VIRY.CZ

Dobrý den, mám problem s těmito captcha ( http://www.captcha.net/ ) - totiž nezobrazují se. oběvi se misto toho "Google We're sorry... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now." PC sem projel pomocí Avastu a SuperAntispyware, našlo to nějake šmejdy ale problem nevyřešilo. Google mě později odkáže sem http://www.google.com/support/websearch ... swer=86640 .
Děkuji za jakoukoliv radu a pomoc.
Přikládám Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2011-07-27 13:48:35
Microsoft Windows 7 Ultimate
System drive C: has 17 GB (17%) free of 100 GB
Total RAM: 3323 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:48:50, on 27.7.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\admin\AppData\Roaming\QipGuard\QipGuard.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\admin\Downloads\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\admin\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2902936271-1051029432-3150974572-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2902936271-1051029432-3150974572-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.24.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFFEDB1-6CDC-44F9-BFD1-281E84E0A0DA}: NameServer = 192.168.6.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BFFEDB1-6CDC-44F9-BFD1-281E84E0A0DA}: NameServer = 192.168.6.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BFFEDB1-6CDC-44F9-BFD1-281E84E0A0DA}: NameServer = 192.168.6.254
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files\QipGuard\QipGuard.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9353 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntbbn789.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntbbn789.default\extensions\
QipCounter@qip.ru
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntbbn789.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-06-09 45568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-09 138240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-26 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-09-14 9726568]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-04-27 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-06-30 2554696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\admin\AppData\Roaming\QipGuard\QipGuard.exe [2010-06-09 187904]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-06-30 2424192]

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.i263"=i263_32.drv
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"VIDC.X264"=x264vfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.iv41"=Ir41_32.ax
"vidc.iv50"=Ir50_32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-27 13:48:38 ----D---- C:\Program Files\trend micro
2011-07-27 13:48:35 ----D---- C:\rsit
2011-07-27 13:21:24 ----D---- C:\Program Files\COMODO
2011-07-27 13:20:49 ----D---- C:\ProgramData\Comodo
2011-07-27 13:20:20 ----D---- C:\ProgramData\Comodo Downloader
2011-07-27 13:11:32 ----D---- C:\ProgramData\TamoSoft
2011-07-26 19:17:30 ----D---- C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com
2011-07-26 19:17:30 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-07-26 19:17:23 ----D---- C:\Program Files\SUPERAntiSpyware
2011-07-26 19:10:18 ----D---- C:\Program Files\Common Files\Java
2011-07-26 19:09:31 ----A---- C:\Windows\system32\javaws.exe
2011-07-26 19:09:31 ----A---- C:\Windows\system32\javaw.exe
2011-07-26 19:09:31 ----A---- C:\Windows\system32\java.exe
2011-07-26 19:09:22 ----D---- C:\Program Files\Java
2011-07-26 19:05:24 ----D---- C:\Windows\system32\appmgmt
2011-07-25 10:45:25 ----D---- C:\Nová složka (3)
2011-07-24 12:38:43 ----D---- C:\ProgramData\Readon
2011-07-24 12:05:25 ----D---- C:\Users\admin\AppData\Roaming\Media Player Classic
2011-07-23 21:45:41 ----D---- C:\Program Files\QIP
2011-07-22 11:30:20 ----A---- C:\Windows\system32\deployJava1.dll
2011-07-13 20:33:57 ----A---- C:\Windows\IsUninst.exe
2011-07-07 11:51:49 ----D---- C:\Program Files\Ubisoft
2011-07-06 11:48:13 ----D---- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-06-30 09:38:06 ----A---- C:\Windows\system32\drivers\inspect.sys
2011-06-30 09:38:06 ----A---- C:\Windows\system32\drivers\cmdhlp.sys
2011-06-30 09:38:04 ----A---- C:\Windows\system32\drivers\cmdGuard.sys
2011-06-30 09:38:04 ----A---- C:\Windows\system32\drivers\cmderd.sys
2011-06-30 09:37:26 ----A---- C:\Windows\system32\guard32.dll
2011-06-29 13:02:31 ----D---- C:\Users\admin\AppData\Roaming\Day 1 Studios

======List of files/folders modified in the last 1 month======

2011-07-27 13:48:50 ----D---- C:\Windows\Prefetch
2011-07-27 13:48:48 ----D---- C:\Windows\Temp
2011-07-27 13:48:38 ----RD---- C:\Program Files
2011-07-27 13:22:30 ----SHD---- C:\Windows\Installer
2011-07-27 13:22:21 ----D---- C:\Windows\system32\drivers
2011-07-27 13:22:21 ----D---- C:\Windows\system32\catroot
2011-07-27 13:22:21 ----D---- C:\Windows\inf
2011-07-27 13:22:20 ----D---- C:\Windows\system32\DriverStore
2011-07-27 13:21:25 ----AD---- C:\Windows\System32
2011-07-27 13:20:49 ----HD---- C:\ProgramData
2011-07-27 13:13:13 ----D---- C:\Users\admin\AppData\Roaming\Skype
2011-07-27 13:13:04 ----D---- C:\Users\admin\AppData\Roaming\uTorrent
2011-07-27 13:05:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-27 13:00:58 ----D---- C:\Program Files\Common Files\Akamai
2011-07-27 13:00:21 ----D---- C:\ProgramData\NVIDIA
2011-07-27 13:00:11 ----D---- C:\Program Files\Google
2011-07-27 12:17:23 ----SHD---- C:\System Volume Information
2011-07-26 21:25:33 ----D---- C:\Windows\system32\config
2011-07-26 19:10:18 ----D---- C:\Program Files\Common Files
2011-07-26 19:08:40 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2011-07-26 19:07:52 ----D---- C:\Program Files\VideoLAN
2011-07-26 11:21:55 ----D---- C:\Program Files\Mozilla Firefox
2011-07-24 11:34:33 ----RSD---- C:\Windows\assembly
2011-07-23 21:45:53 ----D---- C:\Users\admin\AppData\Roaming\QipGuard
2011-07-18 02:19:15 ----D---- C:\Windows\system32\catroot2
2011-07-15 13:35:01 ----D---- C:\Windows\winsxs
2011-07-14 00:18:32 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-14 00:12:51 ----D---- C:\Windows
2011-07-13 21:23:57 ----D---- C:\Windows\system32\Tasks
2011-07-13 17:31:36 ----D---- C:\Program Files\Common Files\InstallShield
2011-07-13 11:38:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-07-13 11:37:05 ----D---- C:\Windows\Logs
2011-07-10 07:51:46 ----RD---- C:\Program Files\Skype
2011-07-10 07:51:45 ----D---- C:\ProgramData\Skype
2011-07-10 07:51:12 ----D---- C:\Users\admin\AppData\Roaming\skypePM
2011-07-07 00:04:42 ----D---- C:\ProgramData\Skype Extras
2011-07-04 13:43:51 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-06-30 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-06-30 37592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-16 218688]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-06-30 82400]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/06/05 09:40:22]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [2009-05-07 87536]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6232.sys [2010-03-26 221400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-09-14 3190248]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 CV2K1;CommView Network Monitor; C:\Windows\system32\DRIVERS\cv2k1.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-06-30 1793712]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2011-04-11 112800]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 615528]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2011-04-01 187776]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravím!
Poprosím ještě o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-07-27.01 - admin 27.07.2011 14:38:11.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3323.2212 [GMT 2:00]
Spuštěný z: c:\users\admin\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 11:48 . 2011-07-27 11:48 -------- d-----w- c:\program files\trend micro
2011-07-27 11:48 . 2011-07-27 11:48 -------- d-----w- C:\rsit
2011-07-27 11:21 . 2011-07-27 11:21 -------- d-----w- c:\program files\COMODO
2011-07-27 11:20 . 2011-07-27 11:22 -------- d-----w- c:\programdata\Comodo
2011-07-27 11:20 . 2011-07-27 11:20 -------- d-----w- c:\programdata\Comodo Downloader
2011-07-27 11:11 . 2011-07-27 11:19 -------- d-----w- c:\programdata\TamoSoft
2011-07-27 11:01 . 2011-07-27 11:01 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-07-27 11:01 . 2011-07-27 11:01 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-07-27 11:01 . 2011-07-27 11:01 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-07-27 11:01 . 2011-07-27 11:01 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-07-27 11:01 . 2011-07-27 11:01 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-07-27 11:01 . 2011-07-27 11:01 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-07-27 11:01 . 2011-07-27 11:01 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-07-27 11:01 . 2011-07-27 11:01 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-07-27 11:01 . 2011-07-27 11:01 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-07-27 11:01 . 2011-07-27 11:01 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-07-27 11:01 . 2011-07-27 11:01 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-07-27 11:01 . 2011-07-27 11:01 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-07-27 11:00 . 2011-07-27 11:00 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-07-27 11:00 . 2011-07-27 11:00 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-07-27 11:00 . 2011-07-27 11:00 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-07-27 11:00 . 2011-07-27 11:00 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-07-27 11:00 . 2011-07-27 11:00 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-07-26 17:17 . 2011-07-26 17:17 -------- d-----w- c:\users\admin\AppData\Roaming\SUPERAntiSpyware.com
2011-07-26 17:17 . 2011-07-26 17:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-26 17:17 . 2011-07-26 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-26 17:10 . 2011-07-26 17:10 -------- d-----w- c:\program files\Common Files\Java
2011-07-17 13:19 . 2011-07-25 14:18 -------- d-----w- c:\users\admin\AppData\Local\Two Worlds II
2011-07-15 14:36 . 2011-07-15 14:36 -------- d-----w- c:\users\admin\AppData\Local\LucasArts
2011-07-15 11:23 . 2011-07-15 11:23 -------- d-----w- c:\users\admin\AppData\Local\Focus Home Interactive
2011-07-13 22:13 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-07-13 18:33 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-07-13 15:31 . 2000-10-05 13:55 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-07-13 15:31 . 2000-10-05 13:55 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-07-13 15:31 . 2000-10-05 13:50 221184 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-07-13 15:31 . 2000-10-05 13:49 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-07-13 09:44 . 2011-07-13 09:44 -------- d-----w- c:\users\admin\AppData\Local\SKIDROW
2011-07-07 09:51 . 2011-07-07 09:51 -------- d-----w- c:\program files\Ubisoft
2011-07-06 09:48 . 2011-07-06 09:48 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-06-30 07:38 . 2011-06-30 07:38 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 07:38 . 2011-06-30 07:38 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 07:38 . 2011-06-30 07:38 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 07:38 . 2011-06-30 07:38 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 07:37 . 2011-06-30 07:37 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-29 11:02 . 2011-06-29 11:02 -------- d-----w- c:\users\admin\AppData\Roaming\Day 1 Studios
2011-06-29 11:02 . 2011-06-29 11:02 -------- d-----w- c:\users\admin\AppData\Local\ALI213
2011-06-27 18:50 . 2011-06-27 19:02 -------- d-----w- c:\users\admin\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-06-05 07:49 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-05 07:49 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-05 07:50 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-05 07:50 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-05 07:50 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-06-05 07:50 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-05 07:50 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-06-05 07:50 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-16 15:53 . 2011-06-16 15:53 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-07 13:53 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-07 13:52 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-05 07:45 . 2011-06-05 07:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-05 07:38 . 2011-06-05 07:39 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-05 07:38 . 2011-06-05 07:39 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-05 07:38 . 2011-06-05 07:39 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-26 15:46 . 2011-06-07 17:53 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-05-26 15:46 . 2011-06-07 17:53 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-05-25 07:24 . 2011-06-05 07:57 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:24 . 2011-06-05 07:57 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-25 07:24 . 2011-06-05 07:57 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 07:24 . 2011-06-05 07:57 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:24 . 2011-06-05 07:57 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:24 . 2011-06-05 07:57 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:24 . 2011-06-05 07:57 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 07:24 . 2011-06-05 07:57 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:24 . 2011-06-05 07:57 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-25 07:24 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-25 07:24 . 2011-06-05 07:57 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 07:24 . 2011-06-05 07:57 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 07:24 . 2011-06-05 07:57 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 07:24 . 2009-06-10 21:19 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-25 07:24 . 2011-06-05 07:57 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:24 . 2011-06-05 07:57 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:24 . 2011-06-05 07:57 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 07:24 . 2011-06-05 07:57 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:24 . 2011-06-05 07:57 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:24 . 2011-06-05 07:57 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-24 17:14 . 2011-06-05 07:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 17:12 . 2011-06-05 07:23 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7AADA55-2475-4582-B0BA-210CFC625DDF}\mpengine.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-03 21:22 . 2011-05-03 21:22 185856 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-05-03 21:13 . 2011-05-03 21:13 665720 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-05-03 21:13 . 2011-05-03 21:13 513144 ----a-w- c:\windows\system32\accesor.dll
2011-05-03 20:49 . 2011-05-03 20:49 135800 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-05-03 20:31 . 2011-05-03 20:31 1994360 ----a-w- c:\windows\system32\ncscolib.dll
2011-04-29 07:59 . 2011-06-05 07:16 270536 ----a-w- c:\windows\system32\PROUnstl.exe
2011-07-26 09:21 . 2011-06-05 07:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\users\admin\AppData\Roaming\QipGuard\QipGuard.exe" [2010-06-09 187904]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-14 9726568]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-06-30 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-06-30 37592]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-16 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/06/05 09:40];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-05-07 19:05 87536]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-04-11 112800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [2011-04-01 187776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - CMDGUARD
*NewlyCreated* - CMDHLP
*NewlyCreated* - CV2K1
*NewlyCreated* - INSPECT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 07:13]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 07:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: Interfaces\{3BFFEDB1-6CDC-44F9-BFD1-281E84E0A0DA}: NameServer = 192.168.6.254
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntbbn789.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2902936271-1051029432-3150974572-1001\Software\SecuROM\License information*]
"datasecu"=hex:ee,68,28,b2,c9,d1,60,aa,47,f2,98,c7,3f,e5,8e,8f,bf,97,eb,84,8c,
4b,69,cf,a7,77,ab,e2,f8,0f,f3,60,ad,ce,f4,39,10,69,83,fb,92,2d,70,ee,dc,4e,\
"rkeysecu"=hex:b4,7d,16,5a,90,5a,6a,e5,a3,4e,4c,44,b3,d0,e7,4b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-27 14:46:29
ComboFix-quarantined-files.txt 2011-07-27 12:46
.
Před spuštěním: Volných bajtů: 17 968 992 256
Po spuštění: Volných bajtů: 18 640 728 064
.
- - End Of File - - E04535807AC4FD798128AF6712215AAE

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Driver::
Akamai

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.