VIRY.CZ

Obnova systému nepomohla..

A při spuštění ComboFixu mi najede tabulka s varováním, že Eset má zaplý rezidentní štíty, ale já ho nemůžu nikde najít, abych ho třeba vypl, protože ho v kompu nikde fyzicky nevidim..

Jste-li si jist, že je Eset nefunkční, hlášku ignorujte.

co by se stalo, kdyby byl i nadále funkční a já hlášku ComboFixu ignoroval?

Mohl by se zaseknout a dál nepokračovat. Poškodit systém by se při tom neměl.

ComboFix 12-11-16.02 - JURKA 19.11.2012 22:39:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2418 [GMT 1:00]
Spuštěný z: c:\documents and settings\JURKA\Dokumenty\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\JURKA\WINDOWS
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\N0039E78C-Mortal Kombat 4-Setup.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\avgfwdx.dll
c:\windows\system32\Oleaut32.1
c:\windows\system32\Sys32
c:\windows\system32\Sys32\AKV.exe
c:\windows\system32\Sys32\NSQK.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-19 do 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-18 15:03 . 2012-11-18 15:03 7170 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-11-18 14:59 . 2012-11-18 14:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-15 19:04 . 2012-11-15 20:11 -------- d-----w- c:\program files\trend micro
2012-11-15 17:20 . 2012-11-15 17:20 -------- d-----w- c:\program files\uTorrent
2012-11-15 17:20 . 2012-11-15 17:32 -------- d-----w- c:\documents and settings\JURKA\Data aplikací\uTorrent
2012-10-29 00:30 . 2012-10-29 01:01 -------- d-----w- c:\documents and settings\JURKA\Local Settings\Data aplikací\Ubisoft Game Launcher
2012-10-29 00:08 . 2012-10-29 00:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2012-10-29 00:08 . 2012-10-29 21:19 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-10-24 17:14 . 2012-10-24 17:14 -------- d-----w- c:\program files\Common Files\Nokia
2012-10-24 17:13 . 2012-10-24 17:13 -------- d-----w- c:\program files\DIFX
2012-10-24 17:13 . 2012-10-24 17:13 -------- d-----w- c:\program files\PC Connectivity Solution
2012-10-24 17:13 . 2012-06-11 12:17 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-10-24 17:13 . 2012-06-11 12:17 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-10-24 17:13 . 2012-06-11 12:17 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-10-24 17:13 . 2012-06-11 12:17 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-10-24 17:13 . 2012-06-11 12:17 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-10-24 17:13 . 2012-06-11 12:17 18560 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 15:28 . 2012-03-30 13:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 15:28 . 2011-05-20 11:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 19:57 . 2005-10-06 03:10 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-18 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-30 13:46 . 2012-08-30 13:46 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-27 18:40 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 18:40 . 2004-08-18 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 18:40 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 18:40 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-18 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-27 16:10 . 2012-10-27 16:09 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam2\steam.exe" [2012-08-04 1353080]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-12 1088424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"nwiz"="nwiz.exe" [2008-12-02 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"CHotkey"="mHotkey.exe" [2006-12-08 547840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\hry\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Steam2\\Steam.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\batman arkham asylum goty\\Binaries\\BmLauncher.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\batman arkham asylum goty\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\l.a.noire\\LANLauncher.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\batman2\\Binaries\\Win32\\BatmanAC.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\batman2\\RunLauncher.bat"=
"c:\\Program Files\\Steam2\\steamapps\\common\\Alan Wake\\AlanWake.exe"=
"c:\\Program Files\\Steam2\\steamapps\\labyso69\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8832:TCP"= 8832:TCP:BitComet 8832 TCP
"8832:UDP"= 8832:UDP:BitComet 8832 UDP
.
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [25.7.2008 18:25 212008]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.1.2009 14:22 436792]
S0 absiomi;absiomi;c:\windows\system32\drivers\mxmubje.sys --> c:\windows\system32\drivers\mxmubje.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [18.8.2004 13:00 14336]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S3 ALSysIO;ALSysIO;\??\c:\windows\TEMP\ALSysIO.sys --> c:\windows\TEMP\ALSysIO.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24.10.2012 18:13 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24.10.2012 18:13 8576]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [20.8.2009 16:05 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 22:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:28]
.
2012-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: Interfaces\{5909FF2E-678D-4DD4-BA20-8C2C0FBECADE}: NameServer = 10.255.255.10,10.255.255.20
FF - ProfilePath - c:\documents and settings\JURKA\Data aplikací\Mozilla\Firefox\Profiles\dnjy4zjz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 01:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngin0.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngin0.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngin0.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NWEReboot - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Heroes of Might and Magic® III - c:\program files\hry\Heroes 3 Complete\Heroes of Might and Magic® III.isu
AddRemove-Mortal Kombat 4 - c:\windows\N0039E78C-Mortal Kombat 4-Setup.exe
AddRemove-Nokia Suite - c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}\Installer.exe
AddRemove-Akamai - c:\documents and settings\JURKA\Local Settings\Data aplikací\Akamai\uninstall.exe
AddRemove-TeamSpeak 3 Client - c:\documents and settings\JURKA\Local Settings\Data aplikací\TeamSpeak 3 Client\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-19 22:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1715567821-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:b3,84,61,72,9d,b7,db,6d,05,98,c2,29,af,4f,41,9a,4b,b0,90,5a,51,4e,af,
80,30,a2,7d,a3,74,46,be,e6,87,36,e9,00,db,5e,ed,54,ea,db,da,b5,9a,6c,e7,ac,\
"??"=hex:a0,61,76,1a,b3,c8,9b,e0,05,2e,95,a9,c8,c9,59,e4
.
[HKEY_USERS\S-1-5-21-1292428093-1715567821-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b0,65,22,67,de,20,df,77,dc,2d,b5,f9,8a,3c,f8,c6,1e,92,72,7f,a8,
82,e5,ab,8d,7b,e6,5c,8c,39,fb,c2,ca,fc,de,4a,c3,1e,0b,e0,0d,89,f9,59,e7,15,\
"rkeysecu"=hex:35,8a,11,95,af,a2,77,a0,1e,e9,25,43,62,cb,ae,60
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\mHotkey.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2012-11-19 22:49:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-19 21:49
.
Před spuštěním: Volných bajtů: 83 675 770 880
Po spuštění: Volných bajtů: 84 088 242 176
.
- - End Of File - - E6D72F5B6AF5AA47F3E5FA3D26AF3A72

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Driver::
Akamai
ICQ Service

Firefox::
FF - ProfilePath - c:\documents and settings\JURKA\Data aplikací\Mozilla\Firefox\Profiles\dnjy4zjz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 01:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

Regnull::
[HKEY_USERS\S-1-5-21-1292428093-1715567821-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1292428093-1715567821-839522115-1003\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.