FB virus

[epnjojl]

Už na začátku radši uvedu, že jsem na radu kámoše použil program Roguekiller, ale nepomohlo to nebo jsem něco udělal špatně. Až poté jsem objevil tyto stránky a přečetl si doporučení, že je lepší nic sám nezkoušet. Takže zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominik at 2011-08-22 00:55:18
Microsoft Windows 7 Home Premium
System drive C: has 326 GB (55%) free of 596 GB
Total RAM: 3894 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:55:24, on 22.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\GameBox\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Dominik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbt.toolbarhome.com/?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [7511820.exe] "C:\Windows\Temp\7511820.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [6013615.exe] "C:\Users\Dominik\AppData\Local\Temp\6013615.exe"
O4 - HKLM\..\Run: [6615757.exe] "C:\Windows\Temp\6615757.exe"
O4 - HKLM\..\Run: [13537739-loader2.exe] "C:\Windows\Temp\13537739-loader2.exe"
O4 - HKLM\..\Run: [4468639.exe] "C:\Windows\Temp\4468639.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [vProt] C:\Program Files (x86)\GameBox\vprot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (file missing)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ddservice - Unknown owner - C:\Windows\update.7.1\svchostdriver.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 14415 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe"
C:\Windows\system32\WLANExt.exe 2725920
\??\C:\Windows\system32\conhost.exe "847899918-180101226-7298066924707323742010301675-10292921671646864906555279470
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\update.7.1\svchostdriver.exe srv
atieclxx
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\update.2\svchost.exe srv
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\update.1\svchost.exe srv
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe" /autorun
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Steam\steam.exe" -silent
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\GameBox\vprot.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\update.5.0\svchost.exe srv
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Bluetooth®: On
WLAN: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>936580522</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Java\jre6\bin\jucheck.exe" -auto
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1776.a53ad60.793343891 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 1776 plugin \\.\pipe\gecko-crash-server-pipe.1776
C:\Windows\ufa\ufa.exe -o http://127.0.0.1:38389
\??\C:\Windows\system32\conhost.exe "1872152375956805143104988734200239932051475284620824677751669360742-1849456170
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4572 CREDAT:79873
"C:\Windows\update.7.1\svchostdriver.exe" stand
"C:\Users\Dominik\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForDominik.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, vshare@toolbar:1.0.0, gamebox@toolbar:1.0.0, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"
prefs.js - "keyword.URL" - "http://gbt.toolbarhome.com/search.aspx?srch=ku&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
adaradar.xml
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\
gamebox@toolbar
vshare@toolbar
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\searchplugins\
icqplugin-1.xml
icqplugin.xml
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-21 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}]
GameBox Toolbar - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll [2011-06-21 790104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - GameBox Toolbar - C:\Program Files (x86)\GameBox\gamebox_toolbar.dll [2011-06-21 790104]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-12 2107176]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-03-03 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-03-03 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-03-03 410648]
"HP Quick Launch"=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-01-18 451072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-04-21 172032]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-27 8192]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-03-13 6234144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EssentialPIM"=C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [2009-12-30 1848416]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-08-02 1242448]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"vProt"=C:\Program Files (x86)\GameBox\vprot.exe [2011-06-21 123480]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-02 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
""= []
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe []
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-06-15 141624]
"Anti-phishing Domain Advisor"=C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [2011-02-01 232104]
"wxpdrv"=C:\Windows\services32.exe [2011-08-21 1213440]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-12-0\svchost.exe [2011-08-21 1213440]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"7511820.exe"=C:\Windows\Temp\7511820.exe [2011-08-21 258048]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-08-21 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-08-21 258048]
"6013615.exe"=C:\Users\Dominik\AppData\Local\Temp\6013615.exe [2011-08-21 258048]
"6615757.exe"=C:\Windows\Temp\6615757.exe [2011-08-21 634880]
"13537739-loader2.exe"=C:\Windows\Temp\13537739-loader2.exe [2011-08-21 258048]
"4468639.exe"=C:\Windows\Temp\4468639.exe [2011-08-21 258048]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-08-21 232960]
"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrssta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-03-03 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-22 00:55:18 ----D---- C:\rsit
2011-08-22 00:55:18 ----D---- C:\Program Files\trend micro
2011-08-21 21:46:15 ----D---- C:\ProgramData\AVAST Software
2011-08-21 21:46:15 ----D---- C:\Program Files\AVAST Software
2011-08-21 19:23:18 ----A---- C:\Windows\system32\avgrssta.dll
2011-08-21 18:53:29 ----A---- C:\Windows\l1rezerv.exe
2011-08-21 18:49:39 ----HD---- C:\Windows\update.7.1
2011-08-21 18:48:56 ----D---- C:\Windows\ufa
2011-08-21 18:48:56 ----D---- C:\Windows\rpcminer
2011-08-21 18:48:56 ----D---- C:\Windows\phoenix
2011-08-21 18:48:38 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-21 18:48:32 ----A---- C:\Windows\btc_client_iplist.txt
2011-08-21 18:48:00 ----HD---- C:\Windows\update.2
2011-08-21 18:47:36 ----A---- C:\Windows\unrar.exe
2011-08-21 18:47:23 ----HD---- C:\Windows\update.5.0
2011-08-21 18:46:58 ----A---- C:\Windows\iplist.txt
2011-08-21 18:46:28 ----A---- C:\Windows\sysdriver32_.exe
2011-08-21 18:46:14 ----A---- C:\Windows\sysdriver32.exe
2011-08-21 18:45:27 ----A---- C:\Windows\front_ip_list.txt
2011-08-21 18:44:55 ----D---- C:\Windows\av_ico
2011-08-21 18:42:44 ----HD---- C:\Windows\update.1
2011-08-21 18:42:31 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-08-21 18:42:31 ----HD---- C:\Windows\update.tray-12-0
2011-08-21 18:31:55 ----A---- C:\Windows\winlog-ids.txt
2011-08-21 18:31:55 ----A---- C:\Windows\winlog-dirs.txt
2011-08-21 18:31:49 ----A---- C:\Windows\services32.exe
2011-08-19 11:12:13 ----D---- C:\Users\Dominik\AppData\Roaming\Youtube Downloader HD
2011-08-18 08:37:16 ----A---- C:\Windows\ntbtlog.txt
2011-08-13 16:27:14 ----A---- C:\Windows\system32\mshtml.dll
2011-08-13 16:27:08 ----A---- C:\Windows\system32\ieframe.dll
2011-08-13 16:27:02 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-13 16:27:02 ----A---- C:\Windows\system32\iertutil.dll
2011-08-13 16:27:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-13 16:26:59 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-13 16:26:57 ----A---- C:\Windows\system32\urlmon.dll
2011-08-13 16:26:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-13 16:26:55 ----A---- C:\Windows\system32\wininet.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-08-13 16:26:53 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-13 16:26:53 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\url.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\mstime.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\ieui.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\iepeers.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-13 16:26:51 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-11 08:24:18 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-11 08:24:18 ----A---- C:\Windows\system32\xmllite.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-11 08:24:16 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-11 08:24:11 ----A---- C:\Windows\system32\wow64.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\winsrv.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\kernel32.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\conhost.exe
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\wow64win.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 08:24:08 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 08:24:08 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-11 08:24:08 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-11 08:24:08 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-11 08:24:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-11 08:23:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-11 08:23:42 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-11 08:23:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

======List of files/folders modified in the last 1 month======

2011-08-22 08:14:54 ----D---- C:\Windows\Tasks
2011-08-22 08:14:54 ----D---- C:\Windows\SysWOW64
2011-08-22 08:14:54 ----D---- C:\Windows\system32\wfp
2011-08-22 08:14:54 ----D---- C:\Windows\system32\DriverStore
2011-08-22 08:14:54 ----D---- C:\Windows\system32\drivers\etc
2011-08-22 08:14:54 ----D---- C:\Windows\system32\catroot2
2011-08-22 08:14:54 ----D---- C:\Windows
2011-08-22 08:14:53 ----D---- C:\Windows\system32\CodeIntegrity
2011-08-22 08:14:52 ----D---- C:\Windows\System32
2011-08-22 08:14:52 ----D---- C:\Windows\inf
2011-08-22 08:14:51 ----D---- C:\Users\Dominik\AppData\Roaming\EssentialPIM
2011-08-22 08:14:48 ----D---- C:\Windows\system32\wbem
2011-08-22 08:14:48 ----D---- C:\Windows\registration
2011-08-22 08:14:44 ----D---- C:\Windows\system32\drivers
2011-08-22 08:14:35 ----RD---- C:\Program Files (x86)
2011-08-22 08:14:35 ----HD---- C:\ProgramData
2011-08-22 07:52:03 ----SHD---- C:\System Volume Information
2011-08-22 07:49:55 ----D---- C:\Windows\system32\LogFiles
2011-08-22 00:55:24 ----D---- C:\Windows\Prefetch
2011-08-22 00:55:18 ----RD---- C:\Program Files
2011-08-22 00:43:00 ----D---- C:\Windows\Temp
2011-08-22 00:10:57 ----D---- C:\Windows\system32\config
2011-08-21 22:24:26 ----D---- C:\Program Files (x86)\Steam
2011-08-21 22:23:19 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-21 21:11:22 ----SHD---- C:\Windows\Installer
2011-08-21 21:11:01 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-21 21:11:00 ----D---- C:\Windows\system32\drivers\AVG
2011-08-21 19:41:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-21 19:34:19 ----D---- C:\Program Files\DisplayLink Core Software
2011-08-21 19:21:48 ----D---- C:\Windows\winsxs
2011-08-21 19:20:00 ----D---- C:\ProgramData\MFAData
2011-08-19 14:22:32 ----A---- C:\Windows\powermp3wavconverter.ini
2011-08-15 21:31:37 ----SD---- C:\Users\Dominik\AppData\Roaming\Microsoft
2011-08-14 08:32:53 ----D---- C:\Windows\SYSWOW64\migration
2011-08-14 08:32:53 ----D---- C:\Windows\system32\migration
2011-08-14 08:32:53 ----D---- C:\Program Files\Internet Explorer
2011-08-14 08:32:53 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-13 13:11:16 ----D---- C:\Windows\Microsoft.NET
2011-08-13 13:11:15 ----RSD---- C:\Windows\assembly
2011-08-13 08:26:47 ----D---- C:\Windows\AppPatch
2011-08-13 08:24:30 ----D---- C:\ProgramData\Microsoft Help
2011-08-13 08:24:03 ----D---- C:\Windows\system32\catroot
2011-08-13 08:21:12 ----A---- C:\Windows\system32\MRT.exe
2011-08-09 08:39:06 ----D---- C:\Windows\system32\Tasks
2011-07-31 18:11:19 ----D---- C:\Users\Dominik\AppData\Roaming\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 dlkmdldr;dlkmdldr; C:\Windows\system32\drivers\dlkmdldr.sys [2009-11-20 13936]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 409624]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-09 834544]
R1 Avgldx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [2011-08-21 422920]
R1 Avgmfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [2011-08-21 34248]
R1 Avgtdia;AVG Free Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [2011-08-21 470024]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-07-29 3058168]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-07 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
R3 dlkmd;dlkmd; C:\Windows\system32\drivers\dlkmd.sys [2009-11-20 185968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-11 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-13 2291616]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-03-03 7843040]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-12 316464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 118864]
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\Windows\system32\DRIVERS\ax88772.sys [2010-09-17 73216]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 DisplayLinkUsbPort;DisplayLink USB Device; C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22271.0.sys [2010-09-17 17408]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 115328]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-03-03 7843040]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 873248]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-21 382464]
R2 DisplayLinkService;DisplayLinkManager; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 8547176]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-01-25 514232]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-08-21 355840]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-08-21 634880]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-08-21 1213440]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-02-08 230968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 653616]
S2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe []
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 135664]
S2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-08-21 258048]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2010-01-04 238328]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-03 411432]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]

-----------------EOF-----------------

[Danstahr]

Dobré ráno ,

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

[epnjojl]

Zde jsou výsledky úplného testu:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7534

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.8.2011 10:57:36
mbam-log-2011-08-22 (10-57-24).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|F:\|H:\|)
Testované objekty: 457106
Uplynulý čas: 1 hodin, 7 minut, 45 sekund

Infikované procesy v paměti: 7
Infikované moduly v paměti: 0
Infikované klíče v registru: 9
Infikované hodnoty v registru: 13
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 41

Infikované procesy v paměti:
c:\Windows\systemup.exe (Trojan.Agent.Gen) -> 4472 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 2304 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2764 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 4100 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2164 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2780 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> 3132 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent.Gen) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6013615.exe (Trojan.Agent) -> Value: 6013615.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4468639.exe (Trojan.Agent) -> Value: 4468639.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6615757.exe (Trojan.Agent) -> Value: 6615757.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7511820.exe (Trojan.Agent) -> Value: 7511820.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13537739-loader2.exe (Trojan.Agent) -> Value: 13537739-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Agent) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Users\Dominik\Ostatní\Jiné\stressrelief\stressrelief.exe (Joke.Stressreducer) -> No action taken.
c:\Windows\Temp\2506415.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5441923.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\85704574.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\94105_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Dominik\AppData\Local\Temp\6013615.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1736537.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2617160.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2833244.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3073377.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3411859.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4468639.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4711252.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6615757.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7133387.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7511820.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9508360.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\13537739-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Agent) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Agent) -> No action taken.

[Danstahr]

Nalezené položky smažte.


Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému

Stáhněte ComboFix a uložte jej na Plochu.

Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.
Spusťte ComboFix s administrátorským oprávněním.
Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení
Během skenu nechte počítač naprosto v klidu.
Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému
Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem
ComboFixu si do dalšího pokynu nevšímejte

[epnjojl]

Nalezené soubory vymazány, počítač poté restartován (bylo to vyžadováno) a tohle je log:

ComboFix 11-08-22.02 - Dominik 22.08.2011 11:16:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3894.2182 [GMT 2:00]
Spuštěný z: c:\users\Dominik\Desktop\viry.cz\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Steam\steam.exe
c:\users\Dominik\AppData\Roaming\3v
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 09:24 . 2011-08-22 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 07:42 . 2011-08-22 07:42 -------- d-----w- c:\users\Dominik\AppData\Roaming\Malwarebytes
2011-08-22 07:41 . 2011-08-22 07:41 -------- d-----w- c:\programdata\Malwarebytes
2011-08-22 07:41 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-22 07:41 . 2011-08-22 07:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-22 07:41 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 22:55 . 2011-08-21 22:55 -------- d-----w- C:\rsit
2011-08-21 22:55 . 2011-08-21 22:55 -------- d-----w- c:\program files\trend micro
2011-08-21 19:46 . 2011-08-21 19:46 -------- d-----w- c:\programdata\AVAST Software
2011-08-21 19:46 . 2011-08-21 19:46 -------- d-----w- c:\program files\AVAST Software
2011-08-21 17:23 . 2011-08-21 17:23 12464 ----a-w- c:\windows\system32\avgrssta.dll
2011-08-21 16:49 . 2011-08-21 16:49 -------- d--h--w- c:\windows\update.7.1
2011-08-21 16:48 . 2011-08-21 16:48 -------- d-----w- c:\windows\ufa
2011-08-21 16:47 . 2011-08-21 16:48 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 16:44 . 2011-08-21 16:44 -------- d-----w- c:\windows\av_ico
2011-08-21 16:42 . 2011-08-22 09:07 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-21 16:42 . 2011-08-22 06:14 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-19 09:12 . 2011-08-19 09:19 -------- d-----w- c:\users\Dominik\AppData\Roaming\Youtube Downloader HD
2011-08-11 06:23 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 06:23 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-11 06:23 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 17:23 . 2011-04-04 22:59 470024 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-08-21 17:23 . 2011-01-07 04:41 422920 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-08-21 17:23 . 2011-03-01 12:25 34248 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-16 04:32 . 2011-08-11 06:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 02:56 . 2011-07-16 19:18 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 11:21 . 2011-06-30 20:49 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-30 20:49 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-30 20:49 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-30 20:49 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-30 20:49 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EssentialPIM"="c:\program files (x86)\EssentialPIM\EssentialPIM.exe" [2009-12-30 1848416]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"vProt"="c:\program files (x86)\GameBox\vprot.exe" [2011-06-21 123480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-01-31 232104]
.
c:\users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-21 382464]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 135664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22271.0.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 Avgmfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 Avgtdia;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 8547176]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 10:46]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 10:46]
.
2011-08-16 c:\windows\Tasks\HPCeeScheduleForDominik.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-03 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-03 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-03 410648]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-21 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://gbt.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG10\avgtray.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-AVG9_TRAY - c:\progra~2\AVG\AVG9\avgtray.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-HijackThis - c:\users\Dominik\Desktop\#3 HJT\HijackThis.exe
AddRemove-Steam App 50130 - c:\program files (x86)\Steam\steam.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-22 11:27:28
ComboFix-quarantined-files.txt 2011-08-22 09:27
.
Před spuštěním: Volných bajtů: 372 765 069 312
Po spuštění: Volných bajtů: 374 145 667 072
.
- - End Of File - - A3F92DD72980F26AD477C66C7C5E5E59

[Danstahr]

Otevřete Poznámkový blok, vložte do něj následující text a uložte soubor na Plochu jako CFScript.txt. Pak soubor přetáhněte na ikonu ComboFixu (viz obrázek). Po restartu se otevře log, ten sem vložte.

Kód: Vybrat vše

killall::

file::
c:\windows\unrar.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForDominik.job

folder::
c:\windows\update.7.1
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk
c:\Users\Dominik\Ostatní\Jiné\stressrelief

registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"SunJavaUpdateSched"=-
"GrooveMonitor"=-
"Anti-phishing Domain Advisor"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"=-
"SunJavaUpdateSched"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=dword:00000001

DDS::
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
mStart Page = hxxp://www.bing.com

Firefox::
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\
FF - prefs.js: keyword.URL - hxxp://gbt.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar


RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Driver::
gupdate
gupdatem
ddservice
ICQ Service


reboot::

[epnjojl]

ComboFix 11-08-22.02 - Dominik 22.08.2011 12:21:51.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3894.2498 [GMT 2:00]
Spuštěný z: c:\users\Dominik\Desktop\viry.cz\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dominik\Desktop\viry.cz\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\HPCeeScheduleForDominik.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\components\FF4\IToolbarhomewmp.xpt
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\components\FF4\toolbarhomewmp.dll
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\components\IToolbarhomewmp.xpt
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\components\toolbarhomeApi.js
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\components\toolbarhomewmp.dll
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\chrome.manifest
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\chrome\gamebox.jar
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\icon.png
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\install.rdf
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\locale\en-US\global.dtd
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\locale\en-US\global.properties
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\modules\configuration.js
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\modules\configuration_0.css
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\modules\configuration_0.xul
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\modules\configuration_1.css
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\modules\configuration_1.xul
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\gamebox@toolbar\modules\gbtJsm.js
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\components\toolbarhomeApi.js
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\chrome.manifest
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\chrome\vshare.jar
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\install.rdf
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\locale\en-US\global.dtd
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\locale\en-US\global.properties
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\modules\configuration.js
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\modules\configuration_0.css
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\modules\configuration_0.xul
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\modules\configuration_1.css
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\modules\configuration_1.xul
c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\vshare@toolbar\modules\vshareJsm.js
c:\windows\av_ico
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForDominik.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0-lnk\svchost.exe
c:\windows\update.tray-12-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 07:42 . 2011-08-22 07:42 -------- d-----w- c:\users\Dominik\AppData\Roaming\Malwarebytes
2011-08-22 07:41 . 2011-08-22 07:41 -------- d-----w- c:\programdata\Malwarebytes
2011-08-22 07:41 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-22 07:41 . 2011-08-22 07:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-22 07:41 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 22:55 . 2011-08-21 22:55 -------- d-----w- C:\rsit
2011-08-21 22:55 . 2011-08-21 22:55 -------- d-----w- c:\program files\trend micro
2011-08-21 19:46 . 2011-08-21 19:46 -------- d-----w- c:\programdata\AVAST Software
2011-08-21 19:46 . 2011-08-21 19:46 -------- d-----w- c:\program files\AVAST Software
2011-08-21 17:23 . 2011-08-21 17:23 12464 ----a-w- c:\windows\system32\avgrssta.dll
2011-08-19 09:12 . 2011-08-19 09:19 -------- d-----w- c:\users\Dominik\AppData\Roaming\Youtube Downloader HD
2011-08-11 06:23 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 06:23 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-11 06:23 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 17:23 . 2011-04-04 22:59 470024 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-08-21 17:23 . 2011-01-07 04:41 422920 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-08-21 17:23 . 2011-03-01 12:25 34248 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-16 04:32 . 2011-08-11 06:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 02:56 . 2011-07-16 19:18 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 11:21 . 2011-06-30 20:49 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-30 20:49 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-30 20:49 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-30 20:49 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-30 20:49 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_09.24.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-22 09:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-22 10:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-22 09:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-22 10:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-08-22 10:30 40992 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-08-22 09:11 40992 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-14 12:10 . 2011-08-22 10:30 20988 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2908795432-3166487246-2218675730-1001_UserData.bin
- 2010-09-13 08:59 . 2011-08-22 09:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-13 08:59 . 2011-08-22 10:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-13 08:59 . 2011-08-22 09:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-13 08:59 . 2011-08-22 10:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-22 09:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-22 10:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-13 12:05 . 2011-08-22 10:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-13 12:05 . 2011-08-22 09:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-13 12:05 . 2011-08-22 10:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-13 12:05 . 2011-08-22 09:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-13 12:05 . 2011-08-22 10:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-13 12:05 . 2011-08-22 09:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-13 11:00 . 2011-08-22 10:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-13 11:00 . 2011-08-22 09:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-13 11:00 . 2011-08-22 09:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-13 11:00 . 2011-08-22 10:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-29 19:30 . 2011-08-22 10:27 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-07-29 19:30 . 2011-08-22 09:08 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-08-22 09:09 . 2011-08-22 09:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-22 10:28 . 2011-08-22 10:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-22 09:09 . 2011-08-22 09:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-22 10:28 . 2011-08-22 10:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-08-22 09:08 400568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-22 10:27 400568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2011-08-22 10:28 1015808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-22 09:09 1015808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-13 22:08 . 2011-08-22 09:08 1391916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2908795432-3166487246-2218675730-1001-8192.dat
+ 2010-09-13 22:08 . 2011-08-22 10:27 1391916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2908795432-3166487246-2218675730-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EssentialPIM"="c:\program files (x86)\EssentialPIM\EssentialPIM.exe" [2009-12-30 1848416]
"vProt"="c:\program files (x86)\GameBox\vprot.exe" [2011-06-21 123480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
.
c:\users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22271.0.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 Avgmfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 Avgtdia;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 8547176]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF29165.cfxxe" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-03 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-03 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-03 410648]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-21 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2011-08-22 12:35:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 10:35
ComboFix2.txt 2011-08-22 09:27
.
Před spuštěním: Volných bajtů: 374 290 563 072
Po spuštění: Volných bajtů: 373 797 769 216
.
- - End Of File - - 0C034AEB1517A616818A497974BA2107

[Danstahr]

Jak je na tom PC?

[epnjojl]

On se ten virus projevoval akorát tak, že vždycky smazal antivirus, počítač se spouštěl přes nouzovej režim a nešel spustit fb. Antivirus sem ještě nainstalovat nezkoušel, ale jinak zbylé dvě věci už zdá se fugnují. Jen na fb sem se ještě nepřihlašoval, aby se zase něco nepokazilo, ale mám aspoň možnost se přihlásit, což předtím nešlo. Takže asi tak, ale nevím jestli tam není třeba ještě nějaký jiný porblém.....

[Danstahr]

"...akorát..." Ale stačilo, ne?

Odinstalujte a znovu nainstalujte antivir a dejte kontrolní log z RSIT.

[epnjojl]

Dobře, to slovo akorát si vážně zasloužilo uvozovky sem tím chtěl především vyjádřit, že nevím, zda to nepáchá ještě i jiné nekalosti. Teď už sem nainstaloval antivirus, restartoval počítač a zdá se všechno v pořádku. Zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominik at 2011-08-22 13:35:52
Microsoft Windows 7 Home Premium
System drive C: has 358 GB (60%) free of 596 GB
Total RAM: 3894 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:36:00, on 22.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe
C:\Program Files (x86)\GameBox\vprot.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Dominik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [vProt] C:\Program Files (x86)\GameBox\vprot.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (file missing)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11200 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
"C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 36787904
\??\C:\Windows\system32\conhost.exe "-762736105-2073572385926026135-1825656438-814359530-20993094871495665719668468660
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {08D25DE2-2283-4509-9FF2-D1D5F7C7092B}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe" /autorun
"C:\Program Files (x86)\GameBox\vprot.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Windows\System32\GfxUI.exe" /startup:silent
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Dominik\Desktop\viry.cz\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
adaradar.xml
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\searchplugins\
icqplugin-1.xml
icqplugin.xml
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-21 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll []
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-12 2107176]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-03-03 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-03-03 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-03-03 410648]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-27 8192]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-03-13 6234144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EssentialPIM"=C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [2009-12-30 1848416]
"vProt"=C:\Program Files (x86)\GameBox\vprot.exe [2011-06-21 123480]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-06-15 141624]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\avgrssta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-03-03 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-22 13:13:28 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-22 13:13:28 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-22 13:13:26 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-22 13:13:26 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-08-22 13:13:25 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-08-22 13:13:24 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-08-22 13:12:49 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-08-22 13:12:49 ----A---- C:\Windows\avastSS.scr
2011-08-22 12:35:15 ----D---- C:\Windows\temp
2011-08-22 12:35:14 ----A---- C:\ComboFix.txt
2011-08-22 12:28:38 ----D---- C:\$RECYCLE.BIN
2011-08-22 11:13:25 ----A---- C:\Windows\zip.exe
2011-08-22 11:13:25 ----A---- C:\Windows\SWSC.exe
2011-08-22 11:13:25 ----A---- C:\Windows\SWREG.exe
2011-08-22 11:13:25 ----A---- C:\Windows\sed.exe
2011-08-22 11:13:25 ----A---- C:\Windows\PEV.exe
2011-08-22 11:13:25 ----A---- C:\Windows\NIRCMD.exe
2011-08-22 11:13:25 ----A---- C:\Windows\MBR.exe
2011-08-22 11:13:25 ----A---- C:\Windows\grep.exe
2011-08-22 11:13:16 ----D---- C:\Windows\ERDNT
2011-08-22 11:13:13 ----D---- C:\Qoobox
2011-08-22 09:42:04 ----D---- C:\Users\Dominik\AppData\Roaming\Malwarebytes
2011-08-22 09:41:59 ----D---- C:\ProgramData\Malwarebytes
2011-08-22 09:41:59 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-08-22 09:41:56 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-22 09:41:56 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-22 00:55:18 ----D---- C:\rsit
2011-08-22 00:55:18 ----D---- C:\Program Files\trend micro
2011-08-21 21:46:15 ----D---- C:\ProgramData\AVAST Software
2011-08-21 21:46:15 ----D---- C:\Program Files\AVAST Software
2011-08-21 19:23:18 ----A---- C:\Windows\system32\avgrssta.dll
2011-08-19 11:12:13 ----D---- C:\Users\Dominik\AppData\Roaming\Youtube Downloader HD
2011-08-18 08:37:16 ----A---- C:\Windows\ntbtlog.txt
2011-08-13 16:27:14 ----A---- C:\Windows\system32\mshtml.dll
2011-08-13 16:27:08 ----A---- C:\Windows\system32\ieframe.dll
2011-08-13 16:27:02 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-13 16:27:02 ----A---- C:\Windows\system32\iertutil.dll
2011-08-13 16:27:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-13 16:26:59 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-13 16:26:57 ----A---- C:\Windows\system32\urlmon.dll
2011-08-13 16:26:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-13 16:26:55 ----A---- C:\Windows\system32\wininet.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-08-13 16:26:53 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-13 16:26:53 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\url.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\mstime.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\ieui.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\iepeers.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-13 16:26:51 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-11 08:24:18 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-11 08:24:18 ----A---- C:\Windows\system32\xmllite.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-11 08:24:16 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-11 08:24:11 ----A---- C:\Windows\system32\wow64.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\winsrv.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\kernel32.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\conhost.exe
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\wow64win.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 08:24:08 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 08:24:08 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-11 08:24:08 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-11 08:24:08 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-11 08:24:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-11 08:23:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-11 08:23:42 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-11 08:23:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

======List of files/folders modified in the last 1 month======

2011-08-22 13:35:06 ----D---- C:\Program Files\DisplayLink Core Software
2011-08-22 13:34:12 ----D---- C:\Windows\system32\config
2011-08-22 13:34:08 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-22 13:13:28 ----D---- C:\Windows\system32\drivers
2011-08-22 13:13:06 ----SHD---- C:\Windows\Installer
2011-08-22 13:12:49 ----D---- C:\Windows\SysWOW64
2011-08-22 13:12:49 ----D---- C:\Windows
2011-08-22 13:12:44 ----SHD---- C:\System Volume Information
2011-08-22 12:28:40 ----A---- C:\Windows\system.ini
2011-08-22 12:28:35 ----D---- C:\Windows\system32\drivers\etc
2011-08-22 12:26:44 ----D---- C:\Windows\Tasks
2011-08-22 12:24:10 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-22 12:24:10 ----D---- C:\Windows\System32
2011-08-22 12:24:10 ----D---- C:\Windows\AppPatch
2011-08-22 12:24:08 ----D---- C:\Program Files\Common Files
2011-08-22 12:24:08 ----D---- C:\Program Files (x86)\Common Files
2011-08-22 11:23:57 ----D---- C:\Program Files (x86)\Steam
2011-08-22 11:13:25 ----D---- C:\Windows\Prefetch
2011-08-22 10:21:25 ----D---- C:\Windows\inf
2011-08-22 10:21:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-22 09:41:59 ----D---- C:\ProgramData
2011-08-22 09:41:56 ----RD---- C:\Program Files (x86)
2011-08-22 08:14:54 ----D---- C:\Windows\system32\wfp
2011-08-22 08:14:54 ----D---- C:\Windows\system32\DriverStore
2011-08-22 08:14:54 ----D---- C:\Windows\system32\catroot2
2011-08-22 08:14:53 ----D---- C:\Windows\system32\CodeIntegrity
2011-08-22 08:14:51 ----D---- C:\Users\Dominik\AppData\Roaming\EssentialPIM
2011-08-22 08:14:48 ----D---- C:\Windows\system32\wbem
2011-08-22 08:14:48 ----D---- C:\Windows\registration
2011-08-22 07:49:55 ----D---- C:\Windows\system32\LogFiles
2011-08-22 00:55:18 ----RD---- C:\Program Files
2011-08-21 21:11:00 ----D---- C:\Windows\system32\drivers\AVG
2011-08-21 19:21:48 ----D---- C:\Windows\winsxs
2011-08-21 19:20:00 ----D---- C:\ProgramData\MFAData
2011-08-19 14:22:32 ----A---- C:\Windows\powermp3wavconverter.ini
2011-08-15 21:31:37 ----SD---- C:\Users\Dominik\AppData\Roaming\Microsoft
2011-08-14 08:32:53 ----D---- C:\Windows\SYSWOW64\migration
2011-08-14 08:32:53 ----D---- C:\Windows\system32\migration
2011-08-14 08:32:53 ----D---- C:\Program Files\Internet Explorer
2011-08-14 08:32:53 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-13 13:11:16 ----D---- C:\Windows\Microsoft.NET
2011-08-13 13:11:15 ----RSD---- C:\Windows\assembly
2011-08-13 08:24:30 ----D---- C:\ProgramData\Microsoft Help
2011-08-13 08:24:03 ----D---- C:\Windows\system32\catroot
2011-08-13 08:21:12 ----A---- C:\Windows\system32\MRT.exe
2011-08-09 08:39:06 ----D---- C:\Windows\system32\Tasks
2011-07-31 18:11:19 ----D---- C:\Users\Dominik\AppData\Roaming\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 dlkmdldr;dlkmdldr; C:\Windows\system32\drivers\dlkmdldr.sys [2009-11-20 13936]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 409624]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-09 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 600920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 288088]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 45400]
R1 Avgldx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [2011-08-21 422920]
R1 Avgmfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [2011-08-21 34248]
R1 Avgtdia;AVG Free Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [2011-08-21 470024]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-07-29 3058168]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-07 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
R3 dlkmd;dlkmd; C:\Windows\system32\drivers\dlkmd.sys [2009-11-20 185968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-11 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-13 2291616]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-03-03 7843040]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-12 316464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 118864]
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\Windows\system32\DRIVERS\ax88772.sys [2010-09-17 73216]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DisplayLinkUsbPort;DisplayLink USB Device; C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22271.0.sys [2010-09-17 17408]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 115328]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-03-03 7843040]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 873248]
R2 DisplayLinkService;DisplayLinkManager; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 8547176]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-01-25 514232]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 653616]
S2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe []
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2010-01-04 238328]
S3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-02-08 230968]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-03 411432]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]

-----------------EOF-----------------

[Danstahr]

Použijte v nouzovém režimu (restart PC, při startu mačkat F8 a vybrat Režim nouze s prací v síti) AVG Remover a dejte nový log z RSIT.

[epnjojl]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominik at 2011-08-22 14:08:45
Microsoft Windows 7 Home Premium
System drive C: has 358 GB (60%) free of 596 GB
Total RAM: 3894 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:08:46, on 22.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe
C:\Program Files (x86)\GameBox\vprot.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Dominik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [vProt] C:\Program Files (x86)\GameBox\vprot.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10573 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe"
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 29699264
\??\C:\Windows\system32\conhost.exe "-10586747551714985682713068567-731614930-12766364581209701638638173234222054655
C:\Windows\System32\spoolsv.exe
taskeng.exe {37B2C7F8-52A3-453A-AD7E-267F58EBF0A8}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe" /autorun
"C:\Program Files (x86)\GameBox\vprot.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4424.5e8b280.743296672 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 4424 plugin \\.\pipe\gecko-crash-server-pipe.4424
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Dominik\Desktop\viry.cz\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4, wrc@avast.com:6.0.1203, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
adaradar.xml
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\extensions\
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\u1i1cwqp.default\searchplugins\
icqplugin-1.xml
icqplugin.xml
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-21 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-12 2107176]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-03-03 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-03-03 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-03-03 410648]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-27 8192]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-03-13 6234144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EssentialPIM"=C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [2009-12-30 1848416]
"vProt"=C:\Program Files (x86)\GameBox\vprot.exe [2011-06-21 123480]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-06-15 141624]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\avgrssta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-03-03 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-22 13:13:28 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-22 13:13:28 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-22 13:13:26 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-22 13:13:26 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-08-22 13:13:25 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-08-22 13:13:24 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-08-22 13:12:49 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-08-22 13:12:49 ----A---- C:\Windows\avastSS.scr
2011-08-22 12:35:15 ----D---- C:\Windows\temp
2011-08-22 12:35:14 ----A---- C:\ComboFix.txt
2011-08-22 12:28:38 ----D---- C:\$RECYCLE.BIN
2011-08-22 11:13:25 ----A---- C:\Windows\zip.exe
2011-08-22 11:13:25 ----A---- C:\Windows\SWSC.exe
2011-08-22 11:13:25 ----A---- C:\Windows\SWREG.exe
2011-08-22 11:13:25 ----A---- C:\Windows\sed.exe
2011-08-22 11:13:25 ----A---- C:\Windows\PEV.exe
2011-08-22 11:13:25 ----A---- C:\Windows\NIRCMD.exe
2011-08-22 11:13:25 ----A---- C:\Windows\MBR.exe
2011-08-22 11:13:25 ----A---- C:\Windows\grep.exe
2011-08-22 11:13:16 ----D---- C:\Windows\ERDNT
2011-08-22 11:13:13 ----D---- C:\Qoobox
2011-08-22 09:42:04 ----D---- C:\Users\Dominik\AppData\Roaming\Malwarebytes
2011-08-22 09:41:59 ----D---- C:\ProgramData\Malwarebytes
2011-08-22 09:41:59 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-08-22 09:41:56 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-22 09:41:56 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-22 00:55:18 ----D---- C:\rsit
2011-08-22 00:55:18 ----D---- C:\Program Files\trend micro
2011-08-21 21:46:15 ----D---- C:\ProgramData\AVAST Software
2011-08-21 21:46:15 ----D---- C:\Program Files\AVAST Software
2011-08-19 11:12:13 ----D---- C:\Users\Dominik\AppData\Roaming\Youtube Downloader HD
2011-08-18 08:37:16 ----A---- C:\Windows\ntbtlog.txt
2011-08-13 16:27:14 ----A---- C:\Windows\system32\mshtml.dll
2011-08-13 16:27:08 ----A---- C:\Windows\system32\ieframe.dll
2011-08-13 16:27:02 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-13 16:27:02 ----A---- C:\Windows\system32\iertutil.dll
2011-08-13 16:27:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-13 16:26:59 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-13 16:26:57 ----A---- C:\Windows\system32\urlmon.dll
2011-08-13 16:26:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-13 16:26:55 ----A---- C:\Windows\system32\wininet.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-13 16:26:53 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-08-13 16:26:53 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-13 16:26:53 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-13 16:26:52 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\url.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\mstime.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\ieui.dll
2011-08-13 16:26:52 ----A---- C:\Windows\system32\iepeers.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-08-13 16:26:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-13 16:26:51 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-13 16:26:51 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-11 08:24:18 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-11 08:24:18 ----A---- C:\Windows\system32\xmllite.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-11 08:24:17 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-11 08:24:16 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-11 08:24:11 ----A---- C:\Windows\system32\wow64.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\winsrv.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\kernel32.dll
2011-08-11 08:24:11 ----A---- C:\Windows\system32\conhost.exe
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 08:24:10 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-11 08:24:10 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\wow64win.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-11 08:24:10 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 08:24:09 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 08:24:08 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 08:24:08 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-11 08:24:08 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-11 08:24:08 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-11 08:24:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-11 08:23:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-11 08:23:42 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-11 08:23:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

======List of files/folders modified in the last 1 month======

2011-08-22 14:06:35 ----D---- C:\Program Files\DisplayLink Core Software
2011-08-22 14:05:12 ----D---- C:\Windows\system32\config
2011-08-22 14:04:22 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-22 14:02:33 ----D---- C:\Windows\System32
2011-08-22 14:02:18 ----D---- C:\Windows\system32\drivers
2011-08-22 14:02:10 ----SHD---- C:\Windows\Installer
2011-08-22 13:12:49 ----D---- C:\Windows\SysWOW64
2011-08-22 13:12:49 ----D---- C:\Windows
2011-08-22 13:12:44 ----SHD---- C:\System Volume Information
2011-08-22 12:28:40 ----A---- C:\Windows\system.ini
2011-08-22 12:28:35 ----D---- C:\Windows\system32\drivers\etc
2011-08-22 12:26:44 ----D---- C:\Windows\Tasks
2011-08-22 12:24:10 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-22 12:24:10 ----D---- C:\Windows\AppPatch
2011-08-22 12:24:08 ----D---- C:\Program Files\Common Files
2011-08-22 12:24:08 ----D---- C:\Program Files (x86)\Common Files
2011-08-22 11:23:57 ----D---- C:\Program Files (x86)\Steam
2011-08-22 11:13:25 ----D---- C:\Windows\Prefetch
2011-08-22 10:21:25 ----D---- C:\Windows\inf
2011-08-22 10:21:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-22 09:41:59 ----D---- C:\ProgramData
2011-08-22 09:41:56 ----RD---- C:\Program Files (x86)
2011-08-22 08:14:54 ----D---- C:\Windows\system32\wfp
2011-08-22 08:14:54 ----D---- C:\Windows\system32\DriverStore
2011-08-22 08:14:54 ----D---- C:\Windows\system32\catroot2
2011-08-22 08:14:53 ----D---- C:\Windows\system32\CodeIntegrity
2011-08-22 08:14:51 ----D---- C:\Users\Dominik\AppData\Roaming\EssentialPIM
2011-08-22 08:14:48 ----D---- C:\Windows\system32\wbem
2011-08-22 08:14:48 ----D---- C:\Windows\registration
2011-08-22 07:49:55 ----D---- C:\Windows\system32\LogFiles
2011-08-22 00:55:18 ----RD---- C:\Program Files
2011-08-21 19:21:48 ----D---- C:\Windows\winsxs
2011-08-21 19:20:00 ----D---- C:\ProgramData\MFAData
2011-08-19 14:22:32 ----A---- C:\Windows\powermp3wavconverter.ini
2011-08-15 21:31:37 ----SD---- C:\Users\Dominik\AppData\Roaming\Microsoft
2011-08-14 08:32:53 ----D---- C:\Windows\SYSWOW64\migration
2011-08-14 08:32:53 ----D---- C:\Windows\system32\migration
2011-08-14 08:32:53 ----D---- C:\Program Files\Internet Explorer
2011-08-14 08:32:53 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-13 13:11:16 ----D---- C:\Windows\Microsoft.NET
2011-08-13 13:11:15 ----RSD---- C:\Windows\assembly
2011-08-13 08:24:30 ----D---- C:\ProgramData\Microsoft Help
2011-08-13 08:24:03 ----D---- C:\Windows\system32\catroot
2011-08-13 08:21:12 ----A---- C:\Windows\system32\MRT.exe
2011-08-09 08:39:06 ----D---- C:\Windows\system32\Tasks
2011-07-31 18:11:19 ----D---- C:\Users\Dominik\AppData\Roaming\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 dlkmdldr;dlkmdldr; C:\Windows\system32\drivers\dlkmdldr.sys [2009-11-20 13936]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 409624]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-09 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 600920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 288088]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 45400]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-07-29 3058168]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-07 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
R3 dlkmd;dlkmd; C:\Windows\system32\drivers\dlkmd.sys [2009-11-20 185968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-11 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-13 2291616]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-03-03 7843040]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-12 316464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 a99wk7zy;a99wk7zy; C:\Windows\system32\drivers\a99wk7zy.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\Windows\system32\DRIVERS\ax88772.sys [2010-09-17 73216]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DisplayLinkUsbPort;DisplayLink USB Device; C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22271.0.sys [2010-09-17 17408]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 115328]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-03-03 7843040]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 873248]
R2 DisplayLinkService;DisplayLinkManager; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 8547176]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-01-25 514232]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-02-08 230968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 653616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2010-01-04 238328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-03 411432]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]

-----------------EOF-----------------

[Danstahr]

Ještě drobnosti a úklid :

Spusťte znovu HijackThis (najdete jej ve svém počítači jako C:\Program Files\trend micro\Dominik.exe), z nabídky vyberte Do a system scan only. Po provedení skenu u následujících položek zaškrtněte políčko vlevo a klikněte na Fix Checked.

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll

Odinstalujte MBAM.

Stiskněte současně klávesy Win (mezi CTRL a ALT, logo Windows) + R, do okna napište combofix /uninstall a stiskněte ENTER.

Stáhněte T-Cleaner. Potvrzování se provádí stisknutím A.

Stáhněte OTC, Spusťte jej a stiskněte CleanUp! Bude následovat restart.

Stáhněte TFC, spusťte jej a dejte Start.

Stáhněte CCleaner, nainstalujte a spusťte.

• Na záložce Čistič stiskněte tlačítko Spustit Cleaner
• Po provedení přepněte na záložku Registry, stiskněte Hledej problémy a poté Opravit vybrané problémy. Opakujte, dokud nebude po hledání problémů seznam prázdný.

[epnjojl]

Tak jsem snad všechny pokyny úspěšně splnil. Teď už by to mělo být tedy v pořádku? Mohu se tedy bezpečně přihlásit opět na fb?