preventivka - nebo že by ?

[jacktenrek]

začal se me sekat komp a vypadavat net tak prosim o kontrolu popř. návrh řešení díky předem
keyloger je dany vědomě ...

Logfile of random's system information tool 1.08 (written by random/random)
Run by Styx at 2011-03-16 18:56:33
Microsoft Windows 7 Ultimate
System drive C: has 16 GB (30%) free of 52 GB
Total RAM: 2048 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:57:05, on 16.3.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\FKRMonitor\fklogger.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Styx\Desktop\RSIT.exe
C:\Program Files\trend micro\Styx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [fklogger.exe] C:\Program Files\FKRMonitor\fklogger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{94B21916-8D5C-4E2A-9C7F-3C85877AD4D2}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{94B21916-8D5C-4E2A-9C7F-3C85877AD4D2}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{94B21916-8D5C-4E2A-9C7F-3C85877AD4D2}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: pqgutxnskrbgbg - Unknown owner - c:\windows\system32\tzpfzwq.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 7936 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-08-24 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2007-04-09 19968]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-12-08 8120864]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-01-26 2548552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2010-07-21 198864]
"fklogger.exe"=C:\Program Files\FKRMonitor\fklogger.exe [2010-02-19 514560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop]
C:\ProgramData\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe [2010-10-29 983552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files\Logitech\Vid HD\Vid.exe [2010-10-29 5915480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Styx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
C:\PROGRA~1\Logitech\LOGITE~1\eReg.exe [2009-10-14 517384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-16 18:56:33 ----D---- C:\Program Files\trend micro
2011-03-09 07:42:58 ----A---- C:\Windows\system32\DWrite.dll
2011-03-09 07:42:56 ----A---- C:\Windows\system32\FntCache.dll
2011-03-09 07:42:54 ----A---- C:\Windows\system32\d2d1.dll
2011-03-09 07:42:50 ----A---- C:\Windows\system32\CPFilters.dll
2011-03-09 07:42:49 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 07:42:47 ----A---- C:\Windows\system32\sbe.dll
2011-03-09 07:42:43 ----A---- C:\Windows\system32\mstscax.dll
2011-03-09 07:42:41 ----A---- C:\Windows\system32\mstsc.exe
2011-02-23 22:25:43 ----A---- C:\Windows\system32\wcncsvc.dll
2011-02-23 10:41:01 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-23 10:40:59 ----A---- C:\Windows\system32\XpsGdiConverter.dll

======List of files/folders modified in the last 1 months======

2011-03-16 18:57:03 ----D---- C:\Windows\Temp
2011-03-16 18:57:03 ----D---- C:\Windows\Prefetch
2011-03-16 18:56:33 ----RD---- C:\Program Files
2011-03-16 18:32:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-03-16 18:31:37 ----D---- C:\Windows\system32\LogFiles
2011-03-16 18:31:35 ----D---- C:\Windows\debug
2011-03-16 18:31:35 ----D---- C:\Windows
2011-03-16 17:45:16 ----D---- C:\ProgramData\NVIDIA
2011-03-16 17:40:01 ----D---- C:\Users\Styx\AppData\Roaming\Skype
2011-03-16 16:04:47 ----D---- C:\Users\Styx\AppData\Roaming\skypePM
2011-03-16 03:12:23 ----D---- C:\Windows\system32\config
2011-03-15 18:09:13 ----D---- C:\Windows\system32\NDF
2011-03-15 08:35:40 ----SHD---- C:\System Volume Information
2011-03-11 19:49:05 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 3
2011-03-10 08:20:38 ----D---- C:\Windows\winsxs
2011-03-10 08:20:20 ----D---- C:\Windows\System32
2011-03-09 22:21:48 ----A---- C:\Windows\system32\MRT.exe
2011-03-09 22:21:31 ----SHD---- C:\Windows\Installer
2011-03-09 22:21:23 ----D---- C:\ProgramData\Microsoft Help
2011-03-09 07:42:33 ----D---- C:\Windows\system32\catroot
2011-03-09 07:42:32 ----D---- C:\Windows\system32\catroot2
2011-03-09 07:36:21 ----D---- C:\Program Files\Microsoft Silverlight
2011-03-06 20:24:01 ----D---- C:\Users\Styx\AppData\Roaming\Media Player Classic
2011-03-06 20:20:39 ----D---- C:\Program Files\CCleaner
2011-03-06 14:46:54 ----D---- C:\Program Files\rajce
2011-03-03 14:26:37 ----D---- C:\Users\Styx\AppData\Roaming\Jpeg Resampler
2011-03-03 06:46:10 ----D---- C:\Windows\system32\Tasks
2011-02-26 15:12:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-26 15:12:45 ----D---- C:\Windows\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-06-15 64288]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-06 691696]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2011-01-13 17256]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-01-13 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-01-13 35768]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-01-13 80064]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/01 20:44:26]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [2009-02-28 87536]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2007-04-18 98600]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2007-04-10 520488]
R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2007-04-12 546048]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2007-04-12 560384]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
R3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2007-04-10 92968]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
R3 hap16v2k;Creative P16V HAL Driver; C:\Windows\system32\drivers\hap16v2k.sys [2007-04-10 163112]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-12-08 2975776]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2007-04-10 126760]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 afzrnvhc;afzrnvhc; C:\Windows\system32\drivers\afzrnvhc.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2007-04-12 164608]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2007-04-10 511272]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 hap17v2k;Creative P17V HAL Driver; C:\Windows\system32\drivers\hap17v2k.sys [2007-04-10 189736]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 kxwdmdrv;kX WDM Driver Service; C:\Windows\system32\drivers\kx.sys [2010-12-18 445512]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2009-04-30 495768]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-01-26 1803224]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 pqgutxnskrbgbg;pqgutxnskrbgbg; c:\windows\system32\tzpfzwq.exe []
S3 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-24 654848]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-29 1352832]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[jacktenrek]

ComboFix 11-03-16.01 - Styx 16.03.2011 19:39:19.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2048.1362 [GMT 1:00]
Spuštěný z: c:\users\Styx\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\WINDOWSDEFENDER.EXE
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-16 do 2011-03-16 )))))))))))))))))))))))))))))))
.
.
2011-03-16 18:54 . 2011-03-16 18:56 -------- d-----w- c:\users\Styx\AppData\Local\temp
2011-03-16 18:54 . 2011-03-16 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 17:56 . 2011-03-16 17:57 -------- d-----w- c:\program files\trend micro
2011-03-15 07:35 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDB849C2-C7F6-4DC2-8F70-F75B04FC3329}\mpengine.dll
2011-03-09 06:42 . 2011-02-19 05:56 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 06:42 . 2011-02-19 05:56 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 06:42 . 2011-02-19 05:56 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 06:42 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 06:42 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 06:42 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 06:42 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 06:42 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 06:42 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-02-23 21:25 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 09:41 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 09:40 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:45 . 2011-02-09 10:09 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2010-02-27 17:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-13 16:01 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-13 16:01 . 2010-06-01 17:00 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-13 16:01 . 2010-06-04 09:55 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-13 16:01 . 2010-06-01 17:00 35768 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-13 16:01 . 2010-06-01 17:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-07 07:27 . 2011-02-09 10:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 10:10 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37 . 2011-02-09 10:10 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38 . 2011-02-09 10:09 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38 . 2011-02-09 10:09 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38 . 2011-02-09 10:09 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38 . 2011-02-09 10:10 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 10:10 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38 . 2011-02-09 10:09 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36 . 2011-02-09 10:10 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36 . 2011-02-09 10:10 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34 . 2011-02-09 10:09 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29 . 2011-02-09 10:10 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 03:19 . 2011-02-09 22:42 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 03:15 . 2011-02-09 22:42 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 00:11 . 2010-12-18 00:11 445512 ----a-w- c:\windows\system32\drivers\kx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"fklogger.exe"="c:\program files\FKRMonitor\fklogger.exe" [2010-02-19 514560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-26 2548552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Styx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
backup=c:\windows\pss\Logitech . Registrace produktu.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop]
2010-10-29 12:55 983552 ----a-w- c:\programdata\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"CTHelper"=CTHELPER.EXE
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 pqgutxnskrbgbg;pqgutxnskrbgbg;c:\windows\system32\tzpfzwq.exe [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2010-12-18 445512]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-29 1352832]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-15 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-06 691696]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-01-13 17256]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-13 236600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-13 35768]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/01 20:44];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 18:40 87536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2010-04-16 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-06-10 c:\windows\Tasks\At10.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-07-05 c:\windows\Tasks\At11.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-04-24 c:\windows\Tasks\At2.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-04-24 c:\windows\Tasks\At3.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-05-01 c:\windows\Tasks\At4.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-05-01 c:\windows\Tasks\At5.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-05-01 c:\windows\Tasks\At6.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-06-02 c:\windows\Tasks\At7.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-06-07 c:\windows\Tasks\At8.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-06-09 c:\windows\Tasks\At9.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2011-01-25 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-14 19:33]
.
2011-03-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-14 14:48]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
TCP: {94B21916-8D5C-4E2A-9C7F-3C85877AD4D2} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Styx\AppData\Roaming\Mozilla\Firefox\Profiles\p8gkqsft.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FFlisticka_1&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(1160)
c:\windows\system32\guard32.dll
c:\windows\system32\stobject.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Celkový čas: 2011-03-16 20:03:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-16 19:03
ComboFix2.txt 2009-11-26 19:44
ComboFix3.txt 2009-11-26 16:53
ComboFix4.txt 2009-11-25 18:31
ComboFix5.txt 2011-03-16 18:36
.
Před spuštěním: Volných bajtů: 16 350 261 248
Po spuštění: Volných bajtů: 16 342 016 000
.
- - End Of File - - 0B8EED8D8A28AB23DA5D432DFA3161F1

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\tzpfzwq.exe

Driver::
pqgutxnskrbgbg

AtJob::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[jacktenrek]

pokud je to vše tak moc dekuji a

[Rudy]

Ano, je to vše. Nemáte zač!