VIRY.CZ

Zde přikládám odkaz na vlákno, kde jsem svůj problém řešil:

http://forum.viry.cz/viewtopic.php?f=19 ... 8#p1086198

A zde log z RSIT:


Logfile of random's system information tool 1.09 (written by random/random)
Run by asus at 2012-02-27 20:29:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 40 GB (14%) free of 286 GB
Total RAM: 3070 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:45, on 27.2.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19190)
Boot mode: Normal

Running processes:
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\QIP 2010\qip.exe
C:\Users\asus\Downloads\RSIT.exe
C:\Program Files\trend micro\asus.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\asus\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\asus\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... =10.0.1416
O4 - HKCU\..\Run: [Google Update] "C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Infium] "D:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3375657954-3958938850-1790376532-1004\..\Run: [Infium] "D:\Program Files\QIP 2010\qip.exe" /autorun (User 'Hanička')
O4 - S-1-5-21-3375657954-3958938850-1790376532-1004 Startup: OpenOffice.org 3.2.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Hanička')
O4 - S-1-5-21-3375657954-3958938850-1790376532-1004 User Startup: OpenOffice.org 3.2.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Hanička')
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 5938 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3375657954-3958938850-1790376532-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3375657954-3958938850-1790376532-1000UA.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - asus.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
vShare Plugin - C:\Program Files\vShare\vshare_toolbar.dll [2010-10-20 481872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-11-08 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2009-03-31 357744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2010-09-29 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\asus\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-09 138240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2009-03-31 357744]
{043C5167-00BB-4324-AF7E-62013FAEDACF} - vShare Plugin - C:\Program Files\vShare\vshare_toolbar.dll [2010-10-20 481872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... =10.0.1416 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 136176]
"Advanced SystemCare 5"=C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [2011-12-29 620376]
"Infium"=D:\Program Files\QIP 2010\qip.exe [2011-12-29 7318992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2008-04-01 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [2011-12-29 620376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\AsScrProlog.exe [2010-09-29 47672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\ASScrPro.exe [2010-09-29 33136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2008-07-15 7651328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
D:\Program Files\QIP 2010\qip.exe [2011-12-29 7318992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\asus\AppData\Roaming\QipGuard\QipGuard.exe [2010-10-25 190928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-07-16 6253088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer Agent]
D:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe [2010-10-14 62848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-11-08 273528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
C:\Windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2010-09-29 12862]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-27 16:05:37 ----D---- C:\Users\asus\AppData\Roaming\.Torrent Swapper
2012-02-16 11:58:54 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-16 11:58:52 ----A---- C:\Windows\system32\win32k.sys
2012-02-16 11:58:45 ----A---- C:\Windows\system32\wininet.dll
2012-02-16 11:58:45 ----A---- C:\Windows\system32\urlmon.dll
2012-02-16 11:58:45 ----A---- C:\Windows\system32\iertutil.dll
2012-02-16 11:58:43 ----A---- C:\Windows\system32\url.dll
2012-02-16 11:58:43 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-16 11:58:42 ----A---- C:\Windows\system32\mshtml.dll
2012-02-16 11:58:42 ----A---- C:\Windows\system32\ieframe.dll
2012-02-16 11:58:40 ----A---- C:\Windows\system32\mstime.dll
2012-02-16 11:58:40 ----A---- C:\Windows\system32\msfeeds.dll
2012-02-16 11:58:39 ----A---- C:\Windows\system32\occache.dll
2012-02-16 11:58:39 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-16 11:58:39 ----A---- C:\Windows\system32\ieUnatt.exe
2012-02-16 11:58:39 ----A---- C:\Windows\system32\ieui.dll
2012-02-16 11:58:39 ----A---- C:\Windows\system32\iesysprep.dll
2012-02-16 11:58:39 ----A---- C:\Windows\system32\iepeers.dll
2012-02-16 11:58:39 ----A---- C:\Windows\system32\iedkcs32.dll
2012-02-16 11:58:38 ----A---- C:\Windows\system32\msfeedssync.exe
2012-02-16 11:58:38 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-02-16 11:58:38 ----A---- C:\Windows\system32\licmgr10.dll
2012-02-16 11:58:38 ----A---- C:\Windows\system32\iesetup.dll
2012-02-16 11:58:38 ----A---- C:\Windows\system32\iernonce.dll
2012-02-16 11:58:38 ----A---- C:\Windows\system32\ie4uinit.exe
2012-02-08 21:36:36 ----D---- C:\Program Files\Apple Software Update
2012-01-30 22:29:32 ----D---- C:\Program Files\Microsoft Security Client
2012-01-30 22:28:50 ----A---- C:\Windows\system32\drivers\netio.sys
2012-01-30 21:38:54 ----D---- C:\ProgramData\AVAST Software
2012-01-30 21:38:54 ----D---- C:\Program Files\AVAST Software

======List of files/folders modified in the last 1 month======

2012-02-27 20:30:11 ----D---- C:\Windows\Prefetch
2012-02-27 20:30:02 ----D---- C:\Program Files\trend micro
2012-02-27 20:29:57 ----D---- C:\Windows\Temp
2012-02-27 16:24:34 ----D---- C:\Windows\tracing
2012-02-27 16:05:43 ----D---- C:\Users\asus\AppData\Roaming\uTorrent
2012-02-27 14:31:56 ----SHD---- C:\System Volume Information
2012-02-25 02:37:56 ----D---- C:\Windows\system32\catroot2
2012-02-25 02:28:13 ----D---- C:\Windows\system32\Tasks
2012-02-21 15:34:17 ----RSD---- C:\Windows\assembly
2012-02-21 15:34:17 ----D---- C:\Windows\Microsoft.NET
2012-02-21 02:29:27 ----SHD---- C:\Windows\Installer
2012-02-21 02:29:05 ----D---- C:\Windows\System32
2012-02-21 02:29:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-21 02:28:56 ----D---- C:\Windows\inf
2012-02-21 00:43:42 ----D---- C:\Windows\Tasks
2012-02-17 11:09:23 ----D---- C:\Windows\Logs
2012-02-16 18:09:25 ----D---- C:\Windows\winsxs
2012-02-16 17:59:15 ----D---- C:\Windows\system32\catroot
2012-02-16 17:56:55 ----D---- C:\Program Files\Windows Mail
2012-02-16 17:56:54 ----D---- C:\Windows\system32\migration
2012-02-16 17:56:54 ----D---- C:\Program Files\Internet Explorer
2012-02-16 14:53:50 ----D---- C:\Windows\Debug
2012-02-16 14:53:46 ----A---- C:\Windows\system32\mrt.exe
2012-02-14 11:12:21 ----D---- C:\Windows\system32\WDI
2012-02-13 11:52:21 ----D---- C:\Windows\system32\drivers
2012-02-10 23:29:03 ----D---- C:\Windows
2012-02-10 14:57:21 ----SD---- C:\Users\asus\AppData\Roaming\Microsoft
2012-02-10 14:34:15 ----SHD---- C:\Boot
2012-02-10 14:34:14 ----D---- C:\Windows\system32\config
2012-02-08 21:36:36 ----RD---- C:\Program Files
2012-01-31 13:44:05 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-30 22:30:31 ----SD---- C:\ProgramData\Microsoft
2012-01-30 21:48:28 ----D---- C:\ProgramData\AVG10
2012-01-30 21:38:54 ----HD---- C:\ProgramData
2012-01-30 21:37:44 ----D---- C:\ProgramData\MFAData
2012-01-30 21:33:22 ----D---- C:\Windows\system32\drivers\AVG

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2007-08-11 29752]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-06-04 43872]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-02 691696]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-09-16 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20101215.001\IDSvix86.sys [2010-09-15 287792]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-02-19 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-08-21 279712]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-08-21 25888]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-07-09 81960]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-05-13 100392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-13 17320]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-16 2156312]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-10-05 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
S1 natkreyh;natkreyh; \??\C:\Windows\system32\drivers\natkreyh.sys []
S1 nlzashfx;nlzashfx; \??\C:\Windows\system32\drivers\nlzashfx.sys []
S1 qcgeuiom;qcgeuiom; \??\C:\Windows\system32\drivers\qcgeuiom.sys []
S1 rgcdgiic;rgcdgiic; \??\C:\Windows\system32\drivers\rgcdgiic.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 av6eh70b;av6eh70b; C:\Windows\system32\drivers\av6eh70b.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-16 102448]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101230.003\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101230.003\NAVEX15.SYS []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2009-03-17 447024]
S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-01 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-01 136176]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-04 176128]
S4 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
S4 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-07-30 522792]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S4 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S4 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S4 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S4 MDES;DVM Meta Data Export Service; C:\ASUS.SYS\config\DVMExportService.exe [2008-10-21 307200]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2010-09-29 1245064]

-----------------EOF-----------------

Vážně už jsem solidně zoufalej, takže doufám, že log k něčemu bude..

Zdravim a pekny den preji

Na havet log OK, jestli tam nebude chyba nekde jinde, uvidime

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Taktéž zdravím a děkuji=) Zde je výpis z RK


RogueKiller V7.2.0 [02/27/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: asus [Práva správce]
Mode: Kontrola -- Date: 02/28/2012 11:06:31

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermThr]

¤¤¤ Záznamy Registrů: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] a242923cb60fd1f20fdc2a19d8588df9
[BSP] ee8955041098e348c9f03ce5abb6982d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 286164 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 586065920 | Size: 190774 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Proxy a Zprava - otevre se log, ten sem vlozte

RogueKiller V7.2.0 [02/27/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: asus [Práva správce]
Mode: Odebrat -- Date: 02/28/2012 12:45:34

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] a242923cb60fd1f20fdc2a19d8588df9
[BSP] ee8955041098e348c9f03ce5abb6982d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 286164 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 586065920 | Size: 190774 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



host:


RogueKiller V7.2.0 [02/27/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: asus [Práva správce]
Mode: Oprava HOSTS -- Date: 02/28/2012 12:46:16

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


Proxy:



RogueKiller V7.2.0 [02/27/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: asus [Práva správce]
Mode: Oprava Proxy -- Date: 02/28/2012 12:46:56

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Záznamy Registrů: 0 ¤¤¤

Dokončeno : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-02-27.02 - asus 28.02.2012 17:17:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1687 [GMT 1:00]
Spuštěný z: c:\users\HaniŔka\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\windows\iun6002.exe
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-28 do 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 16:29 . 2012-02-28 16:29 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AC90D8B-9AAF-4D83-BECE-A0EED801ECD2}\MpKslca235987.sys
2012-02-28 16:27 . 2012-02-28 16:35 -------- d-----w- c:\users\asus\AppData\Local\temp
2012-02-28 16:27 . 2012-02-28 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 15:05 . 2012-02-27 15:06 -------- d-----w- c:\users\asus\AppData\Roaming\.Torrent Swapper
2012-02-27 13:27 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AC90D8B-9AAF-4D83-BECE-A0EED801ECD2}\mpengine.dll
2012-02-25 16:04 . 2012-02-25 16:04 -------- d-----w- c:\users\Hanička\AppData\Roaming\WinRAR
2012-02-20 22:37 . 2012-02-20 22:37 -------- d-----w- c:\users\Hanička\AppData\Roaming\PhotoFiltre
2012-02-20 22:30 . 2012-02-20 23:43 -------- d-----w- c:\users\Hanička\AppData\Local\Facebook
2012-02-19 23:50 . 2012-02-19 23:51 -------- d-----w- c:\users\Hanička\AppData\Local\Adobe
2012-02-18 18:39 . 2012-02-18 18:39 -------- d-----w- c:\users\Hanička\AppData\Local\Apple
2012-02-14 23:08 . 2012-02-14 23:08 -------- d-----w- c:\users\Hanička\AppData\Roaming\Apple Computer
2012-02-14 11:26 . 2012-02-14 11:26 -------- d-----w- c:\users\Hanička\AppData\Roaming\OpenOffice.org
2012-02-13 20:40 . 2012-02-13 20:40 -------- d-----w- c:\users\Hanička\AppData\Roaming\BSplayer
2012-02-10 22:42 . 2012-01-30 21:43 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 22:42 . 2012-02-10 22:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBC83E51-02C6-4079-8D57-E1DCD04A6A36}\gapaengine.dll
2012-02-10 13:44 . 2012-02-10 13:44 -------- d-----w- c:\users\asus\AppData\Local\Apps
2012-02-09 20:26 . 2012-02-27 14:59 -------- d-----w- c:\users\Hanička\AppData\Roaming\uTorrent
2012-02-08 20:36 . 2012-02-08 20:36 -------- d-----w- c:\program files\Apple Software Update
2012-02-01 10:36 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-30 21:29 . 2012-01-30 21:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-30 21:28 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-30 20:38 . 2012-01-30 21:26 -------- d-----w- c:\programdata\AVAST Software
2012-01-30 20:38 . 2012-01-30 20:38 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-10-03 00:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 00:14 . 2012-01-26 00:14 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-26 00:14 . 2012-01-26 00:14 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-26 00:14 . 2012-01-26 00:14 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-26 00:14 . 2012-01-26 00:14 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-26 00:14 . 2012-01-26 00:14 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-26 00:14 . 2012-01-26 00:14 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 20:16 . 2010-09-29 18:07 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-12-30 16:02 . 2012-01-26 00:01 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-16 16:21 . 2012-01-25 17:35 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"Infium"="d:\program files\QIP 2010\qip.exe" [2011-12-29 7318992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... =10.0.1416" [?]
.
c:\users\Hanička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2008-04-01 06:09 266240 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2011-12-29 15:43 620376 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 12:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2010-09-29 18:00 47672 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-09-29 18:01 33136 ----a-w- c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-07-15 18:29 7651328 ----a-w- c:\program files\ASUS\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-01 16:12 136176 ----atw- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-01-12 05:40 98304 ----a-w- c:\program files\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2011-12-29 18:56 7318992 ----a-w- d:\program files\QIP 2010\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
2010-10-25 17:01 190928 ----a-w- c:\users\asus\AppData\Roaming\QipGuard\QipGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-16 11:01 6253088 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer Agent]
2010-10-14 18:17 62848 ----a-w- d:\program files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-08 13:04 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MPKSLCA235987
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-01 16:12]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-01 16:12]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3375657954-3958938850-1790376532-1000Core.job
- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 16:12]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3375657954-3958938850-1790376532-1000UA.job
- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 16:12]
.
2012-02-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - asus.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(756)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(1444)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
d:\program files\OpenOffice.org 3\program\soffice.exe
d:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\conime.exe
c:\windows\system32\conime.exe
c:\windows\system32\Taskmgr.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\system32\conime.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-28 17:42:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-28 16:41
.
Před spuštěním: Volných bajtů: 40 575 774 720
Po spuštění: Volných bajtů: 40 365 244 416
.
- - End Of File - - 55556F073FE724090694A96489525971

Odinstalujte Advanced SystemCare 5 a IObit Malware Fighter a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Poprosim o log z DDS

• Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/dds.com a ulozte na plochu
• Spustte a kliknete na Start
• Po chvili vyskoci log, ten rad uvidim

Vymazáno a tady je log:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by asus at 10:23:49 on 2012-03-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2073 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Program Files\QIP 2010\qip.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\Hanička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hanička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hanička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hanička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hanička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hanička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Hanička\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Hanička\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uURLSearchHooks: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\users\asus\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\users\asus\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
uRun: [Infium] "d:\program files\qip 2010\qip.exe" /autorun
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... =10.0.1416
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: WikiKomentáře Google... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{69B73ED6-D11D-4A7F-A6BF-055EFEAA45D0} : DhcpNameServer = 192.168.2.1
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-9-29 15416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20101215.001\IDSvix86.sys [2010-12-18 287792]
R2 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-4 6096384]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 214016]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-29 29736]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2010-9-29 48128]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 136176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-1 102448]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 136176]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-4 176128]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-6 149352]
S4 MDES;DVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-10-21 307200]
S4 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2010-9-29 1245064]
.
=============== Created Last 30 ================
.
2012-03-02 08:54:15 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d44f3a9-3800-4d2c-b344-94e9dfde0d97}\mpengine.dll
2012-02-29 09:31:15 6552120 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2012-02-28 16:42:11 -------- d-----w- c:\users\asus\appdata\local\temp
2012-02-28 16:35:43 -------- d-----w- C:\$RECYCLE.BIN
2012-02-28 16:15:49 208896 ----a-w- c:\windows\MBR.exe
2012-02-28 16:15:48 98816 ----a-w- c:\windows\sed.exe
2012-02-28 16:15:48 518144 ----a-w- c:\windows\SWREG.exe
2012-02-28 16:15:48 256000 ----a-w- c:\windows\PEV.exe
2012-02-28 16:15:39 -------- d-----w- C:\ComboFix
2012-02-27 15:05:37 -------- d-----w- c:\users\asus\appdata\roaming\.Torrent Swapper
2012-02-10 13:44:36 -------- d-----w- c:\users\asus\appdata\local\Apps
.
==================== Find3M ====================
.
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 00:14:38 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-26 00:14:38 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-26 00:14:38 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-26 00:14:38 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-26 00:14:38 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-26 00:14:38 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 20:16:19 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-30 16:02:58 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec
2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
2008-07-02 02:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 10:25:13,65 ===============

Pokud nemate, tak presunte Combofix primo na disk c:\

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\users\asus\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
  
  DDS::
  uDefault_Search_URL = hxxp://search.qip.ru
  uSearchAssistant = hxxp://search.qip.ru/ie
  uURLSearchHooks: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\users\asus\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
  uURLSearchHooks: H - No File
  BHO: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\users\asus\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
  mRunOnce: [AvgUninstallURL]
  uRun: [Infium]
  
  Driver::
  gupdate
  gupdatem
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  
  Registry::
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000000
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt taktez primo na disk c:\
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci