\jscript.dll
2011-02-09 03:38:42 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-02-09 03:38:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-02-09 03:38:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 03:38:39 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 03:38:38 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-02-09 03:38:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-02-09 03:38:38 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-02-09 03:36:56 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-02-09 03:36:56 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-02-09 03:36:56 ----A---- C:\Windows\system32\atmlib.dll
2011-02-09 03:36:56 ----A---- C:\Windows\system32\atmfd.dll

======List of files/folders modified in the last 1 months======

2011-02-23 15:20:49 ----RD---- C:\Program Files
2011-02-23 15:18:12 ----D---- C:\Windows\Temp
2011-02-23 15:18:12 ----AD---- C:\ProgramData\Temp
2011-02-23 15:08:48 ----D---- C:\Windows
2011-02-23 15:08:17 ----D---- C:\Windows\system32\drivers
2011-02-23 15:07:48 ----D---- C:\Program Files (x86)\Common Files
2011-02-23 15:07:47 ----RD---- C:\Program Files (x86)
2011-02-23 15:06:20 ----HD---- C:\ProgramData
2011-02-23 12:39:36 ----D---- C:\Windows\system32\config
2011-02-23 12:39:32 ----D---- C:\Windows\tracing
2011-02-23 12:39:29 ----D---- C:\Program Files (x86)\Advanced SystemCare 3
2011-02-23 09:44:43 ----A---- C:\Windows\system32\AutoRunFilter.ini
2011-02-23 08:49:22 ----D---- C:\Windows\system32\drivers\Avg
2011-02-23 08:49:22 ----D---- C:\Program Files (x86)\AVG9
2011-02-23 08:47:25 ----D---- C:\Windows\System32
2011-02-23 08:47:25 ----D---- C:\Windows\inf
2011-02-23 08:47:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-22 00:57:17 ----D---- C:\Windows\Prefetch
2011-02-21 17:24:43 ----SHD---- C:\Windows\Installer
2011-02-21 17:23:50 ----D---- C:\Windows\SysWOW64
2011-02-21 17:22:02 ----D---- C:\ProgramData\Adobe
2011-02-21 10:18:38 ----D---- C:\Windows\system32\catroot2
2011-02-20 12:50:48 ----SD---- C:\Users\Tryman\AppData\Roaming\Microsoft
2011-02-20 12:50:48 ----D---- C:\Users\Tryman\AppData\Roaming\Adobe
2011-02-18 19:50:13 ----D---- C:\Windows\system32\NDF
2011-02-18 12:35:17 ----D---- C:\Program Files (x86)\Adobe
2011-02-18 12:33:51 ----SHD---- C:\System Volume Information
2011-02-09 17:16:21 ----D---- C:\Windows\winsxs
2011-02-09 17:13:59 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-09 17:13:58 ----D---- C:\Program Files\Internet Explorer
2011-02-09 17:13:57 ----D---- C:\Windows\SYSWOW64\migration
2011-02-09 17:13:54 ----D---- C:\Windows\system32\migration
2011-02-09 12:43:43 ----A---- C:\Windows\system32\MRT.exe
2011-02-09 12:43:00 ----D---- C:\ProgramData\Microsoft Help
2011-02-09 05:26:30 ----D---- C:\Windows\Minidump
2011-02-09 03:38:29 ----D---- C:\Windows\system32\catroot
2011-02-03 10:15:12 ----D---- C:\Users\Tryman\AppData\Roaming\IObit
2011-02-03 02:56:32 ----A---- C:\Windows\NeroDigital.ini
2011-01-29 10:45:02 ----D---- C:\Program Files (x86)\Opera
2011-01-26 19:18:02 ----D---- C:\Users\Tryman\AppData\Roaming\Faryk

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2009-11-09 35384]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 AvgTdiA;AVG Free Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [2010-07-17 317520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
S0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore64.sys [2010-12-10 257232]
S0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-20 834544]
S1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [2010-07-17 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [2010-06-08 35536]
S2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-11-19 11576]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-06-26 6036480]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 IpwP;IPWireless 3G Network Adapter; C:\Windows\system32\DRIVERS\ipw3gnet.sys [2007-06-12 89088]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 lvupdtio;lvupdtio; \??\C:\Program Files (x86)\ASUS\ASUS Live Update\SYS64\lvupdtio.sys [2007-08-02 17464]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys [2009-05-18 343592]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-25 203264]
S2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
S2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG9\avgwdsvc.exe [2010-07-17 308136]
S2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe [2009-10-06 65536]
S2 KoopPdfService;KoopPdfService; C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe [2010-09-19 450560]
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 SRS_VolSync_Service;SRS Volume Sync Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-10 128224]
S3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe [2009-10-06 1532000]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S3 sdCoreService;PC Tools Security Service; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-11-19 1150936]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]

-----------------EOF-----------------

LOG DDS

Kód: Vybrat vše


DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK 
Run by Tryman at 15:35:00,34 on st 23.02.2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium   6.1.7600.0.1250.420.1029.18.4095.2605 [GMT 1:00]

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\AVG9\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG9\avgcsrva.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Users\Tryman\AppData\Local\Opera\Opera\temporary_downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [SRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
uRun: [fbvtkdjf] C:\Users\Tryman\AppData\Local\Temp\wouasgbmm\iwnyjewsika.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG9\avgtray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Tryman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KOOPER~1.LNK - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
mRun-x64: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
mRun-x64: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Tryman\AppData\Roaming\Mozilla\Firefox\Profiles\xkwl9ze5.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: C:\Program Files (x86)\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG9\Firefox
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - C:\Program Files (x86)\PC Tools Security\BDT\Firefox
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2009-11-9 15928]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-12-20 317520]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-6-12 112128]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-9 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-9 34872]
S0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-2-23 257232]
S0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-2-23 452872]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-12-20 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-12-20 35536]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-11-9 359552]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-6-25 203264]
S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-11-9 14904]
S2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG9\avgwdsvc.exe [2010-7-17 308136]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-2-23 247760]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe -s --> C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S2 KoopPdfService;KoopPdfService;C:\Program Files (x86)\Kooperativa\Services\KoopPDFServer.exe [2010-9-19 450560]
S2 SRS_VolSync_Service;SRS Volume Sync Service;C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-7-10 128224]
S2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2009-11-19 11576]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe -s --> C:\Program Files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-12-19 61792]
S3 fsssvc;Windows Live Zabezpečení rodiny;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 IpwP;IPWireless 3G Network Adapter;C:\Windows\System32\drivers\ipw3gnet.sys [2009-12-27 89088]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-2-23 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-2-23 1150936]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;C:\Windows\System32\drivers\SRS_PremiumSound_amd64.sys [2009-5-18 343592]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-8 1255736]

=============== Created Last 30 ================

2011-02-23 14:20:49	--------	d-----w-	C:\Program Files\trend micro
2011-02-23 14:08:48	767952	----a-w-	C:\Windows\BDTSupport.dll
2011-02-23 14:08:48	2000848	----a-w-	C:\Windows\PCTBDCore.dll
2011-02-23 14:08:48	149456	----a-w-	C:\Windows\SGDetectionTool.dll
2011-02-23 14:08:47	1533904	----a-w-	C:\Windows\PCTBDRes.dll
2011-02-23 14:08:17	816016	----a-w-	C:\Windows\System32\drivers\pctEFA64.sys
2011-02-23 14:08:17	452872	----a-w-	C:\Windows\System32\drivers\pctDS64.sys
2011-02-23 14:08:16	334976	----a-w-	C:\Windows\System32\drivers\pctgntdi64.sys
2011-02-23 14:08:16	137704	----a-w-	C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-02-23 14:08:11	257232	----a-w-	C:\Windows\System32\drivers\PCTCore64.sys
2011-02-23 14:08:07	92896	----a-w-	C:\Windows\System32\drivers\pctplsg64.sys
2011-02-23 14:07:48	--------	d-----w-	C:\Program Files (x86)\Common Files\PC Tools
2011-02-23 14:07:47	--------	d-----w-	C:\Users\Tryman\AppData\Roaming\PC Tools
2011-02-23 14:07:47	--------	d-----w-	C:\Program Files (x86)\PC Tools Security
2011-02-23 14:06:20	--------	d-----w-	C:\PROGRA~3\PC Tools
2011-02-23 13:57:19	--------	d-----w-	C:\Program Files (x86)\RogueRemover FREE
2011-02-23 10:36:08	--------	d-----w-	C:\Windows\XSxS
2011-02-23 10:36:08	--------	d-----w-	C:\Program Files (x86)\Xenocode
2011-02-23 09:33:37	--------	d-----w-	C:\Program Files (x86)\GridinSoft Trojan Killer
2011-02-23 09:11:21	--------	d-----w-	C:\rei
2011-02-23 09:11:01	--------	d-----w-	C:\Program Files\Reimage
2011-02-23 09:09:59	--------	d-----w-	C:\Users\Tryman\AppData\Local\ElevatedDiagnostics
2011-02-09 02:39:10	714752	----a-w-	C:\Windows\System32\kerberos.dll
2011-02-09 02:39:10	541184	----a-w-	C:\Windows\SysWow64\kerberos.dll
2011-02-09 02:36:56	46080	----a-w-	C:\Windows\System32\atmlib.dll
2011-02-09 02:36:56	366080	----a-w-	C:\Windows\System32\atmfd.dll
2011-02-09 02:36:56	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2011-02-09 02:36:56	294400	----a-w-	C:\Windows\SysWow64\atmfd.dll
2011-01-30 15:45:12	135568	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

==================== Find3M  ====================

2011-01-17 08:26:46	796672	----a-w-	C:\Windows\GPInstall.exe
2011-01-05 06:20:30	612352	----a-w-	C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33	428032	----a-w-	C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16	3127808	----a-w-	C:\Windows\System32\win32k.sys
2010-12-18 06:15:38	1197056	----a-w-	C:\Windows\System32\wininet.dll
2010-12-18 06:11:41	57856	----a-w-	C:\Windows\System32\licmgr10.dll
2010-12-18 05:32:22	981504	----a-w-	C:\Windows\SysWow64\wininet.dll
2010-12-18 05:29:40	44544	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2010-12-18 04:55:03	482816	----a-w-	C:\Windows\System32\html.iec
2010-12-18 04:20:55	386048	----a-w-	C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2009-04-08 18:31:56	106496	----a-w-	C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20	155648	----a-w-	C:\Program Files (x86)\Common Files\MSIactionall.dll

============= FINISH: 15:38:12,18 ===============

Zdravím,

Otevři Poznámkový blok
(Start -> Spustit... -> napiš notepad -> OK)
Zkopíruj a vlož zelený text
Kód: Vybrat vše
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"fbvtkdjf"=-
Soubor ulož jako oprava.reg
Při ukládání dej uložit jako typ Všechny soubory (nastavení je uvedeno na obrázku níže)

Zavři notepad a spusť dvojklikem oprava.reg
Dotaz na změnu registru potvrdit
Okno jen problikne a opraví registry - soubor můžeš smazat

Ještě v Nouz.režimu smaž složku C:\Users\Tryman\AppData\Local\Temp\wouasgbmm

Restart do normálního režimu

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Rychlá kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

Tady je výsledek MBAM:

Kód: Vybrat vše

http://img651.imageshack.us/img651/5797/antimalware.jpg

Jinak je asi namístě upozornit, že jsem ještě před Vaší odpovědí projel počítač CCleanerem (doufám, že to nebyla chyba). Poté a po Vámi doporučených krocích jsou zatím vnější známky viru pryč.

A ještě přidávám log z Combo fixu, pokud to pomůže...

ComboFix 11-02-22.05 - Tryman 23.02.2011 16:05:35.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2522 [GMT 1:00]
Spuštěný z: c:\users\Tryman\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\windows\XSxS

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-23 do 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 14:46 . 2011-02-23 14:46 -------- d-----w- c:\program files (x86)\CCleaner
2011-02-23 14:20 . 2011-02-23 14:20 -------- d-----w- C:\rsit
2011-02-23 14:20 . 2011-02-23 14:20 -------- d-----w- c:\program files\trend micro
2011-02-23 14:08 . 2011-01-07 13:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-02-23 13:57 . 2011-02-23 13:57 -------- d-----w- c:\program files (x86)\RogueRemover FREE
2011-02-23 10:36 . 2011-02-23 10:36 -------- d-----w- c:\program files (x86)\Xenocode
2011-02-23 09:33 . 2011-02-23 10:14 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-02-23 09:11 . 2011-02-23 09:11 -------- d-----w- C:\rei
2011-02-23 09:11 . 2011-02-23 09:11 -------- d-----w- c:\program files\Reimage
2011-02-23 09:09 . 2011-02-23 09:09 -------- d-----w- c:\users\Tryman\AppData\Local\ElevatedDiagnostics
2011-02-09 02:39 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 02:39 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-02-09 02:36 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 02:36 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-09 02:36 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 02:36 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-17 08:26 . 2010-12-12 13:40 796672 ----a-w- c:\windows\GPInstall.exe
2011-01-06 10:54 . 2011-02-23 14:08 2125 ----a-w- c:\windows\UDB.zip
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-07-10 3754232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"AVG9_TRAY"="c:\progra~2\AVG9\avgtray.exe" [2010-11-24 2069344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]

c:\users\Tryman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2011-1-16 2499072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-20 113664]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-9 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2007-06-12 89088]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-12-10 257232]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-20 834544]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-07-17 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2010-06-08 35536]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2010-07-17 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG9\avgwdsvc.exe [2010-07-17 308136]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbguard.exe [2009-10-06 65536]
S2 KoopPdfService;KoopPdfService;c:\program files (x86)\Kooperativa\Services\KoopPDFServer.exe [2010-09-19 450560]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-10 128224]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-11-19 11576]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_1_5\bin\fbserver.exe [2009-10-06 1532000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys [2009-05-18 343592]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PCTDS
.
Obsah adresáře 'Naplánované úlohy'

2010-09-14 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]

2010-11-04 c:\windows\Tasks\At2.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]

2011-02-23 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\Advanced SystemCare 3\AWC.exe [2009-12-19 15:19]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1238528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Tryman\AppData\Roaming\Mozilla\Firefox\Profiles\xkwl9ze5.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG9\Firefox
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\AVG9\avgtray.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Celkový čas: 2011-02-23 16:25:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-23 15:25

Před spuštěním: Volných bajtů: 47 141 072 896
Po spuštění: Volných bajtů: 46 877 954 048

- - End Of File - - DAAD863488F967A1F8D5D0547B54152A

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole "Název souboru" jen zkopíruj:

C:\Windows\system\dwm.exe

"Send file" (pokud byl již testován, nech testovat znovu - Reanalyse)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.
Pokud nebude nález stačí jen oznámit

Odinstaluj/smaž
- C:\Program Files (x86)\RogueRemover FREE - je starý a MBAM jej nahradil
- C:\Program Files (x86)\Advanced SystemCare 3 - nedůvěryhodný - může udělat zmatky v systému

nález MBAM jsi nechal odstranit?

místo Spyware doctora použij SAS

Klik na SAS v mém podpisu tě hodí na kompletní návod.
Určitě proveď aktualizaci.
Po scanu klik pravým na brouka -> Otevřít dialog nastavení/předvoleb a zruš fajfku Spustit při spuštění Windows

Má velmi dobrou detekci a pro jednorázové občasné scany ho doporučuji

Všechny kroky jsem provedl a vypadá to, že problém je pryč. Mnohokrát děkuji.

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Nemáš zač - rádo se stalo a jsme tady i příště Obrázek

Znovu děkuji a ještě by mě zajímalo, jak se můžu chránit, aby se mi tento virus do PC nedostal znovu? Vyměnil jsem AVG za Avast, ale nejsem si jistý, jestli je to dostatečné. Přeji hezký víkend.

Dokonalá ochrana neexistuje - rozhodující je chování uživatele.

Win7 už mají dokonalejší FireWall a návrat k Avastu je myslím dobré rozhodnutí - mělo by to stačit.

Občasná kontrola MBAM nebo SAS - při nějakém podezření nebo jen preventivně log RSIT sem.

I tobě hezký předjarní víkend

VIRY.CZ

Fake antivirus

Fake antivirus

Re: Fake antivirus

Re: Fake antivirus

Re: Fake antivirus

Re: Fake antivirus

Re: Fake antivirus

Re: Fake antivirus

Re: Fake antivirus

Re: Fake antivirus