VIRY.CZ

Zdarec. Prosím o pomoc.. Sem blbec a naletěl na aktualizaci adobe aplikace přes FB...
Níže log.
Děkuju za pomoc.
Tempik

EDIT//: Mám ESET NOD Antivirus, kterej přestal fungovat.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Temptation at 2011-10-30 16:48:30
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 23 GB (20%) free of 119 GB
Total RAM: 3884 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:48:38, on 30.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Temptation\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Seznam.cz\postak.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Mouse Driver\StartAutorun.exe
C:\Windows\update.tray-3-0\svchost.exe
C:\Program Files (x86)\Mouse Driver\KMConfig.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Mouse Driver\KMProcess.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\QIP 2010\qip.exe
C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Temptation.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Temptation\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Temptation\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files (x86)\Seznam.cz\core.3.dll
O2 - BHO: FB Layouts & Extras - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files (x86)\FBLayouts\fblayouts.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [9985777.exe] "C:\Users\Temptation\AppData\Local\Temp\9985777.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [3074876.exe] "C:\Users\Temptation\AppData\Local\Temp\3074876.exe"
O4 - HKLM\..\Run: [384481.exe] "C:\Users\Temptation\AppData\Local\Temp\384481.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [2242194.exe] "C:\Users\Temptation\AppData\Local\Temp\2242194.exe"
O4 - HKLM\..\Run: [204640.exe] "C:\Windows\Temp\204640.exe"
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Temptation\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Temptation\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files (x86)\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1469136600-2618722720-2627410252-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1469136600-2618722720-2627410252-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - QIP.ru - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Cronosoft - C:\Windows\update.1\svchost.exe

--
End of file - 16956 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
"C:\Windows\system32\FBAgent.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe" -switch-3be2f036c43042cdb03588591c9325c3
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"taskhost.exe"
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
taskeng.exe {DA3231B7-F9E6-4C97-B482-AA0234B6E0A8}
C:\Windows\update.5.0\svchost.exe srv
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe" /STARTUP
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Windows\AsScrPro.exe"
C:\Windows\update.2\svchost.exe srv
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Users\Temptation\AppData\Roaming\QipGuard\QipGuard.exe" /p
"C:\Windows\update.5.0\svchost.exe" stand
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"C:\Program Files (x86)\Seznam.cz\postak.exe" -s
"C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\Windows\sysdriver32.exe srv
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip /h
"C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
"C:\Windows\update.2\svchost.exe" stand
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files (x86)\Mouse Driver\StartAutorun.exe" KMConfig.exe
"C:\Windows\update.tray-3-0\svchost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
KMConfig.exe
"C:\Users\Temptation\AppData\Local\Apps\2.0\V1ADH0C2.H9X\O991W9NT.JTE\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe"
C:\Windows\update.1\svchost.exe srv
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"C:\Program Files (x86)\Mouse Driver\KMProcess.exe"
WLIDSvcM.exe 3896
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
ATKOSD.exe
WDC.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
{3C61CF75-D77B-4BBE-99D6-59020659A153}
{E02E25FA-8DFE-4013-B447-DDE13CD8140C}
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe" @@e0a5509d-c850-4080-9871-c677f0b23554 6a1a863e-bd52-43f8-9b43-fb303dda0b2e Odeslat položku 666
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=6852.074E9420.125168366 /prefetch:3
"C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=6852.026EA6E0.2087098523 --ignored=" --type=renderer " /prefetch:3
"C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=6852.026EA580.401802199 --ignored=" --type=renderer " /prefetch:3
"C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Temptation\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdefnbcpjeflgggkipfemfckjicceiii\1.0_0\npqipauth.dll" --lang=cs --channel=6852.074D3C40.70702589 /prefetch:4
"C:\Program Files (x86)\QIP 2010\qip.exe"
C:\Windows\ufa\ufa.exe -o http://127.0.0.1:61968
\??\C:\Windows\system32\conhost.exe "-1005061202-63677859610222018881437196537831101373-8732859-784092790-1138601141
"C:\Users\Temptation\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Default_Prefix/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=6852.073B76E0.341598680 /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"D:\Browser Downloaded Files\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1469136600-2618722720-2627410252-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1469136600-2618722720-2627410252-1002UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Temptation\AppData\Roaming\Mozilla\Firefox\Profiles\2t8g1bd8.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5, fblayouts@hotlayouts2u.com:2.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.3&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
fcmdSrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Temptation\AppData\Roaming\Mozilla\Firefox\Profiles\2t8g1bd8.default\extensions\
toolbar@ask.com
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{800b5000-a755-47e1-992b-48a1c1357f07}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Temptation\AppData\Roaming\Mozilla\Firefox\Profiles\2t8g1bd8.default\searchplugins\
icqplugin-1.xml
icqplugin.xml
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-11-05 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2010-11-05 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Temptation\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-07-28 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-11-05 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-11-05 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-11-05 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-19 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files (x86)\Seznam.cz\core.3.dll [2011-05-25 1145888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}]
FB Layouts & Extras - C:\Program Files (x86)\FBLayouts\fblayouts.dll [2011-01-18 98816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-11-05 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-11-05 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{D5D47440-0750-463D-BAEF-A47D02414806}
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll [2010-10-26 217088]
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"ASUS WebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2010-03-16 1754448]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 415256]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\Temptation\AppData\Roaming\QipGuard\QipGuard.exe [2011-07-18 190336]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-04-15 399736]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-12-03 14944136]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"PlayNC Launcher"= []
"Google Update"=C:\Users\Temptation\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-07-15 3077528]
"Infium"=C:\Program Files (x86)\QIP 2010\qip.exe [2011-07-18 6812032]
"Seznam Postak"=C:\Program Files (x86)\Seznam.cz\postak.exe [2011-05-25 491040]
"NokiaOviSuite2"=C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-09-01 966712]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-11-05 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Boingo Wi-Fi"=C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2010-11-05 2429]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-06-25 6806144]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-05-03 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-07-02 1597440]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2009-11-09 180224]
"TaskTray"= []
"facemoods"=C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe [2010-10-26 323584]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"Nokia FastStart"=C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe [2009-02-26 2376992]
"KMCONFIG"=C:\Program Files (x86)\Mouse Driver\StartAutorun.exe [2008-05-30 212992]
"wxpdrv"=C:\Windows\services32.exe [2011-10-30 1109504]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-3-0\svchost.exe [2011-10-30 1109504]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"9985777.exe"=C:\Users\Temptation\AppData\Local\Temp\9985777.exe [2011-10-30 258048]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-10-30 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-10-30 258048]
"3074876.exe"=C:\Users\Temptation\AppData\Local\Temp\3074876.exe [2011-10-30 1942528]
"384481.exe"=C:\Users\Temptation\AppData\Local\Temp\384481.exe [2011-10-30 258048]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-08-23 887976]
"2242194.exe"=C:\Users\Temptation\AppData\Local\Temp\2242194.exe [2011-10-30 258048]
"204640.exe"=C:\Windows\Temp\204640.exe [2011-10-30 258048]

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RGSC"=D:\HRY\Rockstar Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

C:\Users\Temptation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=16

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-30 16:48:31 ----D---- C:\Program Files\trend micro
2011-10-30 16:48:30 ----D---- C:\rsit
2011-10-30 13:37:06 ----SHD---- C:\Config.Msi
2011-10-30 11:37:25 ----D---- C:\Program Files (x86)\Ask.com
2011-10-30 11:13:16 ----D---- C:\Windows\ufa
2011-10-30 11:13:16 ----D---- C:\Windows\rpcminer
2011-10-30 11:13:16 ----D---- C:\Windows\phoenix
2011-10-30 11:12:57 ----A---- C:\Windows\btc_client_iplist.txt
2011-10-30 11:12:16 ----HD---- C:\Windows\update.5.0
2011-10-30 11:05:27 ----A---- C:\Windows\iecheck_iplist.txt
2011-10-30 11:04:52 ----HD---- C:\Windows\update.2
2011-10-30 11:04:43 ----A---- C:\Windows\unrar.exe
2011-10-30 11:02:25 ----A---- C:\Windows\iplist.txt
2011-10-30 10:56:57 ----A---- C:\Windows\sysdriver32_.exe
2011-10-30 10:56:43 ----A---- C:\Windows\sysdriver32.exe
2011-10-30 10:56:26 ----A---- C:\Windows\front_ip_list.txt
2011-10-30 10:56:23 ----D---- C:\Windows\av_ico
2011-10-30 10:54:05 ----HD---- C:\Windows\update.1
2011-10-30 10:54:02 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-10-30 10:54:02 ----HD---- C:\Windows\update.tray-3-0
2011-10-30 10:42:08 ----A---- C:\Windows\winlog-ids.txt
2011-10-30 10:42:08 ----A---- C:\Windows\winlog-dirs.txt
2011-10-30 10:42:01 ----A---- C:\Windows\services32.exe
2011-10-26 18:08:57 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-10-26 18:08:57 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-10-26 18:08:57 ----A---- C:\Windows\system32\OpenCL.dll
2011-10-26 18:08:57 ----A---- C:\Windows\system32\nvwgf2umx.dll
2011-10-26 18:08:56 ----A---- C:\Windows\SYSWOW64\nvoptimusmft.dll
2011-10-26 18:08:56 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-10-26 18:08:56 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2011-10-26 18:08:56 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-10-26 18:08:56 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-10-26 18:08:56 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-10-26 18:08:56 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\nvoptimusmft.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\nvoglv64.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\nvdecodemft.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\nvcuvid.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\nvcuda.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\nvcompiler.dll
2011-10-26 18:08:56 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2011-10-26 18:08:56 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-10-26 17:43:06 ----RHD---- C:\MSOCache
2011-10-25 14:58:32 ----D---- C:\Windows\system32\SPReview
2011-10-25 14:57:15 ----D---- C:\Windows\system32\EventProviders
2011-10-23 15:34:58 ----D---- C:\Program Files (x86)\Mouse Driver
2011-10-19 06:48:20 ----A---- C:\Windows\system32\nvgenco64.dll
2011-10-19 06:48:20 ----A---- C:\Windows\system32\nvdispco64.dll
2011-10-18 21:57:25 ----D---- C:\Users\Temptation\AppData\Roaming\Might & Magic Heroes VI
2011-10-15 13:03:11 ----A---- C:\cmdlog.txt
2011-10-12 07:16:26 ----A---- C:\Windows\system32\win32k.sys
2011-10-12 07:16:22 ----A---- C:\Windows\system32\ieframe.dll
2011-10-12 07:16:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-12 07:16:14 ----A---- C:\Windows\system32\mshtml.dll
2011-10-12 07:16:13 ----A---- C:\Windows\system32\urlmon.dll
2011-10-12 07:16:11 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-12 07:16:11 ----A---- C:\Windows\system32\wininet.dll
2011-10-12 07:16:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-12 07:16:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-12 07:16:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-10-12 07:16:04 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-12 07:16:04 ----A---- C:\Windows\system32\msfeeds.dll
2011-10-12 07:16:04 ----A---- C:\Windows\system32\ieui.dll
2011-10-12 07:16:04 ----A---- C:\Windows\system32\iertutil.dll
2011-10-12 07:16:03 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-12 07:16:03 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-12 07:16:03 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-12 07:16:02 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-12 07:16:02 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-12 07:16:02 ----A---- C:\Windows\system32\url.dll
2011-10-12 07:16:02 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-12 07:15:52 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-12 07:15:52 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-12 07:15:50 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-12 07:15:50 ----A---- C:\Windows\system32\oleacc.dll
2011-10-12 07:15:49 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-12 07:15:49 ----A---- C:\Windows\system32\oleaut32.dll

======List of files/folders modified in the last 1 month======

2011-10-31 00:06:59 ----D---- C:\Windows\system32\LogFiles
2011-10-30 16:48:31 ----RD---- C:\Program Files
2011-10-30 16:48:25 ----D---- C:\Windows\Temp
2011-10-30 16:47:43 ----D---- C:\Users\Temptation\AppData\Roaming\Skype
2011-10-30 16:47:34 ----D---- C:\ProgramData\Easybits GO
2011-10-30 16:46:24 ----D---- C:\Users\Temptation\AppData\Roaming\uTorrent
2011-10-30 16:46:13 ----D---- C:\Program Files (x86)\QIP 2010
2011-10-30 16:02:35 ----D---- C:\Users\Temptation\AppData\Roaming\go
2011-10-30 15:49:04 ----D---- C:\Windows\System32
2011-10-30 15:49:04 ----D---- C:\Windows\inf
2011-10-30 15:49:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-30 15:27:52 ----D---- C:\Windows\system32\config
2011-10-30 15:17:47 ----D---- C:\Windows\system32\Tasks
2011-10-30 15:15:50 ----A---- C:\Windows\SYSWOW64\log.txt
2011-10-30 15:05:30 ----SHD---- C:\Windows\Installer
2011-10-30 15:05:26 ----D---- C:\Windows\system32\drivers
2011-10-30 15:05:06 ----HD---- C:\ProgramData
2011-10-30 14:56:40 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2011-10-30 13:37:49 ----D---- C:\Windows\system32\DriverStore
2011-10-30 13:37:49 ----D---- C:\Windows\system32\catroot
2011-10-30 13:28:09 ----D---- C:\Program Files (x86)\The KMPlayer
2011-10-30 13:16:26 ----D---- C:\Windows
2011-10-30 13:12:47 ----A---- C:\Windows\system32\ServiceFilter.ini
2011-10-30 11:37:28 ----D---- C:\Windows\Prefetch
2011-10-30 11:37:25 ----RD---- C:\Program Files (x86)
2011-10-30 11:33:55 ----D---- C:\Users\Temptation\AppData\Roaming\DivX
2011-10-30 11:10:04 ----SHD---- C:\System Volume Information
2011-10-30 11:05:17 ----D---- C:\Windows\system32\drivers\etc
2011-10-30 10:55:47 ----A---- C:\Windows\system32\AutoRunFilter.ini
2011-10-30 07:35:29 ----D---- C:\Windows\system32\NDF
2011-10-27 14:39:47 ----D---- C:\Windows\Microsoft.NET
2011-10-27 14:39:28 ----RSD---- C:\Windows\assembly
2011-10-27 14:06:25 ----D---- C:\Windows\SYSWOW64\NV
2011-10-27 14:06:24 ----D---- C:\Windows\system32\NV
2011-10-27 14:06:08 ----D---- C:\Windows\winsxs
2011-10-27 14:04:12 ----D---- C:\Windows\system32\catroot2
2011-10-27 13:29:33 ----D---- C:\Program Files\Internet Explorer
2011-10-27 13:29:33 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-26 18:16:49 ----D---- C:\ProgramData\NVIDIA
2011-10-26 18:12:50 ----D---- C:\Windows\SysWOW64
2011-10-26 18:11:44 ----D---- C:\Users\Temptation\AppData\Roaming\SoftGrid Client
2011-10-26 18:11:18 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-10-25 15:22:13 ----SHD---- C:\Boot
2011-10-25 15:15:23 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-10-25 15:15:23 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-10-25 15:15:23 ----D---- C:\Program Files (x86)\Windows Media Player
2011-10-25 15:15:23 ----D---- C:\Program Files (x86)\Windows Mail
2011-10-25 15:15:22 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-10-25 15:15:18 ----D---- C:\Program Files\Windows Sidebar
2011-10-25 15:15:18 ----D---- C:\Program Files\Windows Portable Devices
2011-10-25 15:15:18 ----D---- C:\Program Files\Windows Photo Viewer
2011-10-25 15:15:18 ----D---- C:\Program Files\Windows Media Player
2011-10-25 15:15:18 ----D---- C:\Program Files\Windows Mail
2011-10-25 15:15:18 ----D---- C:\Program Files\Windows Journal
2011-10-25 15:15:18 ----D---- C:\Program Files\DVD Maker
2011-10-25 15:15:17 ----D---- C:\Windows\servicing
2011-10-25 15:15:17 ----D---- C:\Windows\ehome
2011-10-25 15:15:17 ----D---- C:\Program Files\Windows Defender
2011-10-25 15:15:13 ----D---- C:\Windows\SYSWOW64\oobe
2011-10-25 15:15:13 ----D---- C:\Windows\SYSWOW64\migration
2011-10-25 15:15:13 ----D---- C:\Windows\SYSWOW64\da-DK
2011-10-25 15:15:12 ----D---- C:\Windows\SYSWOW64\Setup
2011-10-25 15:15:12 ----D---- C:\Windows\SYSWOW64\cs
2011-10-25 15:15:12 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-10-25 15:15:08 ----D---- C:\Windows\SYSWOW64\sppui
2011-10-25 15:15:08 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-10-25 15:15:08 ----D---- C:\Windows\SYSWOW64\es-ES
2011-10-25 15:15:08 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-10-25 15:15:07 ----D---- C:\Windows\SYSWOW64\wbem
2011-10-25 15:15:07 ----D---- C:\Windows\SYSWOW64\migwiz
2011-10-25 15:15:07 ----D---- C:\Windows\SYSWOW64\Dism
2011-10-25 15:14:53 ----D---- C:\Windows\system32\oobe
2011-10-25 15:14:53 ----D---- C:\Windows\system32\migration
2011-10-25 15:14:53 ----D---- C:\Windows\system32\en-US
2011-10-25 15:14:53 ----D---- C:\Windows\system32\da-DK
2011-10-25 15:14:53 ----D---- C:\Windows\PolicyDefinitions
2011-10-25 15:14:52 ----D---- C:\Windows\system32\Setup
2011-10-25 15:14:52 ----D---- C:\Windows\system32\AdvancedInstallers
2011-10-25 15:14:51 ----D---- C:\Windows\system32\cs-CZ
2011-10-25 15:14:51 ----D---- C:\Windows\system32\cs
2011-10-25 15:14:50 ----D---- C:\Windows\system32\sppui
2011-10-25 15:14:50 ----D---- C:\Windows\system32\manifeststore
2011-10-25 15:14:50 ----D---- C:\Windows\system32\es-ES
2011-10-25 15:14:49 ----D---- C:\Windows\system32\wbem
2011-10-25 15:14:49 ----D---- C:\Windows\system32\migwiz
2011-10-25 15:14:49 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-10-25 15:14:49 ----D---- C:\Windows\system32\Dism
2011-10-25 15:14:35 ----RSD---- C:\Windows\Fonts
2011-10-25 15:14:34 ----D---- C:\Windows\AppPatch
2011-10-25 15:14:19 ----D---- C:\Windows\system32\Boot
2011-10-25 15:11:16 ----D---- C:\Windows\Logs
2011-10-25 15:09:09 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-10-25 15:09:08 ----A---- C:\Windows\system32\msclmd.dll
2011-10-25 14:56:31 ----D---- C:\Users\Temptation\AppData\Roaming\Asus WebStorage
2011-10-23 15:35:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-19 06:50:16 ----D---- C:\Program Files\NVIDIA Corporation
2011-10-15 09:53:00 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2011-10-15 09:53:00 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2011-10-15 09:53:00 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-10-15 09:53:00 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvvsvc.exe
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvumdshimx.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvsvcr.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvsvc64.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvshext.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvmctray.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvinitx.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvhotkey.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvcpl.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nvapi64.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nv3dappshextr.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\nv3dappshext.dll
2011-10-15 09:53:00 ----A---- C:\Windows\system32\easyUpdatusAPIU64.dll
2011-10-14 10:37:14 ----A---- C:\Windows\system32\MRT.exe
2011-10-01 22:36:49 ----D---- C:\Program Files (x86)\Microsoft Games
2011-10-01 22:35:49 ----SD---- C:\Users\Temptation\AppData\Roaming\Microsoft
2011-10-01 22:31:57 ----D---- C:\Users\Temptation\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2011-10-01 22:31:27 ----D---- C:\Users\Temptation\AppData\Roaming\My Battle for Middle-earth(tm) II Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-06-08 540696]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-10-15 28992]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-31 834544]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 91568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-03-02 1594368]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-08-25 10611552]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits); C:\Windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
S2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2010-01-15 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
S3 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2010-06-22 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-12 873248]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 262144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2011-07-18 190336]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-10-30 344576]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-10-30 1942528]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-10-30 258048]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe []
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-05 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-24 1255736]

-----------------EOF-----------------

Sem už zoufalej.. Pomalu se chystám reinstalovat celej systém.. Jste moje poslední šance

Zdravím!
Máte FB virus. Nejprve proveďte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Bude to chvíli trvat, ale už jede kontrola

Jj. To vím. Průběžně tu večer budu. Po skenu a kontrole logu budeme pokračovat.

Tak tady je log. prozatím mám program otevřený. NEvím zda-li můžu infikované soubory odstranit, nebo ignorovat


Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Verze databáze: 8047

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

30.10.2011 19:08:24
mbam-log-2011-10-30 (19-08-13).txt

Typ: Úplná kontrola (C:\|D:\|Q:\|)
Kontrolované objekty: 476484
Uplynulý čas: 1 hodin, 2 minut, 30 sekund

Infikované procesy v paměti: 12
Infikované moduly v paměti: 0
Infikované klíče v registru: 9
Infikované hodnoty v registru: 11
Infikované datové položky v registru: 4
Infikované složky: 1
Infikované soubory: 40

Infikované procesy v paměti:
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2524 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2856 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 3304 -> No action taken.
c:\Windows\update.tray-3-0\svchost.exe (Trojan.Agent) -> 3752 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> 3408 -> No action taken.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> 4776 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2724 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3624 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2892 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2200 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 6860 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 7616 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Agent) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9985777.exe (Trojan.Agent) -> Value: 9985777.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\384481.exe (Trojan.Agent) -> Value: 384481.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2242194.exe (Trojan.Agent) -> Value: 2242194.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\204640.exe (Trojan.Agent) -> Value: 204640.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3074876.exe (Trojan.Agent) -> Value: 3074876.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-3-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> No action taken.
c:\Windows\services32.exe (Trojan.Agent) -> No action taken.
c:\Users\temptation\AppData\Local\Temp\9985777.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Users\temptation\AppData\Local\Temp\384481.exe (Trojan.Agent) -> No action taken.
c:\Users\temptation\AppData\Local\Temp\2242194.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\204640.exe (Trojan.Agent) -> No action taken.
c:\Users\temptation\AppData\Local\Temp\4833038.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\71163_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-3-0-lnk\svchost.exe (Trojan.Agent) -> No action taken.
d:\bordel\Trainers\mafia ii v1.0 + 11 trainer.exe (HackTool.GamesCheat) -> No action taken.
d:\bordel\Trainers\divinity ii - ego draconis v1.3.15.107 + 8 trainer\divinity ii - ego draconis v1.3.15.107 + 8 trainer.exe (HackTool.GamesCheat) -> No action taken.
d:\Programy\eset smart security 4 v4.2.64.12 100 works licence 32bit a 64bit cz\tnodup a minodlogin + hotfix\minodlogin 3.9.3.2\minodlogin 3.9.3.2.exe (Riskware.KG) -> No action taken.
d:\Programy\eset smart security 4 v4.2.64.12 100 works licence 32bit a 64bit cz\tnodup a minodlogin + hotfix\TNODUP\tnodup setup.exe (Trojan.Agent.CK) -> No action taken.
d:\Programy\eset smart security 4 v4.2.64.12 100 works licence 32bit a 64bit cz\tnodup a minodlogin + hotfix\TNODUP\tnod user & password finder\TNODUP.exe (Trojan.Agent.CK) -> No action taken.
d:\Programy\eset smart security 4 v4.2.64.12 100 works licence 32bit a 64bit cz\tnodup a minodlogin + hotfix\TNODUP\tnod user & password finder\uninst-tnod.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\temptation\AppData\Local\Temp\2610771.exe (Trojan.Agent) -> No action taken.
c:\Users\temptation\AppData\Local\Temp\3074876.exe (Trojan.Agent) -> No action taken.
c:\Users\temptation\AppData\Local\Temp\5532699.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8538164.exe (Trojan.Agent) -> No action taken.
c:\Users\temptation\AppData\Local\Temp\726924651.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

Přísahám, že pokud mě zbavíte tej havěti má u mě vaše fórum 200,-.. Je to malá částka za vaše úsilí

EDIT//: Jdu si lehnout ještě se tu cca za 2 hodinky mrknu jestli tu je něco nového a kdyby ne tak nashledanou zítra.

Vše, co MBAM nalezl, smažte. Pak restartujte PC a dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

oka mažu a pak rozjedu Combofix

ComboFix 11-10-30.03 - Temptation 30.10.2011 21:47:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3884.2234 [GMT 1:00]
Spuštěný z: c:\users\Temptation\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\programdata\FullRemove.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\916EBE20EB.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_audiodg.exe pid: 4232 2C: c:\windows\System32\cs-CZ\audiodg.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_sidebar.exe pid: 3812 EC: c:\program files\Windows Sidebar\sidebar.exe
-------\Service_Sysinternals - www.sysinternals.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 21:04 . 2011-10-30 21:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-30 21:04 . 2011-10-30 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:\users\Temptation\AppData\Roaming\Malwarebytes
2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-30 16:56 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 15:48 . 2011-10-30 15:48 -------- d-----w- c:\program files\trend micro
2011-10-30 15:48 . 2011-10-30 15:48 -------- d-----w- C:\rsit
2011-10-30 13:02 . 2011-10-18 01:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{860F173F-1E2B-4529-8228-31D3FB80D3D9}\mpengine.dll
2011-10-30 10:37 . 2011-10-30 10:37 -------- d-----w- c:\program files (x86)\Ask.com
2011-10-30 10:37 . 2011-10-30 10:37 -------- d-----w- c:\users\Temptation\AppData\Local\APN
2011-10-30 10:13 . 2011-10-30 20:38 -------- d-----w- c:\windows\ufa
2011-10-30 10:04 . 2011-10-30 10:13 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 09:56 . 2011-10-30 09:56 -------- d-----w- c:\windows\av_ico
2011-10-30 09:54 . 2011-10-30 20:38 -------- d--h--w- c:\windows\update.tray-3-0
2011-10-30 09:54 . 2011-10-30 20:38 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-10-26 16:43 . 2011-10-26 16:43 -------- d-----r- C:\MSOCache
2011-10-26 15:33 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 15:33 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-25 13:58 . 2011-10-25 13:58 -------- d-----w- c:\windows\system32\SPReview
2011-10-25 13:57 . 2011-10-25 13:57 -------- d-----w- c:\windows\system32\EventProviders
2011-10-23 14:34 . 2011-10-23 14:35 -------- d-----w- c:\program files (x86)\Mouse Driver
2011-10-19 05:48 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-19 05:48 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-18 20:57 . 2011-10-28 19:29 -------- d-----w- c:\users\Temptation\AppData\Roaming\Might & Magic Heroes VI
2011-10-15 07:24 . 2011-10-15 07:24 -------- d-----w- c:\users\Temptation\AppData\Local\bitComposer
2011-10-12 06:15 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-07 08:47 . 2011-10-07 08:47 -------- d-----w- c:\users\Temptation\AppData\Local\The Witcher 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 14:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-25 14:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-15 08:53 . 2011-03-11 22:07 860992 ----a-w- c:\windows\system32\nvumdshimx.dll
2011-10-15 08:53 . 2011-03-11 22:07 716608 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2011-10-15 08:53 . 2011-03-11 22:07 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-03-11 22:07 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-01-07 19:50 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-01-07 19:50 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-01-07 19:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-01-07 19:49 1985841 ----a-w- c:\windows\system32\nvcoproc.bin
2011-10-15 08:53 . 2011-01-07 19:49 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-01-07 19:49 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2011-10-15 08:53 . 2011-01-07 19:49 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2011-01-07 19:49 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-01-07 19:49 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-01-07 19:49 1349440 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-10-15 08:53 . 2010-07-12 12:29 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2010-07-12 12:29 241984 ----a-w- c:\windows\system32\nvinitx.dll
2011-10-15 08:53 . 2010-07-12 12:29 203072 ----a-w- c:\windows\SysWow64\nvinit.dll
2011-10-15 08:53 . 2010-07-12 07:48 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-09-15 14:50 . 2011-09-15 14:50 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-08-30 16:09 . 2011-02-09 07:59 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-14 17:51 . 2011-08-14 17:51 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2011-08-04 08:20 . 2011-08-04 08:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
2005-07-26 15:23 . 2005-07-26 15:23 482000 ----a-w- c:\program files\DXSETUP.exe
2005-07-26 15:23 . 2005-07-26 15:23 75472 ----a-w- c:\program files\DSETUP.dll
2005-07-26 15:23 . 2005-07-26 15:23 2245840 ----a-w- c:\program files\dsetup32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\users\Temptation\AppData\Roaming\QipGuard\QipGuard.exe" [2011-07-18 190336]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-15 399736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-15 3077528]
"Infium"="c:\program files (x86)\QIP 2010\qip.exe" [2011-07-18 6812032]
"Seznam Postak"="c:\program files (x86)\Seznam.cz\postak.exe" [2011-05-25 491040]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-05 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Nokia FastStart"="c:\program files (x86)\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"KMCONFIG"="c:\program files (x86)\Mouse Driver\StartAutorun.exe" [2008-05-29 212992]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Temptation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-4-1 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1083680]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-11-5 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-5 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-07-18 190336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1469136600-2618722720-2627410252-1002Core.job
- c:\users\Temptation\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 18:56]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1469136600-2618722720-2627410252-1002UA.job
- c:\users\Temptation\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 18:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"combofix"="c:\combofix\CF24111.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 109.108.107.106 109.108.109.108
FF - ProfilePath - c:\users\Temptation\AppData\Roaming\Mozilla\Firefox\Profiles\2t8g1bd8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.0&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: network.proxy.ftp - 83.167.232.45
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 83.167.232.45
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 83.167.232.45
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 83.167.232.45
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 83.167.232.45
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-TaskTray - (no file)
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-egui - c:\program files\ESET\ESET Smart Security\egui.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-Warcraft III - c:\windows\War3Unin.exe
.
.
"ImagePath"="c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\audiodg.exe pid: 4232 2C: C:]
--
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sidebar.exe pid: 3812 EC: C:]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1469136600-2618722720-2627410252-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:80,8c,55,2a,93,01,75,ce,41,eb,45,f2,05,b4,c4,30,fa,4a,aa,29,f7,a6,35,
b9,bd,2a,63,00,f1,5d,98,17,e6,d7,d9,cc,0e,8c,5c,81,82,b9,36,59,92,ad,99,29,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1469136600-2618722720-2627410252-1002\Software\SecuROM\License information*]
"datasecu"=hex:0e,bb,0e,7b,55,16,cb,69,ab,91,70,e5,5e,a7,98,fa,c5,49,03,4b,e0,
e9,95,28,07,40,8f,44,ee,b1,6d,4c,c3,a9,83,c5,41,b1,11,0d,a5,05,ea,27,9b,08,\
"rkeysecu"=hex:d8,11,b6,48,c2,b2,f9,4a,99,dc,af,cd,5f,d9,0b,0a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\Mouse Driver\KMConfig.exe
c:\program files (x86)\Mouse Driver\KMProcess.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2011-10-30 22:26:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-30 21:26
.
Před spuštěním: Volných bajtů: 23 979 769 856
Po spuštění: Volných bajtů: 24 748 007 424
.
- - End Of File - - 4A9C4EAF9B24F931C1E2C1AC0893D543

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\unrar.exe

Folder::
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
c:\program files (x86)\Ask.com
c:\program files (x86)\Pando Networks\Media Booster

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 11-10-30.03 - Temptation 30.10.2011 23:20:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3884.1924 [GMT 1:00]
Spuštěný z: c:\users\Temptation\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Temptation\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_35a0.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Pando Networks\Media Booster
c:\program files (x86)\Pando Networks\Media Booster\BsSndRpt.exe
c:\program files (x86)\Pando Networks\Media Booster\BugSplat.dll
c:\program files (x86)\Pando Networks\Media Booster\BugSplatRc.dll
c:\program files (x86)\Pando Networks\Media Booster\freebl3.dll
c:\program files (x86)\Pando Networks\Media Booster\Media Booster FAQs.url
c:\program files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
c:\program files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll.2.config
c:\program files (x86)\Pando Networks\Media Booster\nspr4.dll
c:\program files (x86)\Pando Networks\Media Booster\nss3.dll
c:\program files (x86)\Pando Networks\Media Booster\nssckbi.dll
c:\program files (x86)\Pando Networks\Media Booster\plc4.dll
c:\program files (x86)\Pando Networks\Media Booster\plds4.dll
c:\program files (x86)\Pando Networks\Media Booster\PMB.cpl
c:\program files (x86)\Pando Networks\Media Booster\PMB.exe
c:\program files (x86)\Pando Networks\Media Booster\PMB.exe.config
c:\program files (x86)\Pando Networks\Media Booster\smime3.dll
c:\program files (x86)\Pando Networks\Media Booster\softokn3.dll
c:\program files (x86)\Pando Networks\Media Booster\ssl3.dll
c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\ufa
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_sidebar.exe pid: 1928 EC: c:\program files\Windows Sidebar\sidebar.exe
-------\Service_Skype.exe pid: 3692 21C: c:\program files (x86)\Skype\Phone\Skype.exe
-------\Service_Sysinternals - www.sysinternals.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 22:36 . 2011-10-30 22:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-30 22:36 . 2011-10-30 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:\users\Temptation\AppData\Roaming\Malwarebytes
2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-30 16:56 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 15:48 . 2011-10-30 15:48 -------- d-----w- c:\program files\trend micro
2011-10-30 15:48 . 2011-10-30 15:48 -------- d-----w- C:\rsit
2011-10-30 13:02 . 2011-10-18 01:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{860F173F-1E2B-4529-8228-31D3FB80D3D9}\mpengine.dll
2011-10-30 10:37 . 2011-10-30 10:37 -------- d-----w- c:\users\Temptation\AppData\Local\APN
2011-10-30 10:04 . 2011-10-30 10:13 246272 ------w- c:\windows\unrar.exe
2011-10-26 16:43 . 2011-10-26 16:43 -------- d-----r- C:\MSOCache
2011-10-26 15:33 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 15:33 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-25 13:58 . 2011-10-25 13:58 -------- d-----w- c:\windows\system32\SPReview
2011-10-25 13:57 . 2011-10-25 13:57 -------- d-----w- c:\windows\system32\EventProviders
2011-10-23 14:34 . 2011-10-23 14:35 -------- d-----w- c:\program files (x86)\Mouse Driver
2011-10-19 05:48 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-19 05:48 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-18 20:57 . 2011-10-28 19:29 -------- d-----w- c:\users\Temptation\AppData\Roaming\Might & Magic Heroes VI
2011-10-15 07:24 . 2011-10-15 07:24 -------- d-----w- c:\users\Temptation\AppData\Local\bitComposer
2011-10-12 06:15 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-07 08:47 . 2011-10-07 08:47 -------- d-----w- c:\users\Temptation\AppData\Local\The Witcher 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 14:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-25 14:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-15 08:53 . 2011-03-11 22:07 860992 ----a-w- c:\windows\system32\nvumdshimx.dll
2011-10-15 08:53 . 2011-03-11 22:07 716608 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2011-10-15 08:53 . 2011-03-11 22:07 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-03-11 22:07 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-01-07 19:50 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-01-07 19:50 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-01-07 19:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-01-07 19:49 1985841 ----a-w- c:\windows\system32\nvcoproc.bin
2011-10-15 08:53 . 2011-01-07 19:49 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-01-07 19:49 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2011-10-15 08:53 . 2011-01-07 19:49 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2011-01-07 19:49 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-01-07 19:49 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-01-07 19:49 1349440 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-10-15 08:53 . 2010-07-12 12:29 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2010-07-12 12:29 241984 ----a-w- c:\windows\system32\nvinitx.dll
2011-10-15 08:53 . 2010-07-12 12:29 203072 ----a-w- c:\windows\SysWow64\nvinit.dll
2011-10-15 08:53 . 2010-07-12 07:48 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-09-15 14:50 . 2011-09-15 14:50 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-08-30 16:09 . 2011-02-09 07:59 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-14 17:51 . 2011-08-14 17:51 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2011-08-04 08:20 . 2011-08-04 08:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
2005-07-26 15:23 . 2005-07-26 15:23 482000 ----a-w- c:\program files\DXSETUP.exe
2005-07-26 15:23 . 2005-07-26 15:23 75472 ----a-w- c:\program files\DSETUP.dll
2005-07-26 15:23 . 2005-07-26 15:23 2245840 ----a-w- c:\program files\dsetup32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_21.15.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-30 21:13 . 2011-10-30 21:13 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-10-30 22:42 . 2011-10-30 22:42 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-10-30 22:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-30 21:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-30 22:43 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-30 21:14 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-10-30 22:45 39844 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-22 18:36 . 2011-10-30 22:45 15898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1469136600-2618722720-2627410252-1002_UserData.bin
- 2010-12-22 15:05 . 2011-10-30 21:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-22 15:05 . 2011-10-30 22:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-22 15:05 . 2011-10-30 22:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-22 15:05 . 2011-10-30 21:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-22 15:05 . 2011-10-30 22:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-22 15:05 . 2011-10-30 21:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-22 19:55 . 2011-10-30 21:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-22 19:55 . 2011-10-30 22:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-22 19:55 . 2011-10-30 21:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-22 19:55 . 2011-10-30 22:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-30 21:14 . 2011-10-30 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-30 22:43 . 2011-10-30 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 21:14 . 2011-10-30 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-30 22:43 . 2011-10-30 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-10-30 21:14 688128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-30 22:43 688128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2011-10-30 21:13 320292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-30 22:42 320292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\users\Temptation\AppData\Roaming\QipGuard\QipGuard.exe" [2011-07-18 190336]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-15 399736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Infium"="c:\program files (x86)\QIP 2010\qip.exe" [2011-07-18 6812032]
"Seznam Postak"="c:\program files (x86)\Seznam.cz\postak.exe" [2011-05-25 491040]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-05 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Nokia FastStart"="c:\program files (x86)\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"KMCONFIG"="c:\program files (x86)\Mouse Driver\StartAutorun.exe" [2008-05-29 212992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Temptation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-4-1 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1083680]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-11-5 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-5 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-07-18 190336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1469136600-2618722720-2627410252-1002Core.job
- c:\users\Temptation\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 18:56]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1469136600-2618722720-2627410252-1002UA.job
- c:\users\Temptation\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 18:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [BU]
"combofix"="c:\combofix\CF9669.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 109.108.107.106 109.108.109.108
FF - ProfilePath - c:\users\Temptation\AppData\Roaming\Mozilla\Firefox\Profiles\2t8g1bd8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.0&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: network.proxy.ftp - 83.167.232.45
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 83.167.232.45
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 83.167.232.45
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 83.167.232.45
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 83.167.232.45
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
.
.
"ImagePath"="c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\audiodg.exe pid: 4232 2C: C:]
--
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sidebar.exe pid: 1928 EC: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sidebar.exe pid: 3812 EC: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Skype.exe pid: 3692 21C: C:]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1469136600-2618722720-2627410252-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:80,8c,55,2a,93,01,75,ce,41,eb,45,f2,05,b4,c4,30,fa,4a,aa,29,f7,a6,35,
b9,bd,2a,63,00,f1,5d,98,17,e6,d7,d9,cc,0e,8c,5c,81,82,b9,36,59,92,ad,99,29,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1469136600-2618722720-2627410252-1002\Software\SecuROM\License information*]
"datasecu"=hex:0e,bb,0e,7b,55,16,cb,69,ab,91,70,e5,5e,a7,98,fa,c5,49,03,4b,e0,
e9,95,28,07,40,8f,44,ee,b1,6d,4c,c3,a9,83,c5,41,b1,11,0d,a5,05,ea,27,9b,08,\
"rkeysecu"=hex:d8,11,b6,48,c2,b2,f9,4a,99,dc,af,cd,5f,d9,0b,0a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\Mouse Driver\KMConfig.exe
c:\program files (x86)\Mouse Driver\KMProcess.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2011-10-31 00:02:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-30 23:02
ComboFix2.txt 2011-10-30 21:26
.
Před spuštěním: Volných bajtů: 24 800 956 416
Po spuštění: Volných bajtů: 24 384 184 320
.
- - End Of File - - 939B509CAAD823F2413C5074D6EC093F
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý. Zkontrolujte antivir, zda je funkční, příp. reinstalujte. CF odinstalujete Start>spustit>(napsat) combofix /uninstall .

Vše vypadá už OK. Díky za vše

Rádo se stalo!