VIRY.CZ

Dobrý den, restartuje se PC, ted dokonce zmizela plocha porad se to zhorsuje.
Byl bych vdecny, kdyby se na to nekdo podival, dekuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2011-07-24 21:23:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 19 GB (31%) free of 60 GB
Total RAM: 3582 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:23:47, on 24.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\update.tray-7-0\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\l1rezerv.exe
C:\Windows\systemup.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Download\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [7504496.exe] "C:\Windows\Temp\7504496.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [1777084.exe] "C:\Users\Petr\AppData\Local\Temp\1777084.exe"
O4 - HKLM\..\Run: [9992825.exe] "C:\Windows\Temp\9992825.exe"
O4 - HKLM\..\Run: [1018398.exe] "C:\Windows\Temp\1018398.exe"
O4 - HKLM\..\Run: [570725-loader2.exe] "C:\Windows\Temp\570725-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3315139971-3716444320-3154985318-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3315139971-3716444320-3154985318-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 8323 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, engine@conduit.com:3.3.3.2, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\
engine@conduit.com
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2010-11-30 74752]
"PWRISOVM.EXE"=D:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"RemoteControl"=D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]
"LanguageShortcut"=D:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-04-13 49152]
"wxpdrv"=C:\Windows\services32.exe [2011-07-24 1174016]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-7-0\svchost.exe [2011-07-24 1174016]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"7504496.exe"=C:\Windows\Temp\7504496.exe [2011-07-24 247296]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-24 247296]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-24 247296]
"1777084.exe"=C:\Users\Petr\AppData\Local\Temp\1777084.exe [2011-07-24 247296]
"9992825.exe"=C:\Windows\Temp\9992825.exe [2011-07-24 247296]
"1018398.exe"=C:\Windows\Temp\1018398.exe [2011-07-24 495616]
"570725-loader2.exe"=C:\Windows\Temp\570725-loader2.exe [2011-07-24 247296]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-24 232960]
"systemup"=C:\Windows\systemup.exe [2011-07-24 114176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Google Update"=C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 136176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.FMVC"=fmcodec.dll
"VIDC.FPS1"=frapsvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-24 21:23:45 ----D---- C:\rsit
2011-07-24 21:10:05 ----D---- C:\Windows\ufa
2011-07-24 21:10:05 ----D---- C:\Windows\rpcminer
2011-07-24 21:10:05 ----D---- C:\Windows\phoenix
2011-07-24 21:08:12 ----D---- C:\Program Files\Trend Micro
2011-07-24 21:01:28 ----A---- C:\Bug.txt
2011-07-24 21:01:20 ----D---- C:\32788R22FWJFW
2011-07-24 20:52:55 ----A---- C:\Windows\ddh_iplist.txt
2011-07-24 20:52:33 ----A---- C:\Windows\systemup.exe
2011-07-24 20:50:56 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-24 20:50:23 ----HD---- C:\Windows\update.5.0
2011-07-24 20:48:44 ----A---- C:\Windows\l1rezerv.exe
2011-07-24 20:47:55 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-24 20:46:32 ----A---- C:\Windows\unrar.exe
2011-07-24 20:45:44 ----HD---- C:\Windows\update.2
2011-07-24 20:43:31 ----A---- C:\Windows\iplist.txt
2011-07-24 20:42:46 ----A---- C:\Windows\sysdriver32_.exe
2011-07-24 20:42:32 ----A---- C:\Windows\sysdriver32.exe
2011-07-24 20:42:28 ----D---- C:\Windows\av_ico
2011-07-24 20:42:16 ----A---- C:\Windows\front_ip_list.txt
2011-07-24 20:39:42 ----HD---- C:\Windows\update.1
2011-07-24 20:39:39 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-24 20:39:39 ----HD---- C:\Windows\update.tray-7-0
2011-07-24 20:28:03 ----A---- C:\Windows\winlog-ids.txt
2011-07-24 20:28:03 ----A---- C:\Windows\winlog-dirs.txt
2011-07-24 20:28:00 ----A---- C:\Windows\services32.exe
2011-07-24 20:16:44 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-21 17:43:10 ----D---- C:\Users\Petr\AppData\Roaming\My Games
2011-07-13 14:12:41 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 14:12:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 14:12:39 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 14:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 14:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 14:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 14:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 14:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 14:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 14:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 14:12:38 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 14:12:33 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 14:12:31 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 14:12:30 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 14:12:04 ----A---- C:\Windows\system32\win32k.sys
2011-07-11 11:02:25 ----D---- C:\Windows\system32\SPReview
2011-07-11 11:01:41 ----D---- C:\Windows\system32\EventProviders
2011-07-09 22:02:10 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2011-07-09 22:01:38 ----D---- C:\ProgramData\Blizzard
2011-07-07 22:13:48 ----AH---- C:\Windows\system32\mlfcache.dat
2011-06-29 04:50:03 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 04:50:03 ----A---- C:\Windows\system32\cfgmgr32.dll
2011-06-29 04:50:00 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 04:50:00 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 04:50:00 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 04:49:59 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 04:49:59 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 04:49:59 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 04:49:59 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 04:49:59 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 04:49:59 ----A---- C:\Windows\system32\msscntrs.dll

======List of files/folders modified in the last 1 month======

2011-07-24 21:23:47 ----D---- C:\Windows\Temp
2011-07-24 21:22:20 ----D---- C:\Windows\System32
2011-07-24 21:22:20 ----D---- C:\Windows\inf
2011-07-24 21:22:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-24 21:15:13 ----D---- C:\ProgramData\NVIDIA
2011-07-24 21:12:20 ----D---- C:\Windows\system32\config
2011-07-24 21:10:05 ----D---- C:\Windows
2011-07-24 21:08:12 ----SHD---- C:\Windows\Installer
2011-07-24 21:08:12 ----RD---- C:\Program Files
2011-07-24 21:08:12 ----D---- C:\Config.Msi
2011-07-24 21:07:04 ----SHD---- C:\System Volume Information
2011-07-24 20:52:34 ----D---- C:\Windows\Prefetch
2011-07-24 20:46:11 ----D---- C:\Windows\system32\drivers\etc
2011-07-24 20:39:42 ----HD---- C:\ProgramData
2011-07-24 20:30:51 ----D---- C:\Program Files\Mozilla Firefox
2011-07-24 20:27:36 ----D---- C:\Users\Petr\AppData\Roaming\Winamp
2011-07-24 20:27:35 ----D---- C:\Users\Petr\AppData\Roaming\uTorrent
2011-07-24 20:24:04 ----D---- C:\Windows\debug
2011-07-24 20:16:44 ----D---- C:\Windows\system32\drivers
2011-07-18 20:59:34 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-18 20:57:25 ----RSD---- C:\Windows\assembly
2011-07-13 19:53:55 ----D---- C:\Windows\Microsoft.NET
2011-07-13 17:21:38 ----D---- C:\Windows\winsxs
2011-07-13 14:21:14 ----D---- C:\Windows\system32\DriverStore
2011-07-13 14:17:11 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 14:12:21 ----D---- C:\Windows\system32\catroot2
2011-07-13 14:12:21 ----D---- C:\Windows\system32\catroot
2011-07-12 03:44:44 ----D---- C:\Windows\rescache
2011-07-11 23:26:32 ----D---- C:\Windows\SoftwareDistribution
2011-07-11 13:12:51 ----SHD---- C:\Boot
2011-07-11 13:06:53 ----D---- C:\Program Files\Windows Sidebar
2011-07-11 13:06:53 ----D---- C:\Program Files\Windows Portable Devices
2011-07-11 13:06:53 ----D---- C:\Program Files\Windows Photo Viewer
2011-07-11 13:06:53 ----D---- C:\Program Files\Windows Media Player
2011-07-11 13:06:53 ----D---- C:\Program Files\Windows Mail
2011-07-11 13:06:53 ----D---- C:\Program Files\Windows Journal
2011-07-11 13:06:53 ----D---- C:\Program Files\Internet Explorer
2011-07-11 13:06:53 ----D---- C:\Program Files\DVD Maker
2011-07-11 13:06:52 ----D---- C:\Windows\servicing
2011-07-11 13:06:52 ----D---- C:\Windows\ehome
2011-07-11 13:06:52 ----D---- C:\Program Files\Windows Defender
2011-07-11 13:06:46 ----D---- C:\Windows\system32\sysprep
2011-07-11 13:06:46 ----D---- C:\Windows\system32\oobe
2011-07-11 13:06:46 ----D---- C:\Windows\system32\migration
2011-07-11 13:06:46 ----D---- C:\Windows\system32\en-US
2011-07-11 13:06:46 ----D---- C:\Windows\system32\da-DK
2011-07-11 13:06:46 ----D---- C:\Windows\PolicyDefinitions
2011-07-11 13:06:45 ----D---- C:\Windows\system32\Setup
2011-07-11 13:06:45 ----D---- C:\Windows\system32\cs-CZ
2011-07-11 13:06:45 ----D---- C:\Windows\system32\cs
2011-07-11 13:06:45 ----D---- C:\Windows\system32\AdvancedInstallers
2011-07-11 13:06:44 ----D---- C:\Windows\system32\wbem
2011-07-11 13:06:44 ----D---- C:\Windows\system32\sppui
2011-07-11 13:06:44 ----D---- C:\Windows\system32\migwiz
2011-07-11 13:06:44 ----D---- C:\Windows\system32\manifeststore
2011-07-11 13:06:44 ----D---- C:\Windows\system32\es-ES
2011-07-11 13:06:44 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-07-11 13:06:44 ----D---- C:\Windows\system32\Dism
2011-07-11 13:06:34 ----RSD---- C:\Windows\Fonts
2011-07-11 13:06:34 ----D---- C:\Windows\AppPatch
2011-07-11 13:06:27 ----D---- C:\Windows\system32\Boot
2011-07-11 11:07:52 ----A---- C:\Windows\system32\msclmd.dll
2011-07-10 01:16:49 ----D---- C:\Program Files\Common Files
2011-07-04 13:43:51 ----A---- C:\Windows\system32\aswBoot.exe
2011-06-29 22:11:31 ----D---- C:\Users\Petr\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-05-15 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-05-15 25888]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 56448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 615528]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-24 340992]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-24 495616]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-24 247296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-24 1174016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-04-03 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-11-03 4045280]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-27 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim, pekny den preji a vitam Vas u nas na foru

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

RIKILL:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 25.07.2011 at 17:26:25.
Operating System: Windows 7 Professional

Processes terminated by Rkill or while it was running:

C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe

Rkill completed on 25.07.2011 at 17:27:00.

////////////////////////////////////////////////////////////////////////////////////////////

EXEHELP

exeHelper by Raktor
Build 20100414
Run at 17:17:01 on 07/25/11
Now searching...
Checking for numerical processes...
exeHelper by Raktor
Build 20100414
Run at 17:17:16 on 07/25/11
Now searching...
Checking for numerical processes...
exeHelper by Raktor
Build 20100414
Run at 17:18:27 on 07/25/11
Now searching...
Checking for numerical processes...
exeHelper by Raktor
Build 20100414
Run at 17:38:32 on 07/25/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

RogueKiller

2

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Petr [Admin rights]
Mode: Remove -- Date : 07/25/2011 17:19:48

Bad processes: 6
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED

Registry Entries: 19
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\Windows\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7504496.exe ("C:\Windows\Temp\7504496.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\Windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\Windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1777084.exe ("C:\Users\Petr\AppData\Local\Temp\1777084.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1018398.exe ("C:\Windows\Temp\1018398.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 570725-loader2.exe ("C:\Windows\Temp\570725-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\Windows\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\Windows\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 4605357.exe ("C:\Windows\TEMP\4605357.exe") -> DELETED
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[] HKLM\[...]\Windows : () -> ACCESS DENIED

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

//////////////////////////////////////////////////////////////////////////////////
3

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Petr [Admin rights]
Mode: HOSTSFix -- Date : 07/25/2011 17:20:12

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

//////////////////////////////////////////////////////////////////////////

4
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Petr [Admin rights]
Mode: ProxyFix -- Date : 07/25/2011 17:20:53

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Rkill mi 3x vyhazuje hlasku "instalace se nezdarila" tak nevim jestli mam pokracovat s Combofixem.

V poradku, spustte ComboFix

ComboFix 11-07-25.02 - Petr 25.07.2011 17:49:47.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3582.2758 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\sracka\combofix\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.3
c:\windows\update.3\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 15:48 . 2011-07-25 15:48 -------- d-----w- C:\32788R22FWJFW
2011-07-24 19:23 . 2011-07-24 19:23 -------- d-----w- C:\rsit
2011-07-24 19:10 . 2011-07-24 19:10 -------- d-----w- c:\windows\ufa
2011-07-24 19:10 . 2011-07-24 19:10 -------- d-----w- c:\windows\rpcminer
2011-07-24 19:10 . 2011-07-24 19:10 -------- d-----w- c:\windows\phoenix
2011-07-24 19:08 . 2011-07-24 19:23 -------- d-----w- c:\program files\Trend Micro
2011-07-24 19:08 . 2011-07-24 19:08 388096 ----a-r- c:\users\Petr\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-24 19:01 . 2011-07-24 19:01 302592 ----a-w- c:\windows\system32\cmd.execf
2011-07-24 18:46 . 2011-07-24 19:10 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 18:42 . 2011-07-24 18:42 -------- d-----w- c:\windows\av_ico
2011-07-24 18:39 . 2011-07-25 15:53 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-24 18:39 . 2011-07-24 18:39 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-24 18:16 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-23 11:27 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74CF30F1-582F-4A2C-AB50-B04ED1D968B8}\mpengine.dll
2011-07-21 15:43 . 2011-07-21 15:43 -------- d-----w- c:\users\Petr\AppData\Roaming\My Games
2011-07-19 17:24 . 2011-07-19 17:24 -------- d-----w- c:\users\Petr\AppData\Local\ALI213
2011-07-18 16:49 . 2011-07-18 16:49 -------- d-----w- c:\users\Petr\AppData\Local\My Games
2011-07-11 09:02 . 2011-07-11 09:02 -------- d-----w- c:\windows\system32\SPReview
2011-07-11 09:01 . 2011-07-11 09:01 -------- d-----w- c:\windows\system32\EventProviders
2011-07-09 20:02 . 2011-07-11 08:50 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-07-09 20:01 . 2011-07-09 20:01 -------- d-----w- c:\programdata\Blizzard
2011-07-01 20:11 . 2011-07-01 20:11 -------- d-----w- c:\users\Petr\AppData\Local\SKIDROW
2011-06-29 02:50 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 02:50 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-29 02:50 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 02:50 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 02:50 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 02:49 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 02:49 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 02:49 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 02:49 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 02:49 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 02:49 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 09:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-04 11:43 . 2011-01-26 18:07 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-01-26 18:07 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-01-26 18:08 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-01-26 18:08 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-01-26 18:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-01-26 18:08 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-01-26 18:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-28 02:53 . 2011-06-16 05:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 06:09 . 2011-06-20 22:37 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-05-25 06:09 . 2011-06-20 22:37 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-05-25 06:09 . 2011-06-20 22:37 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-05-25 06:09 . 2011-06-20 22:37 139368 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-05-25 06:09 . 2011-06-20 22:38 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-06-20 22:38 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2011-06-20 22:38 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 06:09 . 2011-06-20 22:38 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-06-20 22:38 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-20 22:38 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-20 22:37 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-20 22:37 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-20 22:37 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-20 22:37 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-25 06:09 . 2011-06-20 22:37 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 06:09 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-25 06:09 . 2009-06-10 21:19 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-25 06:09 . 2011-06-20 22:37 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-06-20 22:37 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-06-20 22:37 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2011-06-20 22:37 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-20 22:37 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2011-06-20 22:37 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-24 17:14 . 2011-01-26 17:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-15 19:37 . 2011-05-15 19:37 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-05-15 19:37 . 2011-05-15 19:37 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-03 04:30 . 2011-06-16 05:09 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-16 05:09 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-16 05:09 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-16 05:09 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17 . 2011-06-16 05:08 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-16 05:08 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-16 05:08 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2010-11-30 74752]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="d:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-11-03 4045280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-26 1343400]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 21:20]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 21:20]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000Core.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 17:18]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000UA.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 17:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\Alwil Software\Avast5\ashShell.dll
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-w_distrib.exe - c:\windows\update.3\svchost.exe
AddRemove-avast - c:\program files\Alwil Software\Avast5\aswRunDll.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3315139971-3716444320-3154985318-1000\Software\SecuROM\License information*]
"datasecu"=hex:bf,e2,17,1d,ff,b5,1c,7e,6f,60,db,91,f8,77,62,dc,c8,5b,ef,df,99,
e9,d6,56,02,d7,d7,27,bb,a0,c4,fe,ab,82,4a,22,5c,5f,f6,22,cf,33,6c,26,52,37,\
"rkeysecu"=hex:b6,28,31,27,88,4d,34,07,66,70,cf,6f,c8,c0,c3,26
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 17:59:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-25 15:59
.
Před spuštěním: Volných bajtů: 19 260 211 200
Po spuštění: Volných bajtů: 19 010 949 120
.
- - End Of File - - 66DBDA5C1723490E8E3ADB42A20430D2

Nedavejte prosim logy do code - spatne se to lusti a boli z toho oci - ja jsem si to ted s dovolenim editnul. Code slouzi pouze nam radcum pro skripty

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_USERS\S-1-5-21-3315139971-3716444320-3154985318-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Firefox::
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000UA.job
c:\windows\unrar.exe

Driver::
gupdate
gupdatem
NAUpdate

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"PWRISOVM.EXE"=-
"SunJavaUpdateSched"=-
"RemoteControl"=-
"LanguageShortcut"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

Folder::
c:\program files\uTorrentBar
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 11-07-25.02 - Petr 25.07.2011 18:27:38.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3582.2624 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\sracka\combofix\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000UA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3315139971-3716444320-3154985318-1000UA.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 16:32 . 2011-07-25 16:34 -------- d-----w- c:\users\Petr\AppData\Local\temp
2011-07-25 16:32 . 2011-07-25 16:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-24 19:23 . 2011-07-24 19:23 -------- d-----w- C:\rsit
2011-07-24 19:08 . 2011-07-24 19:23 -------- d-----w- c:\program files\Trend Micro
2011-07-24 19:08 . 2011-07-24 19:08 388096 ----a-r- c:\users\Petr\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-24 19:01 . 2011-07-24 19:01 302592 ----a-w- c:\windows\system32\cmd.execf
2011-07-24 18:16 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-23 11:27 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74CF30F1-582F-4A2C-AB50-B04ED1D968B8}\mpengine.dll
2011-07-21 15:43 . 2011-07-21 15:43 -------- d-----w- c:\users\Petr\AppData\Roaming\My Games
2011-07-19 17:24 . 2011-07-19 17:24 -------- d-----w- c:\users\Petr\AppData\Local\ALI213
2011-07-18 16:49 . 2011-07-18 16:49 -------- d-----w- c:\users\Petr\AppData\Local\My Games
2011-07-11 09:02 . 2011-07-11 09:02 -------- d-----w- c:\windows\system32\SPReview
2011-07-11 09:01 . 2011-07-11 09:01 -------- d-----w- c:\windows\system32\EventProviders
2011-07-09 20:02 . 2011-07-11 08:50 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-07-09 20:01 . 2011-07-09 20:01 -------- d-----w- c:\programdata\Blizzard
2011-07-01 20:11 . 2011-07-01 20:11 -------- d-----w- c:\users\Petr\AppData\Local\SKIDROW
2011-06-29 02:50 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 02:50 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-29 02:50 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 02:50 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 02:50 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 02:49 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 02:49 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 02:49 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 02:49 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 02:49 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 02:49 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 09:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-04 11:43 . 2011-01-26 18:07 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-01-26 18:07 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-01-26 18:08 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-01-26 18:08 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-01-26 18:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-01-26 18:08 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-01-26 18:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-28 02:53 . 2011-06-16 05:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 06:09 . 2011-06-20 22:37 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-05-25 06:09 . 2011-06-20 22:37 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-05-25 06:09 . 2011-06-20 22:37 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-05-25 06:09 . 2011-06-20 22:37 139368 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-05-25 06:09 . 2011-06-20 22:38 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-06-20 22:38 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2011-06-20 22:38 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 06:09 . 2011-06-20 22:38 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-06-20 22:38 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-20 22:38 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-20 22:37 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-20 22:37 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-20 22:37 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-20 22:37 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-25 06:09 . 2011-06-20 22:37 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 06:09 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-25 06:09 . 2009-06-10 21:19 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-25 06:09 . 2011-06-20 22:37 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-06-20 22:37 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-06-20 22:37 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2011-06-20 22:37 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-20 22:37 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2011-06-20 22:37 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-24 17:14 . 2011-01-26 17:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-15 19:37 . 2011-05-15 19:37 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-05-15 19:37 . 2011-05-15 19:37 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-03 04:30 . 2011-06-16 05:09 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-16 05:09 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-16 05:09 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-16 05:09 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17 . 2011-06-16 05:08 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-16 05:08 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-16 05:08 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-11-03 4045280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-26 1343400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\5cyu7xtt.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3315139971-3716444320-3154985318-1000\Software\SecuROM\License information*]
"datasecu"=hex:bf,e2,17,1d,ff,b5,1c,7e,6f,60,db,91,f8,77,62,dc,c8,5b,ef,df,99,
e9,d6,56,02,d7,d7,27,bb,a0,c4,fe,ab,82,4a,22,5c,5f,f6,22,cf,33,6c,26,52,37,\
"rkeysecu"=hex:b6,28,31,27,88,4d,34,07,66,70,cf,6f,c8,c0,c3,26
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 18:36:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-25 16:36
ComboFix2.txt 2011-07-25 15:59
.
Před spuštěním: Volných bajtů: 19 144 724 480
Po spuštění: Volných bajtů: 19 034 726 400
.
- - End Of File - - 1E1BFABD09E8FFB1C2541BEDEEE7A743

Jak se chova PC

Zatizeni procesoru uz neni 100%, obnovila se plocha, pocitac se porad nerestartuje a prestaly vyskakovat banery upozornujici na virus.
Mockrát Vám děkuji za Vaši pomoc a za Váš čas, řekl bych, že jsem zvítězil

.

Tak jeste uklidime

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /UninstallA
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Ještě jednou děkuji za tak rychlou a komplexní pomoc. Zachránil jste mě

.

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Klasika FB

Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB

Re: Klasika FB