zavirovaný počítač. zavírá prohlížeč,ukončuje programy

[motji]

Co počítač?

[ladisnb]

porad se mi ukazuje u esetu Win32/FakeTool. A Trojan a Win32/Injector.AHG trojan nejde to smazat a pokazdym restartu se objevuje znova to první ve složce instalačky na ploše a to druhe přímo na ploše. Ale už mi neukončuje programy a nezavírá prohlížeč. To je v pořádku děkuji.

[motji]

A v jakém souboru jsou ty viry?

[ladisnb]

při startu se kousne a nabíha pomalu

ComboFix 11-07-31.04 - Ladislav Stýblo 31.07.2011 19:30:27.5.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4063.2703 [GMT 2:00]
Spuštěný z: c:\users\Ladislav Stýblo\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 17:42 . 2011-07-31 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-31 16:19 . 2011-07-31 16:19 -------- d-----w- c:\users\Ladislav Stýblo\AppData\Roaming\PCTools
2011-07-28 06:07 . 2011-01-20 11:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-07-28 06:07 . 2011-01-20 11:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-07-28 06:07 . 2011-01-20 11:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-07-27 01:04 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44BD6916-5190-4747-880A-98B3FD401B05}\mpengine.dll
2011-07-26 20:50 . 2011-07-26 20:50 -------- d-----w- C:\rsit
2011-07-26 20:50 . 2011-07-26 20:50 -------- d-----w- c:\program files (x86)\trend micro
2011-07-26 07:25 . 2011-07-26 07:25 -------- d-----w- C:\Spftware
2011-07-25 22:23 . 2011-07-25 22:23 -------- d-----w- c:\users\Ladislav Stýblo\AppData\Local\GHISLER
2011-07-25 21:51 . 2011-07-25 21:57 -------- d-----w- c:\users\Ladislav Stýblo\AppData\Roaming\PSpad
2011-07-25 20:20 . 2010-06-17 05:55 545 ----a-w- c:\windows\UC.PIF
2011-07-25 20:20 . 2010-06-17 05:55 545 ----a-w- c:\windows\RAR.PIF
2011-07-25 20:20 . 2010-06-17 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2011-07-25 20:20 . 2010-06-17 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-07-25 20:20 . 2010-06-17 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-07-25 20:20 . 2010-06-17 05:55 545 ----a-w- c:\windows\LHA.PIF
2011-07-25 20:20 . 2010-06-17 05:55 545 ----a-w- c:\windows\ARJ.PIF
2011-07-25 20:20 . 2011-07-25 21:05 -------- d-----w- c:\users\Ladislav Stýblo\AppData\Roaming\GHISLER
2011-07-25 20:01 . 2011-07-25 20:01 -------- d-----w- c:\users\Ladislav Stýblo\AppData\Roaming\VS Revo Group
2011-07-25 19:30 . 2011-07-25 19:30 -------- d-----w- c:\users\Ladislav Stýblo\AppData\Local\VS Revo Group
2011-07-25 19:30 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-25 09:30 . 2011-07-25 09:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-07-25 09:30 . 2011-07-25 09:30 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-23 19:44 . 2011-07-23 19:45 -------- d-----w- c:\users\Ladislav Stýblo\AppData\Roaming\Ice Age 2
2011-07-23 19:34 . 2011-07-23 19:34 1 ----a-w- C:\DXOkay.bin
2011-07-19 13:50 . 2011-07-26 07:51 -------- d-----w- c:\users\Ladislav Stýblo\AppData\Local\ElevatedDiagnostics
2011-07-18 15:58 . 2011-07-25 23:24 -------- d-----w- c:\program files (x86)\SpeedFan
2011-07-09 11:06 . 2011-07-09 11:06 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2011-07-04 08:38 . 2011-07-04 08:38 -------- d-----w- c:\windows\system32\SPReview
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-29 19:44 . 2011-06-08 07:56 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-07-29 19:44 . 2011-06-08 07:56 88 --sh--r- c:\programdata\CE6C25E0DB.sys
2011-07-04 08:48 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-04 08:48 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-02 11:39 . 2011-05-24 14:22 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 09:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-31 14:42 . 2011-01-26 11:43 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-05-31 14:36 . 2011-03-29 21:03 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-05-31 14:36 . 2011-03-29 21:03 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-05-31 14:36 . 2011-03-29 21:03 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-31 14:36 . 2011-03-29 21:03 30016 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-05-28 03:30 . 2011-06-15 10:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-06-15 10:40 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2011-01-24 16:06 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-07-01 10:02 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-07-01 10:02 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-07-01 10:02 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-07-01 10:02 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-07-01 10:02 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-10 15:14 . 2011-06-15 16:25 141184 ----a-w- c:\users\Ladislav Stýblo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2011-05-10 15:14 . 2011-06-15 16:25 141184 ----a-w- c:\users\Ladislav Stýblo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2011-05-04 05:25 . 2011-07-01 10:02 2315776 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-07-01 10:02 2223616 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-07-01 10:02 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-07-01 10:02 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-07-01 10:02 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:22 . 2011-07-01 10:02 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:19 . 2011-07-01 10:02 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-07-01 10:02 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-07-01 10:02 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:34 . 2011-07-01 10:02 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:32 . 2011-07-01 10:02 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:32 . 2011-07-01 10:02 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:32 . 2011-07-01 10:02 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:32 . 2011-07-01 10:02 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32 . 2011-07-01 10:02 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28 . 2011-07-01 10:02 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28 . 2011-07-01 10:02 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-07-01 10:02 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-03 19:27 . 2011-05-03 19:27 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2011-05-03 05:29 . 2011-06-15 10:40 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 10:40 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_22.08.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-05-25 22:01 . 2010-05-25 22:01 14014 c:\windows\SysWOW64\mswtnhore.dll
+ 2009-07-13 08:50 . 2009-07-13 08:50 14014 c:\windows\SysWOW64\mswtnhore.dll
- 2009-07-14 04:54 . 2011-07-26 22:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-31 17:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-26 22:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 17:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 17:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-26 22:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-18 14:40 . 2011-07-31 16:35 63098 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-31 16:51 59404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-24 21:20 . 2011-07-31 16:51 13382 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3891240364-1666538785-250782947-1000_UserData.bin
+ 2011-01-24 17:00 . 2011-07-31 16:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-24 17:00 . 2011-07-26 22:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-24 17:00 . 2011-07-31 16:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-24 17:00 . 2011-07-26 22:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-24 17:00 . 2011-07-26 22:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-24 17:00 . 2011-07-31 16:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-24 16:10 . 2011-07-26 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-24 16:10 . 2011-07-31 16:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-24 16:10 . 2011-07-26 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-24 16:10 . 2011-07-31 16:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-24 14:15 . 2011-07-30 16:13 6546 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-01-24 14:15 . 2011-07-26 22:01 6546 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-07-26 22:02 . 2011-07-26 22:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-31 16:29 . 2011-07-31 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-31 16:29 . 2011-07-31 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-26 22:02 . 2011-07-26 22:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-25 01:30 . 2011-07-30 10:18 406592 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-07-27 21:43 616452 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-26 08:26 616452 c:\windows\system32\perfh009.dat
- 2009-09-19 00:24 . 2011-07-26 08:26 631736 c:\windows\system32\perfh005.dat
+ 2009-09-19 00:24 . 2011-07-27 21:43 631736 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-07-26 08:26 106574 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-27 21:43 106574 c:\windows\system32\perfc009.dat
- 2009-09-19 00:24 . 2011-07-26 08:26 122100 c:\windows\system32\perfc005.dat
+ 2009-09-19 00:24 . 2011-07-27 21:43 122100 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-07-30 16:13 432428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2011-07-30 16:16 3011736 c:\windows\system32\FNTCACHE.DAT
+ 2011-05-14 18:35 . 2011-07-30 16:13 3267128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-05-14 18:35 . 2011-07-25 22:48 3267128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-26 22:24 . 2011-07-30 16:13 24071204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3891240364-1666538785-250782947-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\software\QIP 2010\qip.exe" [2011-07-18 6812032]
"uTorrent"="c:\software\uTorrent\uTorrent.exe" [2011-03-24 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-07-17 842816]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ISTray"="c:\spftware\PC Tools Security\pctsGui.exe" [2011-04-28 1600984]
"PCTools FGuard"="c:\spftware\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]
.
c:\users\Ladislav Stěblo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Automatick‚ vypnutˇ poźˇtaźe.lnk - c:\software\Automatick‚ vypnutˇ poźˇtaźe\avp.exe [2004-12-28 443392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\software\QuickTime\QTTask.exe" -atboottime
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\spftware\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-27 337872]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 ekrn;ESET Service;c:\software\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-29 810120]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
R2 TeamViewer6;TeamViewer 6;c:\software\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\software\TuneUP\TuneUpUtilitiesService64.exe [2011-05-31 1403200]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 721712]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
R3 BTHprint;Třída tiskárny protokolu Bluetooth (Microsoft);c:\windows\system32\DRIVERS\bthprint.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-26 1038088]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\spftware\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\software\TuneUP\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\spftware\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"egui"="c:\software\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-24 2838816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 134416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 10.0.0.138
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\software\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Ladislav Stýblo\AppData\Roaming\Mozilla\Firefox\Profiles\1pkklvtp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Software\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{DD83A4D4-745F-4B69-94BA-FF1E1CCC03D1}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.42.0"
"UniqueId"="014EC6224D3DEB57"
"ScannerBuild"=dword:000021a0
"ScannerVersionId"=dword:000016b5
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-31 19:52:56
ComboFix-quarantined-files.txt 2011-07-31 17:52
ComboFix2.txt 2011-07-27 21:47
.
Před spuštěním: 9 713 332 224
Po spuštění: 9 593 782 272
.
- - End Of File - - F4C76D407FC2658CAA31294A2099315E

[motji]

V jakém osuboru mají být ty viry?

[ladisnb]

soubory se mi jiz povedlo odstranit v nouzovém režimu pomocí spyware doctora.
První byl na ploše. A druhý na ploše ve složce instalačky kam se automaticky stahují soubory stahované přez firefox

[motji]

Ted to s počítačem vypadá jak?