Prosim o kontrolu, PC se nevypina, seka se MS Office

[kilda]

PC se nevypíná, MS Office se seká, antivirus objevil 14 nákaz.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Killgor at 2011-02-16 18:01:38
Microsoft Windows 7 Professional
System drive C: has 8 GB (10%) free of 76 GB
Total RAM: 895 MB (30% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DLIGHTER"=C:\Program Files\Desktop Lighter\DLighter.exe [2010-10-12 227328]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-02-16 18:01:42 ----D---- C:\Program Files\trend micro
2011-02-16 18:01:38 ----D---- C:\rsit
2011-02-16 14:39:59 ----D---- C:\Program Files\Microsoft Security Client
2011-02-16 14:39:28 ----A---- C:\Windows\system32\drivers\netio.sys
2011-02-11 22:08:48 ----A---- C:\Windows\system32\mshtml.dll
2011-02-11 22:07:56 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-11 22:07:49 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-11 22:07:48 ----A---- C:\Windows\system32\mstime.dll
2011-02-11 22:07:43 ----A---- C:\Windows\system32\iertutil.dll
2011-02-11 22:07:42 ----A---- C:\Windows\system32\iepeers.dll
2011-02-11 22:07:40 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-11 22:07:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-11 22:07:35 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-11 22:07:31 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-11 22:04:35 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-11 22:04:34 ----A---- C:\Windows\system32\d2d1.dll
2011-02-11 22:04:33 ----A---- C:\Windows\system32\DWrite.dll
2011-02-11 22:04:32 ----A---- C:\Windows\system32\mf.dll
2011-02-11 22:04:31 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-11 22:04:31 ----A---- C:\Windows\system32\FntCache.dll
2011-02-11 22:04:30 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-11 22:04:29 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-02-11 22:04:29 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-11 22:04:28 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-11 22:04:28 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-02-11 22:04:27 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-11 22:04:27 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-11 22:04:09 ----A---- C:\Windows\system32\win32k.sys
2011-02-11 22:04:05 ----A---- C:\Windows\system32\kerberos.dll
2011-02-11 22:04:02 ----A---- C:\Windows\system32\jscript.dll
2011-02-11 22:04:01 ----A---- C:\Windows\system32\vbscript.dll
2011-02-11 22:03:04 ----A---- C:\Windows\system32\atmlib.dll
2011-02-11 22:03:04 ----A---- C:\Windows\system32\atmfd.dll
2011-02-11 22:02:59 ----A---- C:\Windows\system32\ntdll.dll
2011-02-11 22:02:57 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-11 22:02:56 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-11 22:02:06 ----A---- C:\Windows\system32\upnp.dll
2011-02-11 22:02:04 ----A---- C:\Windows\system32\urlmon.dll
2011-02-11 22:02:03 ----A---- C:\Windows\system32\wininet.dll
2011-02-11 22:02:03 ----A---- C:\Windows\system32\msxml6.dll
2011-02-11 22:02:02 ----A---- C:\Windows\system32\msxml3.dll
2011-02-11 22:02:00 ----A---- C:\Windows\system32\ieframe.dll
2011-02-11 22:01:59 ----A---- C:\Windows\system32\wscapi.dll
2011-02-11 22:01:59 ----A---- C:\Windows\system32\winhttp.dll
2011-02-11 22:01:59 ----A---- C:\Windows\system32\WebClnt.dll
2011-02-11 22:01:59 ----A---- C:\Windows\system32\slwga.dll
2011-02-11 22:01:59 ----A---- C:\Windows\system32\davclnt.dll
2011-02-11 22:01:58 ----A---- C:\Windows\system32\wscsvc.dll
2011-02-11 22:00:42 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-11 22:00:41 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-02-11 22:00:41 ----A---- C:\Windows\system32\cdd.dll
2011-01-26 08:26:55 ----A---- C:\Windows\AutoKMS.ini
2011-01-24 16:27:00 ----D---- C:\Autodata 2007
2011-01-24 16:03:58 ----D---- C:\Program Files\Common Files\Autodata Limited Shared
2011-01-24 15:15:13 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2011-01-24 15:15:12 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2011-01-24 15:15:11 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2011-01-24 15:14:58 ----A---- C:\Windows\system32\BtwRSupport.dll
2011-01-24 15:13:57 ----D---- C:\Windows\system32\es-MX
2011-01-24 15:13:57 ----D---- C:\Windows\system32\es-AR
2011-01-24 15:13:52 ----D---- C:\Program Files\WIDCOMM
2011-01-24 15:07:24 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-01-24 15:07:11 ----D---- C:\Program Files\DAEMON Tools Toolbar
2011-01-24 15:06:58 ----D---- C:\Program Files\DAEMON Tools Lite
2011-01-24 15:06:32 ----D---- C:\Users\Killgor\AppData\Roaming\DAEMON Tools Lite
2011-01-24 15:06:32 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-01-15 12:42:50 ----A---- C:\Windows\system32\odbc32.dll
2011-01-07 17:18:15 ----D---- C:\Program Files\Codemasters
2011-01-07 17:18:15 ----A---- C:\Windows\system32\MSOSS.DLL
2011-01-07 17:09:35 ----D---- C:\Colin McRae Rally 2.0
2010-12-18 22:54:31 ----A---- C:\Windows\system32\tzres.dll
2010-12-18 22:53:39 ----A---- C:\Windows\system32\ieui.dll
2010-12-18 22:53:37 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-18 22:48:40 ----A---- C:\Windows\system32\taskschd.dll
2010-12-18 22:48:40 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-18 22:48:39 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-18 22:48:39 ----A---- C:\Windows\system32\taskeng.exe
2010-12-18 22:48:39 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-18 22:48:38 ----A---- C:\Windows\system32\schtasks.exe
2010-12-18 22:48:22 ----A---- C:\Windows\system32\webio.dll
2010-12-18 22:45:23 ----A---- C:\Windows\system32\consent.exe
2010-12-18 22:43:48 ----A---- C:\Windows\system32\oleaut32.dll
2010-12-09 20:18:39 ----A---- C:\Windows\system32\xinput1_3.dll
2010-12-06 00:24:29 ----SHD---- C:\Config.Msi
2010-11-29 19:39:14 ----D---- C:\ProgramData\workshophdb
2010-11-29 19:39:10 ----D---- C:\ProgramData\WorkshopData
2010-11-29 19:23:04 ----AD---- C:\ProgramData\TEMP
2010-11-29 19:11:16 ----D---- C:\ProgramData\organiser
2010-11-29 19:11:15 ----A---- C:\Windows\Crypkey.ini
2010-11-29 19:10:56 ----RA---- C:\Windows\Setup_ck.exe
2010-11-29 19:10:56 ----A---- C:\Windows\system32\Crypserv.exe
2010-11-29 19:10:56 ----A---- C:\Windows\system32\Ckldrv.sys
2010-11-29 19:10:56 ----A---- C:\Windows\Setup_ck.dll
2010-11-29 19:10:56 ----A---- C:\Windows\Ckrfresh.exe
2010-11-29 19:10:56 ----A---- C:\Windows\Ckconfig.exe
2010-11-29 19:08:32 ----HD---- C:\Program Files\Zero G Registry
2010-11-29 19:08:32 ----D---- C:\Program Files\Vivid WorkshopData ATI
2010-11-22 19:44:20 ----D---- C:\ProgramData\Adobe
2010-11-22 19:44:03 ----D---- C:\Program Files\Common Files\Adobe
2010-11-22 19:44:03 ----D---- C:\Program Files\Adobe
2010-11-22 16:44:00 ----D---- C:\QIP JadrisPack LITE

======List of files/folders modified in the last 3 months======

2011-02-16 18:01:43 ----D---- C:\Windows\Prefetch
2011-02-16 18:01:42 ----RD---- C:\Program Files
2011-02-16 18:01:10 ----D---- C:\Windows\Temp
2011-02-16 17:52:32 ----D---- C:\Windows
2011-02-16 15:08:08 ----D---- C:\Windows\system32\config
2011-02-16 14:49:15 ----D---- C:\Windows\System32
2011-02-16 14:49:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-16 14:49:14 ----D---- C:\Windows\inf
2011-02-16 14:46:23 ----D---- C:\Windows\system32\NDF
2011-02-16 14:43:58 ----D---- C:\Windows\winsxs
2011-02-16 14:41:39 ----D---- C:\Windows\system32\drivers
2011-02-16 14:40:50 ----SHD---- C:\Windows\Installer
2011-02-16 14:40:27 ----D---- C:\Windows\system32\catroot
2011-02-16 14:40:18 ----SD---- C:\ProgramData\Microsoft
2011-02-16 14:39:15 ----SHD---- C:\System Volume Information
2011-02-16 14:38:58 ----D---- C:\Windows\SoftwareDistribution
2011-02-16 14:37:29 ----D---- C:\Windows\system32\DriverStore
2011-02-16 14:30:02 ----D---- C:\Windows\Minidump
2011-02-16 14:30:02 ----D---- C:\Windows\debug
2011-02-14 20:44:10 ----D---- C:\Program Files\Internet Explorer
2011-02-13 20:49:28 ----D---- C:\ADCDA2
2011-02-11 22:00:21 ----D---- C:\Windows\system32\catroot2
2011-02-08 14:01:24 ----A---- C:\CKINFO.TXT
2011-02-02 19:24:06 ----D---- C:\Users\Killgor\AppData\Roaming\vlc
2011-02-02 17:11:20 ----N---- C:\Windows\system32\MpSigStub.exe
2011-01-24 16:13:52 ----A---- C:\Windows\win.ini
2011-01-24 16:03:58 ----D---- C:\Program Files\Common Files
2011-01-24 16:01:57 ----D---- C:\ADCDTEMP
2011-01-24 15:14:59 ----SD---- C:\Windows\system32\Microsoft
2011-01-24 15:13:57 ----D---- C:\Windows\system32\zh-TW
2011-01-24 15:13:57 ----D---- C:\Windows\system32\zh-CN
2011-01-24 15:13:57 ----D---- C:\Windows\system32\sv-SE
2011-01-24 15:13:57 ----D---- C:\Windows\system32\ru-RU
2011-01-24 15:13:57 ----D---- C:\Windows\system32\pt-BR
2011-01-24 15:13:57 ----D---- C:\Windows\system32\pl-PL
2011-01-24 15:13:57 ----D---- C:\Windows\system32\ko-KR
2011-01-24 15:13:57 ----D---- C:\Windows\system32\ja-JP
2011-01-24 15:13:57 ----D---- C:\Windows\system32\it-IT
2011-01-24 15:13:57 ----D---- C:\Windows\system32\fr-FR
2011-01-24 15:13:57 ----D---- C:\Windows\system32\es-ES
2011-01-24 15:13:57 ----D---- C:\Windows\system32\en-US
2011-01-24 15:13:57 ----D---- C:\Windows\system32\de-DE
2011-01-24 15:12:55 ----D---- C:\SWSetup
2011-01-24 15:08:21 ----D---- C:\Windows\system32\Tasks
2011-01-24 15:06:32 ----HD---- C:\ProgramData
2011-01-16 10:15:48 ----D---- C:\ProgramData\Microsoft Help
2011-01-08 16:33:14 ----D---- C:\Program Files\Common Files\InstallShield
2011-01-02 20:17:02 ----D---- C:\Live_for_speed_full
2010-12-25 15:48:00 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-20 01:55:13 ----D---- C:\Windows\rescache
2010-12-20 01:02:37 ----D---- C:\Windows\system32\cs-CZ
2010-12-20 01:02:37 ----D---- C:\Program Files\Windows Mail
2010-12-20 01:02:36 ----D---- C:\Windows\system32\migration
2010-12-14 13:19:26 ----D---- C:\Windows\system32\wdi
2010-12-12 17:52:25 ----SD---- C:\Users\Killgor\AppData\Roaming\Microsoft
2010-12-09 20:17:56 ----D---- C:\Windows\Logs
2010-11-23 07:52:44 ----D---- C:\Program Files\Trillian
2010-11-22 19:45:37 ----D---- C:\Users\Killgor\AppData\Roaming\Adobe
2010-11-22 17:19:00 ----D---- C:\Users\Killgor\AppData\Roaming\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-24 218688]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl120bb2fd;MpKsl120bb2fd; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{637F4D4E-B73D-45B5-8A67-C8B7891859C1}\MpKsl120bb2fd.sys [2011-02-16 28752]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-08-22 21638]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-01 4179968]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-13 1131008]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896]
R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2011-01-24 72704]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 organiserservice;organiser database; C:\PROGRA~1\VIVIDW~1\ORGANI~1.EXE [2010-11-29 115712]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1343400]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[kilda]

Dobry vecer, log z CF je zde:
ComboFix 11-02-16.01 - Killgor 16.02.2011 21:31:45.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.895.456 [GMT 1:00]
Spuštěný z: c:\users\Killgor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
c:\users\Killgor\Firefox Setup 3.6.10.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 20:39 . 2011-02-16 20:39 -------- d-----w- c:\users\Killgor\AppData\Local\temp
2011-02-16 20:39 . 2011-02-16 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-16 17:01 . 2011-02-16 17:01 -------- d-----w- c:\program files\trend micro
2011-02-16 17:01 . 2011-02-16 17:01 -------- d-----w- C:\rsit
2011-02-16 13:49 . 2011-02-16 13:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{637F4D4E-B73D-45B5-8A67-C8B7891859C1}\MpKsl120bb2fd.sys
2011-02-16 13:49 . 2011-02-02 16:10 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{637F4D4E-B73D-45B5-8A67-C8B7891859C1}\mpengine.dll
2011-02-16 13:39 . 2011-02-16 13:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-16 13:39 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-11 21:05 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5060A534-2160-47DC-8F90-E5D5A9580FF4}\mpengine.dll
2011-02-11 21:03 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-11 21:03 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 21:02 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-11 21:02 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-11 21:02 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-11 21:02 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-11 21:02 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-11 21:02 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-02-11 21:02 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-02-11 21:01 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-11 21:01 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-02-11 21:01 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-11 21:01 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-11 21:01 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-02-11 21:01 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-11 21:00 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-11 21:00 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-11 21:00 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-01-26 07:24 . 2011-01-26 07:24 15823872 ----a-w- c:\users\Killgor\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
2011-01-26 07:24 . 2011-01-26 07:24 786492 ----a-w- c:\users\Killgor\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
2011-01-26 07:24 . 2011-01-26 07:24 107008 ----a-w- c:\users\Killgor\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
2011-01-24 15:27 . 2011-01-24 15:27 -------- d-----w- C:\Autodata 2007
2011-01-24 15:03 . 2011-01-24 15:03 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2011-01-24 14:15 . 2011-01-24 14:15 -------- d-----w- c:\users\Killgor\Bluetooth Software
2011-01-24 14:15 . 2006-11-21 11:54 80176 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-01-24 14:15 . 2006-11-21 11:54 16560 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-01-24 14:15 . 2006-11-21 11:54 78128 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-01-24 14:14 . 2006-11-21 11:54 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-01-24 14:13 . 2011-01-24 14:13 -------- d-----w- c:\windows\system32\es-MX
2011-01-24 14:13 . 2011-01-24 14:13 -------- d-----w- c:\windows\system32\es-AR
2011-01-24 14:13 . 2011-01-24 14:13 -------- d-----w- c:\program files\WIDCOMM
2011-01-24 14:07 . 2011-01-24 14:07 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-24 14:07 . 2011-01-24 14:07 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-01-24 14:06 . 2011-01-24 14:08 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-01-24 14:06 . 2011-01-24 14:10 -------- d-----w- c:\users\Killgor\AppData\Roaming\DAEMON Tools Lite
2011-01-24 14:06 . 2011-01-24 14:06 -------- d-----w- c:\programdata\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2010-09-23 19:04 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLIGHTER"="c:\program files\Desktop Lighter\DLighter.exe" [2010-10-12 227328]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-24 218688]
S1 MpKsl120bb2fd;MpKsl120bb2fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{637F4D4E-B73D-45B5-8A67-C8B7891859C1}\MpKsl120bb2fd.sys [2011-02-16 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MPKSL120BB2FD
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = mail.issstavcb.cz:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-02-16 21:41:55
ComboFix-quarantined-files.txt 2011-02-16 20:41

Před spuštěním: 7 949 488 128
Po spuštění: 8 023 826 432

- - End Of File - - CBC3517F77907DDC73B7868343612024

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Driver::
MPKSL120BB2FD

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[kilda]

provedeno, novy log je zde:
ComboFix 11-02-16.01 - Killgor 16.02.2011 22:01:28.2.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.895.438 [GMT 1:00]
Spuštěný z: c:\users\Killgor\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Killgor\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MPKSL120BB2FD
-------\Service_MpKsl120bb2fd


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 21:08 . 2011-02-16 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-16 20:41 . 2011-02-16 21:10 -------- d-----w- c:\users\Killgor\AppData\Local\temp
2011-02-16 17:01 . 2011-02-16 17:01 -------- d-----w- c:\program files\trend micro
2011-02-16 17:01 . 2011-02-16 17:01 -------- d-----w- C:\rsit
2011-02-16 13:49 . 2011-02-16 13:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{637F4D4E-B73D-45B5-8A67-C8B7891859C1}\MpKsl120bb2fd.sys
2011-02-16 13:49 . 2011-02-02 16:10 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{637F4D4E-B73D-45B5-8A67-C8B7891859C1}\mpengine.dll
2011-02-16 13:39 . 2011-02-16 13:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-16 13:39 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-11 21:05 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5060A534-2160-47DC-8F90-E5D5A9580FF4}\mpengine.dll
2011-02-11 21:03 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-11 21:03 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 21:02 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-11 21:02 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-11 21:02 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-11 21:02 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-11 21:02 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-11 21:02 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-02-11 21:02 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-02-11 21:01 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-11 21:01 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-02-11 21:01 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-11 21:01 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-11 21:01 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-02-11 21:01 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-11 21:00 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-11 21:00 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-11 21:00 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-01-26 07:24 . 2011-01-26 07:24 15823872 ----a-w- c:\users\Killgor\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
2011-01-26 07:24 . 2011-01-26 07:24 786492 ----a-w- c:\users\Killgor\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
2011-01-26 07:24 . 2011-01-26 07:24 107008 ----a-w- c:\users\Killgor\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
2011-01-24 15:27 . 2011-01-24 15:27 -------- d-----w- C:\Autodata 2007
2011-01-24 15:03 . 2011-01-24 15:03 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2011-01-24 14:15 . 2011-01-24 14:15 -------- d-----w- c:\users\Killgor\Bluetooth Software
2011-01-24 14:15 . 2006-11-21 11:54 80176 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-01-24 14:15 . 2006-11-21 11:54 16560 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-01-24 14:15 . 2006-11-21 11:54 78128 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-01-24 14:14 . 2006-11-21 11:54 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-01-24 14:13 . 2011-01-24 14:13 -------- d-----w- c:\windows\system32\es-MX
2011-01-24 14:13 . 2011-01-24 14:13 -------- d-----w- c:\windows\system32\es-AR
2011-01-24 14:13 . 2011-01-24 14:13 -------- d-----w- c:\program files\WIDCOMM
2011-01-24 14:07 . 2011-01-24 14:07 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-24 14:07 . 2011-01-24 14:07 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-01-24 14:06 . 2011-01-24 14:08 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-01-24 14:06 . 2011-01-24 14:10 -------- d-----w- c:\users\Killgor\AppData\Roaming\DAEMON Tools Lite
2011-01-24 14:06 . 2011-01-24 14:06 -------- d-----w- c:\programdata\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2010-09-23 19:04 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLIGHTER"="c:\program files\Desktop Lighter\DLighter.exe" [2010-10-12 227328]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-24 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = mail.issstavcb.cz:3128
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1596)
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\crypserv.exe
c:\progra~1\VIVIDW~1\ORGANI~1.EXE
c:\program files\Vivid WorkshopData ATI\jre\bin\javaw.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2011-02-16 22:14:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-16 21:14
ComboFix2.txt 2011-02-16 20:41

Před spuštěním: 8 065 101 824
Po spuštění: 7 895 371 776

- - End Of File - - D534F099279DA190E0CBAB983C5DE604

[Rudy]

Log již vypadá čistý. Nastala nějaká změna?

[kilda]

PC se vypina, nicmene OFF se seka porad. Pro upresneni: pri otevreni souboru .docx (v off 2010), kde jsou tabulky, pri jakekoliv uprave, psani nebo mazani textu zmizi tabulka, ktera byla do te doby pod/nad upravovanym textem a objevi se az po scrollovani nahoru a dolu. Zavada se objevila priblizne po nainstalovani nejnovejsich aktualizaci, do te doby bylo vse v poradku, u souboru .doc se nevyskytuje.

[Rudy]

Zkuste Office přeinstalovat.