vir z Facebooku
Napsal: 21 črc 2011 19:02
tak jsem to chytl taky, přišel mi na chatu odkaz na video, pak to chtělo instalovat flash player a byl to vir.
log z ComboFixu mi nejde, piše to:system nemuže najit položku NIRKMD
NIRCMDC neni nazev vnitřniho ani vnějšiho přikazu
MTEE neni nazev vnitřniho ani vnějšiho přikazu
log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by PC1 at 2011-07-21 19:52:57
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 152 GB (68%) free of 223 GB
Total RAM: 3032 MB (56% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{5FCE7119-BC33-4D86-B5F2-5F52E20A6CB9}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-04 305328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-20 1007160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-06 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-04 305328]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-03-31 217088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-06 148888]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-12-11 3563520]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe []
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-31 483420]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2007-05-19 741376]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-27 421160]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-12-0\svchost.exe [2011-07-21 1178112]
"tray_ico1"=C:\Windows\update.tray-7-0\svchost.exe [2011-07-21 1178112]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
"66757337-loader2.exe"=C:\Windows\TEMP\66757337-loader2.exe []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-21 245760]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-21 245760]
"systemup"=C:\Windows\systemup.exe [2011-07-21 114176]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-21 110592]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Adobe Reader Synchronizer"=C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe [2010-06-19 542168]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\PC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-07-21 19:52:26 ----D---- C:\rsit
2011-07-21 19:52:26 ----D---- C:\Program Files\trend micro
2011-07-21 19:47:23 ----D---- C:\ComboFix
2011-07-21 19:46:47 ----D---- C:\Windows\temp
2011-07-21 19:45:55 ----D---- C:\Windows\ERDNT
2011-07-21 19:45:55 ----A---- C:\Windows\system32\CF555.exe
2011-07-21 19:45:53 ----D---- C:\Qoobox
2011-07-21 19:12:37 ----D---- C:\Program Files\CCleaner
2011-07-21 19:10:51 ----A---- C:\Windows\ddh_iplist.txt
2011-07-21 19:10:30 ----A---- C:\Windows\l1rezerv.exe
2011-07-21 19:10:28 ----A---- C:\Windows\systemup.exe
2011-07-21 18:52:00 ----D---- C:\Users\PC1\AppData\Roaming\Malwarebytes
2011-07-21 18:51:55 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-21 18:51:54 ----D---- C:\ProgramData\Malwarebytes
2011-07-21 18:51:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-21 18:51:51 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-21 18:44:31 ----ASH---- C:\hiberfil.sys
2011-07-21 17:38:38 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-21 17:38:38 ----HD---- C:\Windows\update.tray-7-0
2011-07-21 14:43:08 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-21 14:43:08 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-21 14:43:08 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-21 14:43:07 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-21 14:43:07 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-21 14:43:07 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-21 14:42:23 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-21 14:42:23 ----A---- C:\Windows\avastSS.scr
2011-07-21 14:39:18 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-21 14:38:56 ----HD---- C:\Windows\update.2
2011-07-21 14:38:12 ----D---- C:\Windows\ufa
2011-07-21 14:38:12 ----D---- C:\Windows\rpcminer
2011-07-21 14:38:12 ----D---- C:\Windows\phoenix
2011-07-21 14:37:42 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-21 14:37:37 ----A---- C:\Windows\unrar.exe
2011-07-21 14:37:07 ----HD---- C:\Windows\update.5.0
2011-07-21 14:36:58 ----A---- C:\Windows\iplist.txt
2011-07-21 14:35:55 ----A---- C:\Windows\sysdriver32_.exe
2011-07-21 14:35:41 ----A---- C:\Windows\sysdriver32.exe
2011-07-21 14:33:41 ----A---- C:\Windows\front_ip_list.txt
2011-07-21 14:33:31 ----D---- C:\Windows\av_ico
2011-07-21 14:31:37 ----HD---- C:\Windows\update.1
2011-07-21 14:31:18 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-21 14:31:18 ----HD---- C:\Windows\update.tray-12-0
2011-07-21 14:20:36 ----A---- C:\Windows\winlog-ids.txt
2011-07-21 14:20:36 ----A---- C:\Windows\winlog-dirs.txt
2011-07-21 14:20:33 ----A---- C:\Windows\services32.exe
======List of files/folders modified in the last 1 month======
2011-07-21 19:52:26 ----RD---- C:\Program Files
2011-07-21 19:47:40 ----D---- C:\Windows
2011-07-21 19:47:35 ----D---- C:\Windows\system32\cs-CZ
2011-07-21 19:47:35 ----D---- C:\Windows\System32
2011-07-21 19:46:38 ----D---- C:\Windows\Prefetch
2011-07-21 19:46:29 ----SHD---- C:\System Volume Information
2011-07-21 19:45:54 ----D---- C:\Windows\system32\drivers
2011-07-21 19:36:30 ----D---- C:\Windows\inf
2011-07-21 19:36:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-21 19:19:54 ----D---- C:\Windows\Minidump
2011-07-21 19:19:54 ----D---- C:\Windows\Debug
2011-07-21 19:03:11 ----SD---- C:\Users\PC1\AppData\Roaming\Microsoft
2011-07-21 18:51:54 ----HD---- C:\ProgramData
2011-07-21 14:43:04 ----SHD---- C:\Windows\Installer
2011-07-21 14:43:04 ----HD---- C:\Config.Msi
2011-07-21 14:43:04 ----D---- C:\Windows\winsxs
2011-07-21 14:39:18 ----D---- C:\Windows\system32\drivers\etc
2011-07-21 14:32:34 ----D---- C:\Windows\system32\drivers\Avg
2011-06-26 17:23:10 ----D---- C:\ProgramData\HP
log z ComboFixu mi nejde, piše to:system nemuže najit položku NIRKMD
NIRCMDC neni nazev vnitřniho ani vnějšiho přikazu
MTEE neni nazev vnitřniho ani vnějšiho přikazu
log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by PC1 at 2011-07-21 19:52:57
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 152 GB (68%) free of 223 GB
Total RAM: 3032 MB (56% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{5FCE7119-BC33-4D86-B5F2-5F52E20A6CB9}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-04 305328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-20 1007160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-06 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-04 305328]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-03-31 217088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-06 148888]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-12-11 3563520]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe []
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-31 483420]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2007-05-19 741376]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-27 421160]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-12-0\svchost.exe [2011-07-21 1178112]
"tray_ico1"=C:\Windows\update.tray-7-0\svchost.exe [2011-07-21 1178112]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
"66757337-loader2.exe"=C:\Windows\TEMP\66757337-loader2.exe []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-21 245760]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-21 245760]
"systemup"=C:\Windows\systemup.exe [2011-07-21 114176]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-21 110592]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Adobe Reader Synchronizer"=C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe [2010-06-19 542168]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\PC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-07-21 19:52:26 ----D---- C:\rsit
2011-07-21 19:52:26 ----D---- C:\Program Files\trend micro
2011-07-21 19:47:23 ----D---- C:\ComboFix
2011-07-21 19:46:47 ----D---- C:\Windows\temp
2011-07-21 19:45:55 ----D---- C:\Windows\ERDNT
2011-07-21 19:45:55 ----A---- C:\Windows\system32\CF555.exe
2011-07-21 19:45:53 ----D---- C:\Qoobox
2011-07-21 19:12:37 ----D---- C:\Program Files\CCleaner
2011-07-21 19:10:51 ----A---- C:\Windows\ddh_iplist.txt
2011-07-21 19:10:30 ----A---- C:\Windows\l1rezerv.exe
2011-07-21 19:10:28 ----A---- C:\Windows\systemup.exe
2011-07-21 18:52:00 ----D---- C:\Users\PC1\AppData\Roaming\Malwarebytes
2011-07-21 18:51:55 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-21 18:51:54 ----D---- C:\ProgramData\Malwarebytes
2011-07-21 18:51:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-21 18:51:51 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-21 18:44:31 ----ASH---- C:\hiberfil.sys
2011-07-21 17:38:38 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-21 17:38:38 ----HD---- C:\Windows\update.tray-7-0
2011-07-21 14:43:08 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-21 14:43:08 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-21 14:43:08 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-21 14:43:07 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-21 14:43:07 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-21 14:43:07 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-21 14:42:23 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-21 14:42:23 ----A---- C:\Windows\avastSS.scr
2011-07-21 14:39:18 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-21 14:38:56 ----HD---- C:\Windows\update.2
2011-07-21 14:38:12 ----D---- C:\Windows\ufa
2011-07-21 14:38:12 ----D---- C:\Windows\rpcminer
2011-07-21 14:38:12 ----D---- C:\Windows\phoenix
2011-07-21 14:37:42 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-21 14:37:37 ----A---- C:\Windows\unrar.exe
2011-07-21 14:37:07 ----HD---- C:\Windows\update.5.0
2011-07-21 14:36:58 ----A---- C:\Windows\iplist.txt
2011-07-21 14:35:55 ----A---- C:\Windows\sysdriver32_.exe
2011-07-21 14:35:41 ----A---- C:\Windows\sysdriver32.exe
2011-07-21 14:33:41 ----A---- C:\Windows\front_ip_list.txt
2011-07-21 14:33:31 ----D---- C:\Windows\av_ico
2011-07-21 14:31:37 ----HD---- C:\Windows\update.1
2011-07-21 14:31:18 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-21 14:31:18 ----HD---- C:\Windows\update.tray-12-0
2011-07-21 14:20:36 ----A---- C:\Windows\winlog-ids.txt
2011-07-21 14:20:36 ----A---- C:\Windows\winlog-dirs.txt
2011-07-21 14:20:33 ----A---- C:\Windows\services32.exe
======List of files/folders modified in the last 1 month======
2011-07-21 19:52:26 ----RD---- C:\Program Files
2011-07-21 19:47:40 ----D---- C:\Windows
2011-07-21 19:47:35 ----D---- C:\Windows\system32\cs-CZ
2011-07-21 19:47:35 ----D---- C:\Windows\System32
2011-07-21 19:46:38 ----D---- C:\Windows\Prefetch
2011-07-21 19:46:29 ----SHD---- C:\System Volume Information
2011-07-21 19:45:54 ----D---- C:\Windows\system32\drivers
2011-07-21 19:36:30 ----D---- C:\Windows\inf
2011-07-21 19:36:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-21 19:19:54 ----D---- C:\Windows\Minidump
2011-07-21 19:19:54 ----D---- C:\Windows\Debug
2011-07-21 19:03:11 ----SD---- C:\Users\PC1\AppData\Roaming\Microsoft
2011-07-21 18:51:54 ----HD---- C:\ProgramData
2011-07-21 14:43:04 ----SHD---- C:\Windows\Installer
2011-07-21 14:43:04 ----HD---- C:\Config.Msi
2011-07-21 14:43:04 ----D---- C:\Windows\winsxs
2011-07-21 14:39:18 ----D---- C:\Windows\system32\drivers\etc
2011-07-21 14:32:34 ----D---- C:\Windows\system32\drivers\Avg
2011-06-26 17:23:10 ----D---- C:\ProgramData\HP
ale navadí..spustíme combofix,ale v nouzovém režimu( při startu pc mačkejte F8)
Stáhneme si 
do předmětu dejte chodnik74,abych se ho ujal já..