VIRY.CZ

Mam problem s pripojenim telefonu k pocitaci, dela to jen na mem pocitaci, jinam pripojit jde bez problemu.. prosim tedy o kontrolu viru, predem dekuji.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jakub at 2010-10-24 10:00:30
Microsoft Windows 7 Ultimate
System drive C: has 69 GB (69%) free of 100 GB
Total RAM: 3068 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:43, on 24.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Nová složka\RSIT.exe
C:\Program Files\trend micro\Jakub.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6214 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-54245323-3427487984-2244985606-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-54245323-3427487984-2244985606-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-20 7625248]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-23 13797920]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
C:\Program Files\WebcamMax\WebcamMax.exe [2010-01-27 6038672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-10-16 19:19:31 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-10-16 19:19:31 ----A---- C:\Windows\system32\drivers\sdbus.sys
2010-10-13 21:14:07 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 21:14:04 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 21:14:02 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 21:14:00 ----A---- C:\Windows\system32\comctl32.dll
2010-10-13 21:13:58 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 21:13:58 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 21:13:54 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 21:13:52 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 21:13:49 ----A---- C:\Windows\system32\win32k.sys
2010-10-13 21:13:48 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 21:13:48 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 21:13:48 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 21:13:48 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 21:13:47 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 21:13:46 ----A---- C:\Windows\system32\StructuredQuery.dll
2010-10-10 19:52:41 ----D---- C:\Users\Jakub\AppData\Roaming\Mumble
2010-10-10 19:51:43 ----D---- C:\Program Files\Mumble
2010-10-05 21:07:15 ----D---- C:\Users\Jakub\AppData\Roaming\VDownloader
2010-10-05 21:06:57 ----D---- C:\Program Files\Ask.com
2010-10-05 21:06:48 ----A---- C:\Program Files\Common Files\AskToolbarInstaller.exe
2010-10-05 21:06:44 ----D---- C:\Program Files\VDownloader
2010-10-05 19:17:18 ----D---- C:\Windows\cs
2010-10-05 19:16:41 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-10-05 19:15:45 ----D---- C:\Program Files\Windows Live
2010-10-05 19:13:55 ----A---- C:\Windows\system32\UIRibbon.dll
2010-10-05 19:13:54 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-10-05 19:11:38 ----D---- C:\Program Files\Common Files\Windows Live
2010-09-29 00:02:31 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2010-09-29 00:02:31 ----A---- C:\Windows\system32\drivers\ks.sys
2010-09-28 20:08:45 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 months======

2010-10-24 10:00:43 ----D---- C:\Windows\Prefetch
2010-10-24 10:00:38 ----D---- C:\Program Files\trend micro
2010-10-24 10:00:22 ----D---- C:\Windows\Temp
2010-10-24 09:52:16 ----SHD---- C:\System Volume Information
2010-10-24 09:47:46 ----D---- C:\Windows\system32\config
2010-10-24 09:44:27 ----D---- C:\Windows\System32
2010-10-24 09:44:27 ----D---- C:\Windows\inf
2010-10-24 09:44:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-24 09:39:53 ----D---- C:\Windows\Tasks
2010-10-24 09:39:53 ----D---- C:\Windows\system32\wfp
2010-10-24 09:39:52 ----D---- C:\Windows\system32\wbem
2010-10-24 09:39:52 ----D---- C:\Windows
2010-10-24 09:39:01 ----D---- C:\Windows\system32\DriverStore
2010-10-24 09:39:01 ----D---- C:\Windows\system32\catroot2
2010-10-24 09:38:59 ----D---- C:\Windows\AppCompat
2010-10-24 09:38:59 ----D---- C:\Users\Jakub\AppData\Roaming\vlc
2010-10-24 09:38:59 ----D---- C:\Users\Jakub\AppData\Roaming\dvdcss
2010-10-24 09:38:56 ----D---- C:\Windows\registration
2010-10-19 22:51:33 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-16 19:21:57 ----D---- C:\Windows\winsxs
2010-10-16 19:20:38 ----D---- C:\Windows\system32\drivers
2010-10-16 19:19:47 ----D---- C:\Windows\system32\catroot
2010-10-15 22:19:27 ----SHD---- C:\Windows\Installer
2010-10-14 15:10:41 ----D---- C:\Program Files\Windows Media Player
2010-10-14 15:10:35 ----SD---- C:\Users\Jakub\AppData\Roaming\Microsoft
2010-10-14 13:54:35 ----D---- C:\ProgramData\Microsoft Help
2010-10-14 13:49:14 ----A---- C:\Windows\system32\MRT.exe
2010-10-13 17:36:09 ----D---- C:\Program Files\Microsoft Security Essentials
2010-10-10 19:51:43 ----RD---- C:\Program Files
2010-10-05 21:06:59 ----D---- C:\Windows\system32\Tasks
2010-10-05 21:06:48 ----HD---- C:\ProgramData
2010-10-05 21:06:48 ----D---- C:\Program Files\Common Files
2010-10-05 19:17:35 ----RSD---- C:\Windows\assembly
2010-10-05 19:16:14 ----SD---- C:\ProgramData\Microsoft
2010-10-05 19:15:18 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-05 12:07:56 ----D---- C:\Users\Jakub\AppData\Roaming\Skype
2010-10-05 09:58:41 ----D---- C:\Users\Jakub\AppData\Roaming\skypePM
2010-10-04 07:19:11 ----D---- C:\Windows\Microsoft.NET
2010-09-30 08:42:27 ----D---- C:\Windows\system32\NDF
2010-09-29 18:26:00 ----D---- C:\Windows\rescache
2010-09-29 16:53:04 ----D---- C:\Windows\system32\cs-CZ
2010-09-29 00:02:52 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-26 08:40:55 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2009-08-04 213024]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-16 691696]
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-08-16 2915944]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-04-29 26112]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-20 2664032]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 netr28;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28.sys [2010-02-09 722720]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2009-07-30 287392]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 17920]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 a462ksxf;a462ksxf; C:\Windows\system32\drivers\a462ksxf.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest Ultimate\kerneld.wnt [2010-02-17 27760]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-08-10 387616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-08-10 178720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-23 211488]
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-08-16 304528]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-07 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-15 655624]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1343400]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Zde je:

ComboFix 10-10-23.01 - Jakub 24.10.2010 14:28:19.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3068.2213 [GMT 2:00]
Spuštěný z: d:\nová složka\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 08:10 . 2010-10-24 08:10 94208 ----a-r- c:\users\Jakub\AppData\Roaming\Microsoft\Installer\{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}\CameraRecorder.exe_3BDDA5877CDE430C90A4E2C4E48D3AE9_2.exe
2010-10-24 08:10 . 2010-10-24 08:10 94208 ----a-r- c:\users\Jakub\AppData\Roaming\Microsoft\Installer\{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}\CameraRecorder.exe_3BDDA5877CDE430C90A4E2C4E48D3AE9.exe
2010-10-24 08:10 . 2010-10-24 08:10 -------- d-----w- c:\program files\Camera Recorder
2010-10-24 07:50 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0232DFB5-684D-41E4-B36A-093BE4B0795E}\mpengine.dll
2010-10-16 17:19 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-16 17:19 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-10-13 19:14 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 19:14 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 19:14 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 19:14 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 19:14 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 19:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 19:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 19:13 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 19:13 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 19:13 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 19:13 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 19:13 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 19:13 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 19:13 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 19:13 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 19:13 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-10 17:52 . 2010-10-10 19:25 -------- d-----w- c:\users\Jakub\AppData\Roaming\Mumble
2010-10-10 17:51 . 2010-10-10 17:51 -------- d-----w- c:\program files\Mumble
2010-10-05 19:07 . 2010-10-05 19:07 -------- d-----w- c:\users\Jakub\AppData\Roaming\VDownloader
2010-10-05 19:07 . 2010-10-05 20:29 -------- d-----w- c:\users\Jakub\AppData\Local\VDownloader
2010-10-05 19:06 . 2010-10-05 19:07 -------- d-----w- c:\program files\Ask.com
2010-10-05 19:06 . 2010-02-10 02:18 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-10-05 19:06 . 2010-10-05 19:06 -------- d-----w- c:\program files\VDownloader
2010-10-05 17:17 . 2010-10-05 17:17 -------- d-----w- c:\windows\cs
2010-10-05 17:16 . 2010-10-05 17:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-05 17:15 . 2010-10-05 17:16 -------- d-----w- c:\program files\Windows Live
2010-10-05 17:13 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-05 17:13 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-05 17:11 . 2010-10-05 17:19 -------- d-----w- c:\users\Jakub\AppData\Local\Windows Live
2010-10-05 17:11 . 2010-10-05 17:11 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-28 22:02 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-28 22:02 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-28 18:08 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-07-15 19:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-09 22:52 . 2010-07-16 19:43 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-08-31 22:46 . 2010-09-16 15:17 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-08-31 22:44 . 2010-09-16 15:17 367104 ----a-w- c:\windows\system32\html.iec
2010-08-31 22:44 . 2010-09-16 15:17 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-08-31 22:44 . 2010-09-16 15:17 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-08-31 22:44 . 2010-09-16 15:17 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-08-31 22:43 . 2010-09-16 15:17 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-08-31 22:43 . 2010-09-16 15:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-31 22:43 . 2010-09-16 15:17 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-08-31 22:43 . 2010-09-16 15:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 22:43 . 2010-09-16 15:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 22:42 . 2010-09-16 15:17 51200 ----a-w- c:\windows\system32\admparse.dll
2010-08-31 22:42 . 2010-09-16 15:17 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-08-31 22:42 . 2010-09-16 15:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-08-31 22:42 . 2010-09-16 15:17 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-08-31 22:42 . 2010-09-16 15:17 149504 ----a-w- c:\windows\system32\wextract.exe
2010-08-31 22:42 . 2010-09-16 15:17 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-08-31 22:42 . 2010-09-16 15:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-31 22:42 . 2010-09-16 15:17 11264 ----a-w- c:\windows\system32\mshta.exe
2010-08-31 22:42 . 2010-09-16 15:17 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 22:42 . 2010-09-16 15:17 63488 ----a-w- c:\windows\system32\tdc.ocx
2010-08-31 22:41 . 2010-09-16 15:17 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-21 05:32 . 2010-09-15 20:04 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 18:50 . 2010-08-16 18:50 2915944 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-08-16 18:50 . 2010-08-16 18:50 304528 ----a-w- c:\windows\system32\appdrvrem01.exe
2010-08-16 06:15 . 2010-09-16 15:16 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-08-16 06:14 . 2010-09-16 15:16 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-08-16 06:14 . 2010-09-16 15:16 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-08-16 06:14 . 2010-09-16 15:16 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-08-16 06:14 . 2010-09-16 15:16 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-07-29 06:30 . 2010-08-11 09:55 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 09:55 82944 ----a-w- c:\windows\system32\iccvid.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 22:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 136176]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest Ultimate\kerneld.wnt [2010-02-17 27760]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-16 691696]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2010-08-16 2915944]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-02-09 722720]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]

.
Obsah adresáře 'Naplánované úlohy'

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 13:14]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 13:14]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54245323-3427487984-2244985606-1000Core.job
- c:\users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 19:08]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54245323-3427487984-2244985606-1000UA.job
- c:\users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 19:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-WebcamMaxAutoRun - c:\program files\WebcamMax\WebcamMax.exe
AddRemove-Operation Flashpoint - d:\hry\OperationFlashpoint\uninstall.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest Ultimate\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="7D90F1C2F701487FD33B22EEB2A05C47530575CED587DD0D62219F4C8B8C68A7E416F04C18F6C6B971A90C9338000D5DCA5EE635465402593A87A297B5A860F0A65E2F885862DFB88BB93B59F7CE9409B348829A416819EFD05C5757F62F8D4256528EE88109E0B02A7733DD41C26E772B8A06E4398CEC15F74ED7D60996A71918A0AA45B1B40D76E930289D35FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794BA7FD869164D6794A6171C11EC38DE3D0EE3467FDDE1FAF1F18121A5C41C1FCB58199F01C4A77370DC9C0DC7E19512B906596E1E237074EA620AD786452E1C4BC5AED621FC7CBD900E3C72BDBD4D88967615AE3C1EBFF5E483D92A3C4556AE097583CB1C65747A42CFD1F64F52B9C3F47104DAF61623ACF5B7EAC958A7012D20383EA61BA63A484586515D59A6E2CD598A0AED01921CAC85632C0805194F557FE57C32DA2AAD2E2B9BA589CD0804931A5BFB86A0E1656A537282DB7B869745E6594CDFA920DE135B772B04B2850EE5E400A3E431146A41EC51C2E08B2163006BEF33C1ED7C18C3900D31FA9E74A37B3899BF719FFDCBEFB871B8D59862706DF98DA8911FF4CFF0D8CDFEBE42EB9BEBE7CC8234ED3BDE186FC8239D9900AF594D9799AAC884372E18314CC3DCC803B69CC190DA33A6ABC01E5036BE9A7B477279F9E48B0C6B307406B4C6A3C3AA98BA502405B799E1ED54A30718E33A958FCBE2A3DED99DAC50202BD60E9A60774F4055286E41DF529720B7EC64DCABD596DDC285505DC48EE3F1661B3A0BB05450EE4DFDCD1157A0CBD7E089A81DB6831F05A896F301DD9DE78DEC095177452F7553B0E11AE4663CE491FC646939B5301D7DF4D27A555AA7907BC2ADD10AC2B8CEE04C0FBC9E0952ECC73C0D9DED99AB3AECDE38870E3DC0C129C497AB11E4E49F6CBDC41344CA5BA6582315301AE38D55DAEE4934841F401865A0D9C47A76E9602FFA4AEF01CF0F85068C90FE3FAC2EFE31030D0CB1AC4062E5588D76DCD9C6BBC5CAE61A204DEB3377229ADD069FADFBC0CC0D0E37259F2142C44C0DF1043912B2C8674A940F300B36E6CF94B77BECC73D5359AF58DE040D778F38C9957D4675DBE49CAEF571E31DB12FD25CC413928EBB6E8458FEBF51106637F36248E5B7AF88E35A6A7BE84FAE3CA34866BE4F88B1B94DA4E434C535C6528EA67EAFEB963A675C7A9205F87FB88BBFDA545D2A7DC796F153232A801E86E23D7CBB1556B5450BB9D83113BE4567B95738BDFBB263191531B159B2943ED3A63DA42B647E27B466BC56C44D67359A470C112D980DEFA35CB5DF3EC7398DEA0D5D53522F51C51FD4F8583F7B342BE793581CA2566F1D19787B07FE84BBC7386A41C0A9A9CE2B51125646068D"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-10-24 14:40:32
ComboFix-quarantined-files.txt 2010-10-24 12:40

Před spuštěním: Volných bajtů: 72 524 271 616
Po spuštění: Volných bajtů: 74 687 156 224

- - End Of File - - D24C62A8E5E5945B06E7082D3A584E72

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Pardon, jen pro ověření.

Takto je to správně?

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Hotovo, zde log po provedeni scriptu

ComboFix 10-10-23.01 - Jakub 24.10.2010 22:13:41.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3068.2325 [GMT 2:00]
Spuštěný z: d:\nová složka\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jakub\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\userinit.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 20:29 . 2010-10-24 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-24 12:40 . 2010-10-24 20:32 -------- d-----w- c:\users\Jakub\AppData\Local\temp
2010-10-24 08:10 . 2010-10-24 08:10 94208 ----a-r- c:\users\Jakub\AppData\Roaming\Microsoft\Installer\{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}\CameraRecorder.exe_3BDDA5877CDE430C90A4E2C4E48D3AE9_2.exe
2010-10-24 08:10 . 2010-10-24 08:10 94208 ----a-r- c:\users\Jakub\AppData\Roaming\Microsoft\Installer\{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}\CameraRecorder.exe_3BDDA5877CDE430C90A4E2C4E48D3AE9.exe
2010-10-24 08:10 . 2010-10-24 08:10 -------- d-----w- c:\program files\Camera Recorder
2010-10-24 07:50 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0232DFB5-684D-41E4-B36A-093BE4B0795E}\mpengine.dll
2010-10-16 17:19 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-16 17:19 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-10-13 19:14 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 19:14 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 19:14 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 19:14 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 19:14 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 19:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 19:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 19:13 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 19:13 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 19:13 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 19:13 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 19:13 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 19:13 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 19:13 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 19:13 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 19:13 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-10 17:52 . 2010-10-10 19:25 -------- d-----w- c:\users\Jakub\AppData\Roaming\Mumble
2010-10-10 17:51 . 2010-10-10 17:51 -------- d-----w- c:\program files\Mumble
2010-10-05 19:07 . 2010-10-05 19:07 -------- d-----w- c:\users\Jakub\AppData\Roaming\VDownloader
2010-10-05 19:07 . 2010-10-05 20:29 -------- d-----w- c:\users\Jakub\AppData\Local\VDownloader
2010-10-05 19:06 . 2010-02-10 02:18 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-10-05 19:06 . 2010-10-05 19:06 -------- d-----w- c:\program files\VDownloader
2010-10-05 17:17 . 2010-10-05 17:17 -------- d-----w- c:\windows\cs
2010-10-05 17:16 . 2010-10-05 17:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-05 17:15 . 2010-10-05 17:16 -------- d-----w- c:\program files\Windows Live
2010-10-05 17:13 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-05 17:13 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-05 17:11 . 2010-10-05 17:19 -------- d-----w- c:\users\Jakub\AppData\Local\Windows Live
2010-10-05 17:11 . 2010-10-05 17:11 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-28 22:02 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-28 22:02 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-28 18:08 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-07-15 19:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-09 22:52 . 2010-07-16 19:43 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-08-31 22:46 . 2010-09-16 15:17 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-08-31 22:44 . 2010-09-16 15:17 367104 ----a-w- c:\windows\system32\html.iec
2010-08-31 22:44 . 2010-09-16 15:17 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-08-31 22:44 . 2010-09-16 15:17 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-08-31 22:44 . 2010-09-16 15:17 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-08-31 22:43 . 2010-09-16 15:17 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-08-31 22:43 . 2010-09-16 15:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-31 22:43 . 2010-09-16 15:17 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-08-31 22:43 . 2010-09-16 15:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 22:43 . 2010-09-16 15:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 22:42 . 2010-09-16 15:17 51200 ----a-w- c:\windows\system32\admparse.dll
2010-08-31 22:42 . 2010-09-16 15:17 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-08-31 22:42 . 2010-09-16 15:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-08-31 22:42 . 2010-09-16 15:17 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-08-31 22:42 . 2010-09-16 15:17 149504 ----a-w- c:\windows\system32\wextract.exe
2010-08-31 22:42 . 2010-09-16 15:17 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-08-31 22:42 . 2010-09-16 15:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-31 22:42 . 2010-09-16 15:17 11264 ----a-w- c:\windows\system32\mshta.exe
2010-08-31 22:42 . 2010-09-16 15:17 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 22:42 . 2010-09-16 15:17 63488 ----a-w- c:\windows\system32\tdc.ocx
2010-08-31 22:41 . 2010-09-16 15:17 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-21 05:32 . 2010-09-15 20:04 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 18:50 . 2010-08-16 18:50 2915944 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-08-16 18:50 . 2010-08-16 18:50 304528 ----a-w- c:\windows\system32\appdrvrem01.exe
2010-08-16 06:15 . 2010-09-16 15:16 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-08-16 06:14 . 2010-09-16 15:16 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-08-16 06:14 . 2010-09-16 15:16 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-08-16 06:14 . 2010-09-16 15:16 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-08-16 06:14 . 2010-09-16 15:16 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-07-29 06:30 . 2010-08-11 09:55 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 09:55 82944 ----a-w- c:\windows\system32\iccvid.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 22:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest Ultimate\kerneld.wnt [2010-02-17 27760]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-16 691696]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2010-08-16 2915944]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-02-09 722720]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]

.
Obsah adresáře 'Naplánované úlohy'

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 13:14]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 13:14]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54245323-3427487984-2244985606-1000Core.job
- c:\users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 19:08]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54245323-3427487984-2244985606-1000UA.job
- c:\users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 19:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest Ultimate\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="7D90F1C2F701487FD33B22EEB2A05C47530575CED587DD0D62219F4C8B8C68A7E416F04C18F6C6B971A90C9338000D5DCA5EE635465402593A87A297B5A860F0A65E2F885862DFB88BB93B59F7CE9409B348829A416819EFD05C5757F62F8D4256528EE88109E0B02A7733DD41C26E772B8A06E4398CEC15F74ED7D60996A71918A0AA45B1B40D76E930289D35FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794BA7FD869164D6794A6171C11EC38DE3D0EE3467FDDE1FAF1F18121A5C41C1FCB58199F01C4A77370DC9C0DC7E19512B906596E1E237074EA620AD786452E1C4BC5AED621FC7CBD900E3C72BDBD4D88967615AE3C1EBFF5E483D92A3C4556AE097583CB1C65747A42CFD1F64F52B9C3F47104DAF61623ACF5B7EAC958A7012D20383EA61BA63A484586515D59A6E2CD598A0AED01921CAC85632C0805194F557FE57C32DA2AAD2E2B9BA589CD0804931A5BFB86A0E1656A537282DB7B869745E6594CDFA920DE135B772B04B2850EE5E400A3E431146A41EC51C2E08B2163006BEF33C1ED7C18C3900D31FA9E74A37B3899BF719FFDCBEFB871B8D59862706DF98DA8911FF4CFF0D8CDFEBE42EB9BEBE7CC8234ED3BDE186FC8239D9900AF594D9799AAC884372E18314CC3DCC803B69CC190DA33A6ABC01E5036BE9A7B477279F9E48B0C6B307406B4C6A3C3AA98BA502405B799E1ED54A30718E33A958FCBE2A3DED99DAC50202BD60E9A60774F4055286E41DF529720B7EC64DCABD596DDC285505DC48EE3F1661B3A0BB05450EE4DFDCD1157A0CBD7E089A81DB6831F05A896F301DD9DE78DEC095177452F7553B0E11AE4663CE491FC646939B5301D7DF4D27A555AA7907BC2ADD10AC2B8CEE04C0FBC9E0952ECC73C0D9DED99AB3AECDE38870E3DC0C129C497AB11E4E49F6CBDC41344CA5BA6582315301AE38D55DAEE4934841F401865A0D9C47A76E9602FFA4AEF01CF0F85068C90FE3FAC2EFE31030D0CB1AC4062E5588D76DCD9C6BBC5CAE61A204DEB3377229ADD069FADFBC0CC0D0E37259F2142C44C0DF1043912B2C8674A940F300B36E6CF94B77BECC73D5359AF58DE040D778F38C9957D4675DBE49CAEF571E31DB12FD25CC413928EBB6E8458FEBF51106637F36248E5B7AF88E35A6A7BE84FAE3CA34866BE4F88B1B94DA4E434C535C6528EA67EAFEB963A675C7A9205F87FB88BBFDA545D2A7DC796F153232A801E86E23D7CBB1556B5450BB9D83113BE4567B95738BDFBB263191531B159B2943ED3A63DA42B647E27B466BC56C44D67359A470C112D980DEFA35CB5DF3EC7398DEA0D5D53522F51C51FD4F8583F7B342BE793581CA2566F1D19787B07FE84BBC7386A41C0A9A9CE2B51125646068D"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\windows\system32\taskhost.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-10-24 22:38:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-24 20:38
ComboFix2.txt 2010-10-24 12:40

Před spuštěním: Volných bajtů: 74 551 971 840
Po spuštění: Volných bajtů: 74 551 631 872

- - End Of File - - BF0F7DB8F7333707A0F9B0BD95294918

Smazáno, zbytek logu vypadá čistý. Nastala nějaká změna?

Problém s telefonem to nevyřešilo, ale vyřešila ho odinstalace ovladacu.. děkuji za pomoc !

Nemáte zač!

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu