VIRY.CZ

Prosím o pomoc. Vím,že už se to tu několikrát řešilo, ale i tak se zkusím zeptat znovu? Na FB se ode mě posílají dalším lidem spamy.
Už jsem zkoušela nějaké antivirové programy, ale nic nepomáhá. Např. Kasperky, Avast, Malware,CCleaner. Můžete mi prosím poradit?

Zdravim, pekny podvecer preji a vitam vas u nas na foru

Poprosim o log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

děkuji za rychlou reakci, posílám log...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Asus at 2012-07-29 18:09:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 224 GB (77%) free of 290 GB
Total RAM: 4061 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:09:30, on 29.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Users\Asus\Downloads\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Asus.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C93BB116-2B1A-47C3-980B-4CC547CDF412}: NameServer = 212.96.161.6,212.96.160.7
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10104 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\wwx09eb8.default

prefs.js - "browser.startup.homepage" - "http://google.cz/"

"linkfilter@kaspersky.ru"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
"virtualKeyboard@kaspersky.ru"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdnu.dll
npdnu.xpt
npdnupdater2.dll
npdnupdater2.xpt
nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\wwx09eb8.default\extensions\
engine@conduit.com
toolbar@ask.com
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\wwx09eb8.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll [2011-04-25 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll [2011-04-25 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll [2010-11-29 3908192]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-13 2244096]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-04-25 202296]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-29 13:18:17 ----D---- C:\Users\Asus\AppData\Roaming\Malwarebytes
2012-07-29 13:18:14 ----D---- C:\ProgramData\Malwarebytes
2012-07-29 13:18:13 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 12:28:40 ----D---- C:\rsit
2012-07-29 12:28:40 ----D---- C:\Program Files (x86)\trend micro
2012-07-29 10:32:40 ----D---- C:\Program Files (x86)\Google
2012-07-29 10:31:38 ----D---- C:\ProgramData\AVAST Software
2012-07-11 18:48:51 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 18:48:50 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-07-11 18:48:50 ----A---- C:\Windows\SysWOW64\url.dll
2012-07-11 18:48:50 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-07-11 18:48:49 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 18:48:49 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-07-11 18:48:48 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-07-11 18:48:47 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 18:48:47 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-07-11 18:48:47 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-07-11 18:48:46 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-07-11 18:48:43 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-07-11 18:02:51 ----A---- C:\Windows\SysWOW64\msxml6.dll
2012-07-11 18:02:50 ----A---- C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 18:02:50 ----A---- C:\Windows\SysWOW64\msxml3.dll
2012-07-11 18:02:46 ----A---- C:\Windows\SysWOW64\shell32.dll
2012-07-11 18:02:44 ----A---- C:\Windows\SysWOW64\schannel.dll
2012-07-11 18:02:44 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 18:02:43 ----A---- C:\Windows\SysWOW64\sspicli.dll
2012-07-11 18:02:43 ----A---- C:\Windows\SysWOW64\secur32.dll
2012-07-11 18:02:29 ----A---- C:\Windows\SysWOW64\cdosys.dll

======List of files/folders modified in the last 1 month======

2012-07-29 18:09:30 ----D---- C:\Windows\Prefetch
2012-07-29 18:09:28 ----D---- C:\Windows\Temp
2012-07-29 16:35:03 ----D---- C:\ProgramData\Kaspersky Lab
2012-07-29 16:25:03 ----D---- C:\Dokumenty
2012-07-29 14:53:44 ----D---- C:\Windows
2012-07-29 13:20:49 ----D---- C:\Stahuj
2012-07-29 13:18:14 ----HD---- C:\ProgramData
2012-07-29 13:18:13 ----D---- C:\Program Files (x86)
2012-07-29 13:14:55 ----D---- C:\Users\Asus\AppData\Roaming\Winamp
2012-07-29 13:10:47 ----D---- C:\Windows\inf
2012-07-29 12:21:57 ----D---- C:\Windows\Panther
2012-07-29 12:21:56 ----D---- C:\Windows\Logs
2012-07-29 12:21:56 ----D---- C:\Windows\debug
2012-07-29 12:19:29 ----RD---- C:\Program Files
2012-07-29 12:09:00 ----D---- C:\Windows\SysWOW64
2012-07-29 12:08:40 ----SHD---- C:\System Volume Information
2012-07-29 12:07:38 ----SHD---- C:\Windows\Installer
2012-07-29 12:07:38 ----D---- C:\Windows\Tasks
2012-07-29 12:07:38 ----D---- C:\Config.Msi
2012-07-29 10:32:19 ----D---- C:\Windows\System32
2012-07-29 08:54:38 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-28 22:46:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-07-27 18:02:41 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-16 19:17:47 ----RD---- C:\Music
2012-07-15 21:19:35 ----D---- C:\Filmy
2012-07-11 21:36:10 ----RD---- C:\Pictures
2012-07-11 19:41:21 ----D---- C:\Windows\winsxs
2012-07-11 19:38:40 ----D---- C:\Program Files (x86)\Internet Explorer
2012-07-11 19:38:39 ----D---- C:\Windows\SysWOW64\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys []
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-04-25 202296]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-14 624856]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

Mrknete v MBAMu na zalozku Protokoly, mel by tam byt log, ten mi sem prosim vlozte

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

V MBAMU byly dva soubory, nevím, který chcete posílám raději oba.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.07.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Asus :: ASUS-PC [administrátor]

Ochrana: Povolena

29.7.2012 13:19:16
mbam-log-2012-07-29 (13-19-16).txt

Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 281651
Uplynulý čas: 25 minut, 19 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
...........................................................................

2012/07/29 13:18:25 +0200 ASUS-PC Asus MESSAGE Starting protection
2012/07/29 13:18:29 +0200 ASUS-PC Asus MESSAGE Protection started successfully
2012/07/29 13:18:32 +0200 ASUS-PC Asus MESSAGE Starting IP protection
2012/07/29 13:18:36 +0200 ASUS-PC Asus MESSAGE IP Protection started successfully
2012/07/29 13:18:54 +0200 ASUS-PC Asus MESSAGE Starting database refresh
2012/07/29 13:18:54 +0200 ASUS-PC Asus MESSAGE Stopping IP protection
2012/07/29 13:23:18 +0200 ASUS-PC Asus MESSAGE IP Protection stopped
2012/07/29 13:23:21 +0200 ASUS-PC Asus MESSAGE Database refreshed successfully
2012/07/29 13:23:21 +0200 ASUS-PC Asus MESSAGE Starting IP protection
2012/07/29 13:23:25 +0200 ASUS-PC Asus MESSAGE IP Protection started successfully
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54082, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54085, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54086, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54087, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54089, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54091, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54095, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54096, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.150 (Type: outgoing, Port: 54097, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54098, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54105, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54106, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54107, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54109, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54111, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54113, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54114, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54116, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54118, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54120, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54123, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54125, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54126, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54129, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54130, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54132, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54134, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54137, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54139, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54141, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54142, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54144, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54146, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54150, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54152, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.150 (Type: outgoing, Port: 54155, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54156, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54157, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54159, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54160, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54161, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54164, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54167, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54170, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54171, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54173, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54175, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54176, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54178, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54180, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54184, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54186, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54188, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54189, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54191, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54193, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54197, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54199, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54202, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54203, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54204, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54206, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54208, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54211, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54213, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54215, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54217, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54219, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54220, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54222, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54224, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54227, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54229, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54231, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54233, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54234, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54236, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54238, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54240, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54242, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54244, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54247, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54249, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54251, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54254, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54255, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54259, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54260, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54262, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54264, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54267, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54269, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54271, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54272, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54275, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54276, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54278, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54280, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54283, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54286, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54288, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54289, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54291, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54293, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54294, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54296, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54297, Process: avp.exe)
2012/07/29 14:12:05 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54299, Process: avp.exe)
2012/07/29 14:14:54 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54388, Process: avp.exe)
2012/07/29 14:14:54 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54390, Process: avp.exe)
2012/07/29 14:15:26 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54398, Process: avp.exe)
2012/07/29 14:15:26 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54400, Process: avp.exe)
2012/07/29 14:15:26 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 54402, Process: avp.exe)
2012/07/29 14:55:04 +0200 ASUS-PC Asus MESSAGE Starting protection
2012/07/29 14:55:09 +0200 ASUS-PC Asus MESSAGE Protection started successfully
2012/07/29 14:55:12 +0200 ASUS-PC Asus MESSAGE Starting IP protection
2012/07/29 14:55:16 +0200 ASUS-PC Asus MESSAGE IP Protection started successfully
2012/07/29 16:22:58 +0200 ASUS-PC Asus MESSAGE Starting protection
2012/07/29 16:23:01 +0200 ASUS-PC Asus MESSAGE Protection started successfully
2012/07/29 16:23:04 +0200 ASUS-PC Asus MESSAGE Starting IP protection
2012/07/29 16:23:08 +0200 ASUS-PC Asus MESSAGE IP Protection started successfully
2012/07/29 16:24:41 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 49267, Process: avp.exe)
2012/07/29 16:24:41 +0200 ASUS-PC Asus IP-BLOCK 88.86.119.173 (Type: outgoing, Port: 49269, Process: avp.exe)
2012/07/29 17:06:42 +0200 ASUS-PC Asus MESSAGE Executing scheduled update: Daily
2012/07/29 17:06:50 +0200 ASUS-PC Asus MESSAGE Starting database refresh
2012/07/29 17:06:50 +0200 ASUS-PC Asus MESSAGE Scheduled update executed successfully: database updated from version v2012.07.29.05 to version v2012.07.29.07
2012/07/29 17:06:50 +0200 ASUS-PC Asus MESSAGE Stopping IP protection
2012/07/29 17:11:44 +0200 ASUS-PC Asus MESSAGE IP Protection stopped
2012/07/29 17:11:48 +0200 ASUS-PC Asus MESSAGE Database refreshed successfully
2012/07/29 17:11:48 +0200 ASUS-PC Asus MESSAGE Starting IP protection
2012/07/29 17:11:53 +0200 ASUS-PC Asus MESSAGE IP Protection started successfully

A ještě ten zbytek. Doufám,že jsem to udělala správně...
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: Asus [Práva správce]
Mód: Kontrola -- Datum: 07/29/2012 18:43:10

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{C93BB116-2B1A-47C3-980B-4CC547CDF412} : NameServer (212.96.161.6,212.96.160.7) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{C93BB116-2B1A-47C3-980B-4CC547CDF412} : NameServer (212.96.161.6,212.96.160.7) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++
--- User ---
[MBR] b41c4992f586a00861f2f1064379a643
[BSP] e1cad57204df9c6d19132e0bdc98aa66 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30717952 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30922752 | Size: 290145 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

RK i MBAM cisty, takze tam pustime poradny nastroj

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Posílám...
ComboFix 12-07-29.02 - Asus 29.07.2012 19:24:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4061.2606 [GMT 2:00]
Spuštěný z: c:\users\Asus\Downloads\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Asus\ashampoo_burning_studio_6_free_6.80_4312.exe
c:\users\Public\sdelevURL.tmp
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 11:18 . 2012-07-29 11:18 -------- d-----w- c:\users\Asus\AppData\Roaming\Malwarebytes
2012-07-29 11:18 . 2012-07-29 11:18 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 10:28 . 2012-07-29 16:09 -------- d-----w- c:\program files (x86)\trend micro
2012-07-29 10:28 . 2012-07-29 10:28 -------- d-----w- C:\rsit
2012-07-29 08:32 . 2012-07-29 10:07 -------- d-----w- c:\program files (x86)\Google
2012-07-29 08:32 . 2012-07-29 08:46 -------- d-----w- c:\users\Asus\AppData\Local\Google
2012-07-29 08:32 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-29 08:31 . 2012-07-29 10:09 -------- d-----w- c:\programdata\AVAST Software
2012-07-29 08:31 . 2012-07-29 08:31 -------- d-----w- c:\program files\AVAST Software
2012-07-27 15:41 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9F0B5ED-FF1E-4BBE-B012-0CF0CBABCB5F}\mpengine.dll
2012-07-11 17:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:36 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-11 16:02 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:02 . 2012-04-10 16:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:02 . 2012-02-10 16:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 17:35 . 2012-02-07 08:46 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 08:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 08:28 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 08:28 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 08:28 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 08:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 08:28 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 08:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 08:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 08:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 16:02 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 16:02 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 16:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 16:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 16:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 16:48 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 13:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 13:26 3908192 ----a-w- c:\program files (x86)\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-07 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-13 624856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 410136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{C93BB116-2B1A-47C3-980B-4CC547CDF412}: NameServer = 212.96.161.6,212.96.160.7
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\wwx09eb8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://google.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2012-07-29 19:36:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-29 17:36
.
Před spuštěním: Volných bajtů: 234 832 748 544
Po spuštění: Volných bajtů: 234 673 397 760
.
- - End Of File - - A093C6C5B297FAFA2268C6CA7317DB2D

Poprosim o log z DDS

Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
Spustte a kliknete na Start
Po chvili vyskoci log, ten rad uvidim

DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Asus at 19:50:55 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4061.2873 [GMT 2:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
BHO: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
TB: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\Asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
TCP: Interfaces\{0991A93B-DC70-48A1-A64B-507726CABA45} : DHCPNameServer = 8.8.8.8 192.168.2.100
TCP: Interfaces\{C93BB116-2B1A-47C3-980B-4CC547CDF412} : NameServer = 212.96.161.6,212.96.160.7
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\wwx09eb8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://google.cz/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-11 52760]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AVP;Služba Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-25 202296]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-4-14 624856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-2-6 1222144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-7 1255736]
.
=============== Created Last 30 ================
.
2012-07-29 17:32:21 -------- d-----w- C:\$RECYCLE.BIN
2012-07-29 17:22:57 98816 ----a-w- C:\Windows\sed.exe
2012-07-29 17:22:57 256000 ----a-w- C:\Windows\PEV.exe
2012-07-29 17:22:57 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 11:18:17 -------- d-----w- C:\Users\Asus\AppData\Roaming\Malwarebytes
2012-07-29 11:18:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 10:28:40 -------- d-----w- C:\Program Files (x86)\trend micro
2012-07-29 08:32:40 -------- d-----w- C:\Users\Asus\AppData\Local\Google
2012-07-29 08:31:38 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-29 08:31:38 -------- d-----w- C:\Program Files\AVAST Software
2012-07-27 15:41:26 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9F0B5ED-FF1E-4BBE-B012-0CF0CBABCB5F}\mpengine.dll
2012-07-11 17:37:08 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 17:36:06 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-07-11 16:02:51 2004480 ----a-w- C:\Windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-07-27 16:02:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 16:02:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 10:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 19:51:11,29 ===============

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2475029
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
BHO: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
mRun: [Adobe ARM]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

Firefox::
FF - ProfilePath - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\wwx09eb8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

File::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job

Folder::
C:\Program Files (x86)\Ask.com

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-07-29.02 - Asus 29.07.2012 20:44:18.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4061.2805 [GMT 2:00]
Spuštěný z: c:\users\Asus\Downloads\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Asus\Downloads\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_afde.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\MyAshampoo\tbMyAs.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 18:49 . 2012-07-29 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 11:18 . 2012-07-29 11:18 -------- d-----w- c:\users\Asus\AppData\Roaming\Malwarebytes
2012-07-29 11:18 . 2012-07-29 11:18 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 10:28 . 2012-07-29 16:09 -------- d-----w- c:\program files (x86)\trend micro
2012-07-29 10:28 . 2012-07-29 10:28 -------- d-----w- C:\rsit
2012-07-29 08:32 . 2012-07-29 10:07 -------- d-----w- c:\program files (x86)\Google
2012-07-29 08:32 . 2012-07-29 08:46 -------- d-----w- c:\users\Asus\AppData\Local\Google
2012-07-29 08:32 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-29 08:31 . 2012-07-29 10:09 -------- d-----w- c:\programdata\AVAST Software
2012-07-29 08:31 . 2012-07-29 08:31 -------- d-----w- c:\program files\AVAST Software
2012-07-27 15:41 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9F0B5ED-FF1E-4BBE-B012-0CF0CBABCB5F}\mpengine.dll
2012-07-11 17:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:36 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-11 16:02 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:02 . 2012-04-10 16:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:02 . 2012-02-10 16:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 17:35 . 2012-02-07 08:46 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 08:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 08:28 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 08:28 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 08:28 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 08:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 08:28 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 08:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 08:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 08:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 16:02 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 16:02 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 16:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 16:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 16:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 16:48 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_17.32.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-29 18:36 29818 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-29 18:36 42700 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-07-29 18:24 95696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-06 17:06 . 2012-07-29 18:36 9830 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-762763683-4132972941-3735451410-1000_UserData.bin
- 2012-07-29 17:31 . 2012-07-29 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-29 18:50 . 2012-07-29 18:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-29 17:31 . 2012-07-29 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-29 18:50 . 2012-07-29 18:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-29 17:30 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-29 18:49 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-10 16:46 . 2012-07-29 18:32 622972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-762763683-4132972941-3735451410-1000-12288.dat
- 2012-02-10 16:46 . 2012-07-29 12:45 622972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-762763683-4132972941-3735451410-1000-12288.dat
+ 2012-02-10 16:46 . 2012-07-29 18:49 1033704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-762763683-4132972941-3735451410-1000-8192.dat
- 2012-02-10 16:46 . 2012-07-29 17:30 1033704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-762763683-4132972941-3735451410-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
.
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-07 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-13 624856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 410136]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{C93BB116-2B1A-47C3-980B-4CC547CDF412}: NameServer = 212.96.161.6,212.96.160.7
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\wwx09eb8.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2012-07-29 20:55:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-29 18:55
ComboFix2.txt 2012-07-29 17:36
.
Před spuštěním: Volných bajtů: 234 896 994 304
Po spuštění: Volných bajtů: 234 571 030 528
.
- - End Of File - - A95933087D95C0304AECC2852A95FF97

Jak se chova nas pacient

Tak mám obavy, že stále stoná. Když se podívám na svůj profil, ukazují se mi tam reklamy, které se po chvíli přehodí na ty spamové.
Aspoň nějak tak vypadaly.

Muzete mi prosim dat fotku toho problemu - pripadne navod na screen je zde http://forum.viry.cz/viewtopic.php?f=11&t=14114

Pokud tam mate nejake udaje co nechce zverejnit, tak mi obrazek poslete na mail vyosek(zavinac)forum.viry.cz

VIRY.CZ

Facebook-vir

Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir

Re: Facebook-vir