VIRY.CZ

Otevřte poznámkový blok a zkopírujte do něj:

KillAll:

Folder::
c:\program files (x86)\GUM869D.tmp
c:\program files (x86)\ICQ6Toolbar

Collect::
c:\program files (x86)\GUT869E.tmp
c:\users\marie\AppData\Local\Temp\010773~1.EXE
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
ICQ Service
0107731334422752mcinstcleanup

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\McAfee]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Pravděpodobně se to seklo u fáze 3... ještě chvilku počkám, když tak to zkusím v nouzovým režimu.

OK, zkuste.

Nějak se mi nedaří nastartovat notas, jak normálně, tak v nouzovým režimu. Při zadaný hesla na hl. stránce se objeví černá obrazovka a uprostřed ukazatel myši.

Je tam buď nějaký šmejd, nebo jde o systémovou chybu. Budete muset opravit systém z instal. média.

To snad ne Doufám, že to nějak rozchodím

Návod na opravu: http://forum.viry.cz/viewtopic.php?f=46&t=106339 .

Díky použiji to až poslední šanci

Není zač!

Dobrý, dostal jsem se tam, po půl hodině přihlašování... zkusím ten CFScript hodit do CF a poté Vám dám vědět.

OK.

Takže konečně tu máme log z CF.


ComboFix 12-04-14.02 - marie 15.04.2012 22:42:01.4.1 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2940.2546 [GMT 2:00]
Spuštěný z: c:\users\marie\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\marie\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GUM869D.tmp
c:\program files (x86)\GUM869D.tmp\GoogleCrashHandler.exe
c:\program files (x86)\GUM869D.tmp\GoogleCrashHandler64.exe
c:\program files (x86)\GUM869D.tmp\GoogleUpdate.exe
c:\program files (x86)\GUM869D.tmp\GoogleUpdateBroker.exe
c:\program files (x86)\GUM869D.tmp\GoogleUpdateHelper.msi
c:\program files (x86)\GUM869D.tmp\GoogleUpdateOnDemand.exe
c:\program files (x86)\GUM869D.tmp\GoogleUpdateSetup.exe
c:\program files (x86)\GUM869D.tmp\goopdate.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_am.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ar.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_bg.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_bn.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ca.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_cs.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_da.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_de.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_el.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_en-GB.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_en.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_es-419.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_es.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_et.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_fa.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_fi.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_fil.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_fr.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_gu.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_hi.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_hr.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_hu.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_id.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_is.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_it.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_iw.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ja.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_kn.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ko.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_lt.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_lv.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ml.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_mr.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ms.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_nl.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_no.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_pl.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_pt-BR.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_pt-PT.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ro.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ru.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_sk.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_sl.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_sr.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_sv.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_sw.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ta.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_te.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_th.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_tr.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_uk.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_ur.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_vi.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_zh-CN.dll
c:\program files (x86)\GUM869D.tmp\goopdateres_zh-TW.dll
c:\program files (x86)\GUM869D.tmp\npGoogleUpdate3.dll
c:\program files (x86)\GUM869D.tmp\psmachine.dll
c:\program files (x86)\GUM869D.tmp\psuser.dll
c:\program files (x86)\GUT869E.tmp
c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\program files (x86)\ICQ6Toolbar\voucher.bmp
c:\program files (x86)\ICQ6Toolbar\voucher2.bmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_0107731334422752mcinstcleanup
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-15 do 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 21:08 . 2012-04-15 21:08 -------- d-----w- c:\users\mamba\AppData\Local\temp
2012-04-15 21:08 . 2012-04-15 21:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-14 16:24 . 2012-04-14 16:24 -------- d-----w- c:\program files\CCleaner
2012-04-14 16:14 . 2012-04-14 16:14 -------- d-----w- C:\rsit
2012-04-14 16:14 . 2012-04-14 16:14 -------- d-----w- c:\program files (x86)\trend micro
2012-04-14 16:13 . 2012-04-14 16:13 -------- d-----w- c:\program files (x86)\RegCleaner
2012-04-07 21:37 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-07 21:35 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-07 21:32 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-30 15:31 . 2012-03-30 15:32 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-30 15:30 . 2012-03-30 15:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-30 15:29 . 2012-03-30 15:30 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-30 15:29 . 2012-03-30 15:29 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe
2012-03-30 15:28 . 2012-03-30 15:29 307200 ----a-w- c:\program files (x86)\Internet Explorer\iediagcmd.exe
2012-03-30 15:25 . 2012-03-30 15:26 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-30 15:23 . 2012-03-30 15:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-30 15:22 . 2012-03-30 15:22 22016 ----a-w- c:\program files (x86)\Internet Explorer\ExtExport.exe
2012-03-30 15:21 . 2012-03-30 15:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-30 15:21 . 2012-03-30 15:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-30 15:20 . 2012-03-30 15:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-30 15:13 . 2012-03-30 15:14 466432 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
2012-03-30 15:13 . 2012-03-30 15:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-30 15:13 . 2012-03-30 15:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-30 15:12 . 2012-03-30 15:13 222720 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe
2012-03-30 15:08 . 2012-03-30 15:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-30 15:05 . 2012-03-30 15:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-30 15:05 . 2012-03-30 15:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-30 15:05 . 2012-03-30 15:05 193536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2012-03-30 15:05 . 2012-03-30 15:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-03-30 15:04 . 2012-03-30 15:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-30 15:04 . 2012-03-30 15:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-30 15:02 . 2012-03-30 15:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-30 14:54 . 2012-03-30 14:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-30 14:53 . 2012-03-30 14:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-30 14:52 . 2012-03-30 14:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-30 14:52 . 2012-03-30 14:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-30 14:51 . 2012-03-30 14:51 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-29 20:32 . 2012-03-29 20:32 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-29 20:31 . 2012-03-29 20:32 754480 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-03-29 20:30 . 2012-03-29 20:30 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-29 20:28 . 2012-03-29 20:28 119808 ----a-w- c:\program files\Internet Explorer\iecleanup.exe
2012-03-29 20:14 . 2012-03-29 20:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-29 20:13 . 2012-03-29 20:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-29 20:13 . 2012-03-29 20:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-29 20:12 . 2012-03-29 20:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-29 20:10 . 2012-03-29 20:11 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-29 20:09 . 2012-03-29 20:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-29 20:07 . 2012-03-29 20:07 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-29 20:06 . 2012-03-29 20:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-29 20:06 . 2012-03-29 20:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-29 20:05 . 2012-03-29 20:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-29 19:58 . 2012-03-29 19:58 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-03-29 19:57 . 2012-03-29 19:57 480256 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2012-03-29 19:56 . 2012-03-29 19:57 448512 ----a-w- c:\windows\system32\html.iec
2012-03-29 19:56 . 2012-03-29 19:56 223232 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2012-03-29 19:52 . 2012-03-29 19:52 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-29 19:50 . 2012-03-29 19:50 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-29 19:49 . 2012-03-29 19:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-29 19:49 . 2012-03-29 19:49 546816 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-03-29 19:47 . 2012-03-29 19:48 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-03-29 19:47 . 2012-03-29 19:47 165888 ----a-w- c:\windows\system32\iexpress.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 16:05 . 2012-04-14 16:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3EC25C1-F821-4A62-9F86-FDE9623D291B}\offreg.dll
2012-03-29 20:30 . 2012-03-29 20:28 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-29 19:58 . 2012-03-29 19:58 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-29 19:47 . 2012-03-29 19:47 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-29 19:46 . 2012-03-29 19:46 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-23 08:18 . 2011-10-07 15:56 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 00:05 . 2012-03-20 18:50 8643640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3EC25C1-F821-4A62-9F86-FDE9623D291B}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_11.11.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-15 21:35 50820 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-09-06 14:08 . 2012-04-14 16:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 14:08 . 2012-04-15 19:29 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 14:08 . 2012-04-15 19:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-06 14:08 . 2012-04-14 16:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-15 19:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 16:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-06 14:48 . 2012-04-15 21:35 8872 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-86339962-3955456567-656538807-1000_UserData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-09-10 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GPRSpeed Plus Client.lnk - c:\program files (x86)\GPRSpeed Plus\GPRSpeed Plus Client\NGSpawner.exe [2011-5-15 45056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-17 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-17 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-17 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"combofix"="c:\combofix\CF4419.3XE" [2009-07-14 344576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=localhost:9090;https=localhost:9092;ftp=localhost:9093
uInternet Settings,ProxyOverride = localhost; 127.0.0.1
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\GPRSpeed Plus\GPRSpeed Plus Client\GPRSpeed_c.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2012-04-16 00:11:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-15 22:10
ComboFix2.txt 2012-04-15 12:16
.
Před spuštěním: Volných bajtů: 84 335 063 040
Po spuštění: Volných bajtů: 84 124 319 744
.
- - End Of File - - 65D22B44878FE85E4591C072A5359D38

Log již vypadá čistý. Nastala nějaká změna?

Pravděpodobně ne, protože se mi přihlašoval přes půl hodiny, všechno se seká, chtěl jsem nainstalovat Office a při zadávání CD keye se to prostě seklo a měl jsem tam modrej kroužek. Prostě totální seky... Ještě zkusím vymazat zbytečný hovadiny, co tam má.

Odinstalovat, nikoli vymazat. Ještě bych doporučil kontrolu disku checkdiskem s aut. opravou chyb.