a zase jeden, co se chtěl zasmát... FB vir

[paulosss]

LOG:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Janik at 2011-07-26 22:02:03
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 55 GB (19%) free of 297 GB
Total RAM: 2814 MB (72% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SmartDefrag.job
C:\Windows\tasks\User_Feed_Synchronization-{5A475B7A-9B70-48A5-BB1B-F7C487E8E1C2}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll [2010-12-06 765744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2010-04-16 815104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Burn4Free Toolbar - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2010-04-16 815104]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-06 210216]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-27 85160]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-23 13797920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2516296]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-06-24 534880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-04-21 402832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.l3codecp"=l3codecp.acm
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"vidc.tscc"=tsccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=AC3ACM.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-26 21:56:52 ----D---- C:\Program Files\trend micro
2011-07-26 21:56:51 ----D---- C:\rsit
2011-07-26 18:41:48 ----A---- C:\Windows\winlog-ids.txt
2011-07-26 18:41:48 ----A---- C:\Windows\winlog-dirs.txt
2011-07-23 23:37:05 ----D---- C:\Program Files\Application Updater
2011-07-23 23:37:04 ----D---- C:\Program Files\IObit Toolbar
2011-07-23 23:37:04 ----D---- C:\Program Files\Common Files\Spigot
2011-07-13 18:42:46 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 18:42:38 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 18:42:32 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 18:42:32 ----A---- C:\Windows\system32\csrsrv.dll
2011-07-03 17:08:01 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 1 month======

2011-07-26 21:56:52 ----RD---- C:\Program Files
2011-07-26 21:56:15 ----D---- C:\Windows\System32
2011-07-26 21:56:15 ----D---- C:\Windows\inf
2011-07-26 21:56:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-26 20:55:32 ----SD---- C:\Users\Janik\AppData\Roaming\Microsoft
2011-07-26 20:45:46 ----D---- C:\Windows\Temp
2011-07-26 18:41:48 ----AD---- C:\Windows
2011-07-26 17:17:07 ----SHD---- C:\System Volume Information
2011-07-25 23:57:29 ----A---- C:\ProgramData\hpqp.ini
2011-07-25 17:11:37 ----D---- C:\Users\Janik\AppData\Roaming\HpUpdate
2011-07-23 23:37:15 ----SHD---- C:\Windows\Installer
2011-07-23 23:37:04 ----D---- C:\Program Files\Common Files
2011-07-23 10:58:24 ----D---- C:\Windows\Debug
2011-07-22 23:14:58 ----D---- C:\Downloads
2011-07-18 19:33:44 ----D---- C:\Windows\system32\catroot
2011-07-18 19:28:05 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-13 22:44:04 ----D---- C:\Windows\Prefetch
2011-07-13 20:04:06 ----D---- C:\Windows\winsxs
2011-07-13 19:13:23 ----A---- C:\Windows\system32\mrt.exe
2011-07-13 19:12:25 ----A---- C:\Windows\win.ini
2011-07-13 18:42:23 ----D---- C:\Windows\system32\catroot2
2011-07-11 20:55:03 ----D---- C:\ProgramData\CanonIJPLM
2011-07-05 17:50:11 ----D---- C:\Program Files\Microsoft Office
2011-07-03 22:40:09 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-25 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-01-01 691696]
S1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
S1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-05-16 281760]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-05-16 25888]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-23 9791072]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
S2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
S2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-23 211488]
S2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-10-06 365952]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 wxpdrivers;wxpdrivers; C:\Users\Janik\Desktop\Ostatní\Práce\Flash-Player.exe srv []
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-27 136176]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

Děkuji předem za pomoc

[vyosek]

Zdravim a pekny vecer preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

[paulosss]

Pěkný večer přeji. To byla hotová zpanilá jízda, zde jsou logy:

Rkill:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26.07.2011 at 22:26:38.
Operating System: Windows Vista (TM) Home Basic


Processes terminated by Rkill or while it was running:

C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe


Rkill completed on 26.07.2011 at 22:26:44.

exeHelper by Raktor
Build 20100414
Run at 22:28:20 on 07/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Roguereport1:
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User: Janik [Admin rights]
Mode: Scan -- Date : 07/26/2011 22:31:34

Bad processes: 1
[SUSP PATH] HelpPane.exe -- c:\windows\helppane.exe -> KILLED

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

Roguereport2:
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User: Janik [Admin rights]
Mode: Remove -- Date : 07/26/2011 22:32:34

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Roguereport3:
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User: Janik [Admin rights]
Mode: HOSTSFix -- Date : 07/26/2011 22:35:02

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Roguereport4:
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User: Janik [Admin rights]
Mode: ProxyFix -- Date : 07/26/2011 22:35:36

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Otázka na závěr, bude žít??

[vyosek]

PC zit bude, nebojte...

Jeste ale nejsme v cili

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[paulosss]

tak to jsem to asi teď úplně zvoral...

spustil jsem combofix ale zapomněl jsem na spustit jako správce, program skončil, několik fází nedokončil a restartoval se.
teď už mě nabíhá jen cmd a jsem v adresáři C:\windows\system32
je nějaká cesta ven?

[vyosek]

Jste v normalnim rezimu nebo nouzovem

[paulosss]

pořád v nouzovém, mám černou obrazovku, v rozích je napsáno Nouzový režim a je otevřen jen příkazový řádek s adresářem c:.....
hledal jsem spouštěcí soubor pro windows visty, že bych okna třeba spustil ručně přes příkazový řádek, ale nejde mi to:(

[vyosek]

Prepnete se do toho cmd okna

• zkopirujte text nize

• Kód: Vybrat vše

  msconfig

• Odenterujte a otevre se dalsi okno
• Prepnete se na zalozku Spuštění počítače
• Podivejte se, ci nemate zaskrtnute Bezpecne spousteni - pokud ano, tak odskrtnete
• Nasledny restart by jiz mel vest do normalniho rezimu

Napiste jak se povedlo

[paulosss]

Teda, jak vy to děláte? Neuvěřitelný, možná už budu moct napsat ze svého počítače,
vypadá to, že povstal z mrtvých, ještě ale počkám na log a pošlu vám ho.

[vyosek]

Je to jednoduche - zkusenost

Pak napiste jestli CF probehlo a pripadne dejte log

[paulosss]

a tady ho máme, dal si načas:

ComboFix 11-07-26.03 - Janik 26.07.2011 22:56:07.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2814.2312 [GMT 2:00]
Spuštěný z: c:\users\Janik\Desktop\ComboFix.exe
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\program files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.0.242.0\BRNstIE.dll
c:\program files\ShopperReports3\bin\3.0.242.0\CmndFF.dll
c:\program files\ShopperReports3\bin\3.0.242.0\CntntCntr.dll
c:\program files\ShopperReports3\bin\3.0.242.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files\ShopperReports3\bin\3.0.242.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files\ShopperReports3\bin\3.0.242.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.0.242.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
c:\program files\ShopperReports3\bin\3.0.242.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.0.242.0\LaunchHelp.dll
c:\program files\ShopperReports3\bin\3.0.242.0\link.ico
c:\program files\ShopperReports3\bin\3.0.242.0\mozillaps.dll
c:\program files\ShopperReports3\bin\3.0.242.0\ShopperReports.dll
c:\program files\ShopperReports3\bin\3.0.242.0\ShopperReportsUninstaller.exe
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\HotbarSA
c:\programdata\HotbarSA\HotbarSA.dat
c:\programdata\HotbarSA\HotbarSA_kyf.dat
c:\programdata\HotbarSA\HotbarSAAbout.mht
c:\programdata\HotbarSA\HotbarSAau.dat
c:\programdata\HotbarSA\HotbarSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\users\Janik\AppData\Roaming\Hotbar
c:\users\Janik\AppData\Roaming\ShopperReports3
c:\users\Janik\AppData\Roaming\WeatherDPA
c:\windows\proc_list1.log
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 21:08 . 2011-07-26 21:41 -------- d-----w- c:\users\Janik\AppData\Local\temp
2011-07-26 21:08 . 2011-07-26 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 20:49 . 2011-07-26 20:52 -------- d-----w- C:\32788R22FWJFW
2011-07-26 19:56 . 2011-07-26 19:56 -------- d-----w- c:\program files\trend micro
2011-07-26 19:56 . 2011-07-26 19:56 -------- d-----w- C:\rsit
2011-07-23 21:37 . 2011-07-23 21:37 -------- d-----w- c:\program files\Application Updater
2011-07-23 21:37 . 2011-07-23 21:37 -------- d-----w- c:\program files\IObit Toolbar
2011-07-23 21:37 . 2011-07-23 21:37 -------- d-----w- c:\program files\Common Files\Spigot
2011-07-23 08:52 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B477822-CC1E-40CF-B7CA-4E7393B7F94A}\mpengine.dll
2011-07-13 16:42 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 16:42 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 16:42 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-03 15:08 . 2011-07-03 15:08 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 16:24 . 2011-06-06 15:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 06:08 . 2011-06-14 19:13 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-14 19:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-14 19:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-14 19:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 06:04 . 2011-06-14 19:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 05:10 . 2011-06-14 19:12 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-14 19:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-14 19:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2009-10-04 14:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-05-08 20:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16 . 2011-06-14 19:12 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 19:13 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 19:13 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 19:12 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 19:12 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 19:12 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-04-16 14:59 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-04-16 815104]
.
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-04-16 815104]
.
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-06 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-01 691696]
S1 aswSP;avast! Self Protection; [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 22:30]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 22:30]
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{5A475B7A-9B70-48A5-BB1B-F7C487E8E1C2}.job
- c:\windows\system32\msfeedssync.exe [2011-06-14 04:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04961F4D-C2A2-4FBD-85C5-07D78184C1DE}: NameServer = 82.99.161.243,81.31.33.19
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 23:41
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-976956200-4179899695-606572724-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\lpksetup.exe
c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 23:51:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 21:50
.
Před spuštěním: Volných bajtů: 57 621 868 544
Po spuštění: Volných bajtů: 54 517 182 464
.
- - End Of File - - 0137E105888B34D1CF7287BC0D9E8403

všechno naběhlo jak má, počítač je pomalejší, ale nic drastického
Myslíte že bych měl spustit raději combofix ještě jednou ale už jako správce, pro jistotu?
Děkuji mnohokrát za pomoc

[vyosek]

Odinstalujte Advance System Care a nasledne i vse od IOBit - jsou to jen cinske smejdy a spise skodi nez pomahaji

Pokud chcete, prejmenujte ComboFix na pitomec.com at si uvedomite ze na blbiny se neklika

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files\IObit Toolbar
  c:\program files\Common Files\Spigot
  c:\program files\Burn4Free Toolbar
  :\program files\IObit
  
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "WMPNSCFG"=-
  "Advanced SystemCare 4"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-
  "SearchSettings"=-
  
  Driver::
  gupdate
  gupdatem
  AdvancedSystemCareService
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\User_Feed_Synchronization-{5A475B7A-9B70-48A5-BB1B-F7C487E8E1C2}.job
  
  DDS::
  mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
  
  RegLock::
  [HKEY_USERS\S-1-5-21-976956200-4179899695-606572724-1000\Software\SecuROM\License information*]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[paulosss]

mlčim, nic neříkám, byla to strašná hovadina...
nevíte, jak je na tom teď Avast, musím si ho znovu instalovat?

zde je log:
ComboFix 11-07-26.03 - Janik 27.07.2011 0:29.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2814.1555 [GMT 2:00]
Spuštěný z: c:\users\Janik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Janik\Desktop\CFScript.txt
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 22:38 . 2011-07-26 22:44 -------- d-----w- c:\users\Janik\AppData\Local\temp
2011-07-26 22:38 . 2011-07-26 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 22:03 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F0568D6-699F-4EDC-8243-AF397DD5C328}\mpengine.dll
2011-07-26 20:49 . 2011-07-26 22:24 -------- d-----w- C:\32788R22FWJFW
2011-07-26 19:56 . 2011-07-26 19:56 -------- d-----w- c:\program files\trend micro
2011-07-26 19:56 . 2011-07-26 19:56 -------- d-----w- C:\rsit
2011-07-23 21:37 . 2011-07-23 21:37 -------- d-----w- c:\program files\Application Updater
2011-07-23 21:37 . 2011-07-23 21:37 -------- d-----w- c:\program files\IObit Toolbar
2011-07-23 21:37 . 2011-07-23 21:37 -------- d-----w- c:\program files\Common Files\Spigot
2011-07-13 16:42 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-03 15:08 . 2011-07-03 15:08 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 16:24 . 2011-06-06 15:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 13:34 . 2011-07-13 16:42 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 06:08 . 2011-06-14 19:13 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-14 19:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-14 19:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-14 19:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 06:04 . 2011-06-14 19:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 05:10 . 2011-06-14 19:12 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-14 19:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-14 19:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2009-10-04 14:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-05-08 20:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16 . 2011-06-14 19:12 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 19:13 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 19:13 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 19:12 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 19:12 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 19:12 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-06 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-01 691696]
S1 aswSP;avast! Self Protection; [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 22:30]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 22:30]
.
2011-07-26 c:\windows\Tasks\User_Feed_Synchronization-{5A475B7A-9B70-48A5-BB1B-F7C487E8E1C2}.job
- c:\windows\system32\msfeedssync.exe [2011-06-14 04:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04961F4D-C2A2-4FBD-85C5-07D78184C1DE}: NameServer = 82.99.161.243,81.31.33.19
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 00:44
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-976956200-4179899695-606572724-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\lpksetup.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 00:54:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 22:53
ComboFix2.txt 2011-07-26 21:51
.
Před spuštěním: Volných bajtů: 58 395 054 080
Po spuštění: Volných bajtů: 58 525 286 400
.
- - End Of File - - DE72C1E661A2568258A5C0024AC27991

[vyosek]

Avast poresime posleze, nejdrive se musime zbavit haveti

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "WMPNSCFG"=-
  "Advanced SystemCare 4"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-
  "SearchSettings"=-
  
  :services
  gupdate
  gupdatem
  AdvancedSystemCareService
  
  :files
  c:\program files\IObit Toolbar
  c:\program files\Common Files\Spigot
  c:\program files\Burn4Free Toolbar
  c:\program files\IObit
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[paulosss]

tady to je:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 4 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
========== SERVICES/DRIVERS ==========
Error: No service named gupdate was found to stop!
Service\Driver key gupdate not found.
Error: No service named gupdatem was found to stop!
Service\Driver key gupdatem not found.
Error: No service named AdvancedSystemCareService was found to stop!
Service\Driver key AdvancedSystemCareService not found.
========== FILES ==========
c:\program files\IObit Toolbar\Res folder moved successfully.
c:\program files\IObit Toolbar\IE\4.5 folder moved successfully.
c:\program files\IObit Toolbar\IE folder moved successfully.
c:\program files\IObit Toolbar folder moved successfully.
c:\program files\Common Files\Spigot\Search Settings\Res folder moved successfully.
c:\program files\Common Files\Spigot\Search Settings folder moved successfully.
c:\program files\Common Files\Spigot folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\css folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\bin folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\beruby folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox folder moved successfully.
c:\program files\Burn4Free Toolbar\v3.3.0.3 folder moved successfully.
c:\program files\Burn4Free Toolbar folder moved successfully.
c:\program files\IObit\Smart Defrag 2\Skins\White folder moved successfully.
c:\program files\IObit\Smart Defrag 2\Skins\Black folder moved successfully.
c:\program files\IObit\Smart Defrag 2\Skins folder moved successfully.
c:\program files\IObit\Smart Defrag 2\LatestNews folder moved successfully.
c:\program files\IObit\Smart Defrag 2\Language folder moved successfully.
c:\program files\IObit\Smart Defrag 2\Help\Images folder moved successfully.
c:\program files\IObit\Smart Defrag 2\Help folder moved successfully.
c:\program files\IObit\Smart Defrag 2\Freeware folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x86 folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x64 folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x86 folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x64 folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x86 folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x64 folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers\win7_x86 folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers\win7_x64 folder moved successfully.
c:\program files\IObit\Smart Defrag 2\drivers folder moved successfully.
c:\program files\IObit\Smart Defrag 2 folder moved successfully.
c:\program files\IObit\Advanced SystemCare 4\Update folder moved successfully.
c:\program files\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
c:\program files\IObit\Advanced SystemCare 4 folder moved successfully.
c:\program files\IObit folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Janik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 61139300 bytes
->Java cache emptied: 6664579 bytes
->Flash cache emptied: 2039 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 157983 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32971 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494475 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 07272011_011228

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...