VIRY.CZ

Ahoj, dneska jsem díky debilní PC hře dostal do PC vir Neshta. Hledal jsem na netu, zkoušel různě mazat. Provedl jsem kontrolu v combofixu. Log zde:

ComboFix 11-12-02.02 - Jakub 02.12.2011 20:55:06.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4030.2679 [GMT 1:00]
Spuštěný z: c:\users\Jakub.Jakub-PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-02 do 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 20:09 . 2011-12-02 20:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-02 20:09 . 2011-12-02 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-02 19:48 . 2011-12-02 20:14 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-02 19:47 . 2009-10-22 12:54 40464 ----a-w- c:\windows\system32\drivers\15171162.sys
2011-12-02 19:47 . 2009-10-09 22:30 352784 ----a-w- c:\windows\system32\drivers\1517116.sys
2011-12-02 19:47 . 2009-09-25 16:59 157712 ----a-w- c:\windows\system32\drivers\15171161.sys
2011-12-02 19:28 . 2011-12-02 19:28 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\Malwarebytes
2011-12-02 19:28 . 2011-12-02 19:28 -------- d-----w- c:\programdata\Malwarebytes
2011-12-02 19:28 . 2011-12-02 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-02 19:28 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 19:12 . 2010-12-30 09:54 34736 ----a-w- c:\windows\SysWow64\drivers\RKHit.sys
2011-12-02 19:12 . 2011-12-02 19:17 -------- d-----w- c:\program files (x86)\SpyDig
2011-12-02 19:07 . 2011-12-02 19:07 110080 ----a-r- c:\users\Jakub.Jakub-PC\AppData\Roaming\Microsoft\Installer\{89A07279-1DB3-485A-B1DF-584DF86774B9}\IconF7A21AF7.exe
2011-12-02 19:07 . 2011-12-02 19:07 110080 ----a-r- c:\users\Jakub.Jakub-PC\AppData\Roaming\Microsoft\Installer\{89A07279-1DB3-485A-B1DF-584DF86774B9}\IconD7F16134.exe
2011-12-02 19:07 . 2011-12-02 19:07 110080 ----a-r- c:\users\Jakub.Jakub-PC\AppData\Roaming\Microsoft\Installer\{89A07279-1DB3-485A-B1DF-584DF86774B9}\Icon1226A4C5.exe
2011-12-02 19:07 . 2011-12-02 19:07 -------- d-----w- C:\sh4ldr
2011-12-02 19:07 . 2011-12-02 19:07 -------- d-----w- c:\program files\Enigma Software Group
2011-12-02 18:47 . 2011-12-02 18:48 62 ----a-w- c:\windows\directx.sys
2011-12-02 18:46 . 2011-12-02 18:46 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Local\RadonLabs
2011-12-02 18:44 . 2010-03-15 09:31 165376 ----a-w- c:\windows\SysWow64\unrar.dll
2011-12-02 18:44 . 2011-12-02 19:17 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-12-02 15:37 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E8678A3-C0A4-4D85-B058-EBD924CF38D6}\mpengine.dll
2011-11-28 19:16 . 2011-12-02 20:13 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\ICQ
2011-11-28 19:16 . 2011-11-28 19:18 -------- d-----w- c:\program files (x86)\ICQ7.7
2011-11-26 16:37 . 2011-11-26 16:37 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\IrfanView
2011-11-26 16:37 . 2011-11-26 16:37 -------- d-----w- c:\program files (x86)\IrfanView
2011-11-26 16:20 . 2011-11-26 16:19 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2011-11-26 16:20 . 2011-11-26 16:19 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2011-11-26 16:20 . 2011-11-26 16:19 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2011-11-26 16:19 . 2011-11-26 16:19 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-11-26 16:19 . 2011-11-26 16:19 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-26 16:19 . 2003-11-10 17:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-26 16:19 . 2003-11-10 17:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-26 16:19 . 2003-11-10 17:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-26 16:19 . 2003-11-10 17:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-26 16:19 . 2003-11-10 17:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-26 15:58 . 2011-11-26 15:58 -------- d-----w- C:\Graphics
2011-11-26 15:58 . 2007-08-19 08:37 28672 ------w- c:\windows\SysWow64\mwgfxcopy.exe
2011-11-26 09:30 . 2011-11-26 09:30 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\Screenshoter
2011-11-26 07:39 . 2011-11-26 07:39 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Local\TechSmith
2011-11-26 07:38 . 2011-11-26 07:38 -------- d-----w- c:\program files (x86)\TechSmith
2011-11-26 07:21 . 2011-11-26 07:21 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\FastStone
2011-11-23 14:11 . 2011-11-23 14:11 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-23 14:07 . 2011-11-23 14:07 -------- d-----w- c:\windows\SysWow64\spool
2011-11-23 14:05 . 2011-11-23 14:05 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-11-22 15:44 . 2011-11-23 14:02 -------- d-----w- C:\LFS
2011-11-22 15:21 . 2011-11-22 15:21 -------- d-----w- C:\NST
2011-11-22 15:19 . 2011-11-22 15:19 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Local\NeoSmart_Technologies
2011-11-22 15:19 . 2011-11-22 15:19 -------- d-----w- c:\program files (x86)\NeoSmart Technologies
2011-11-21 19:25 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-11-21 19:24 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-11-21 19:24 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-21 19:24 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-21 19:24 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-19 11:39 . 2011-12-02 08:37 1328 ----a-w- C:\FSUIPC_reg.bin
2011-11-19 10:17 . 2011-11-19 10:17 -------- d-----w- c:\program files (x86)\FastStone Capture
2011-11-15 19:02 . 2011-11-15 19:02 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Local\PackageAware
2011-11-12 18:14 . 2011-12-02 18:47 147968 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-11-12 18:14 . 2005-11-13 22:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-12 18:14 . 2005-11-13 22:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-12 18:14 . 2005-11-13 22:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-12 18:14 . 2011-11-12 18:14 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-12 18:14 . 2011-11-12 18:14 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-12 18:14 . 2005-11-13 22:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-12 18:14 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-12 11:15 . 2011-11-12 11:15 -------- d-----w- c:\windows\system32\Macromed
2011-11-12 11:01 . 2011-12-02 14:26 -------- d-----w- C:\tmp
2011-11-12 08:53 . 2011-11-12 08:53 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\QipGuard
2011-11-10 16:59 . 2010-06-09 17:55 138240 ----a-w- c:\users\Jakub.Jakub-PC\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2011-11-10 16:59 . 2011-12-02 18:50 -------- d-----w- c:\program files (x86)\QIP Infium
2011-11-09 13:50 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:50 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:50 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:50 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 17:17 . 2011-11-07 17:17 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Local\Opera
2011-11-07 17:16 . 2011-12-02 19:26 -------- d-----w- c:\program files (x86)\Opera
2011-11-06 16:06 . 2011-12-02 18:50 -------- d-----w- C:\totalcmd
2011-11-06 16:06 . 2011-11-06 16:06 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\GHISLER
2011-11-06 16:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-11-06 16:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-11-06 16:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-11-06 16:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-11-06 16:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-11-06 16:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-11-06 16:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-11-05 21:37 . 2011-11-05 21:38 -------- d-----w- C:\Omsi SCO Creator
2011-11-05 21:22 . 2011-11-05 21:22 43011 ----a-w- c:\windows\Sbunins3.exe
2011-11-05 20:44 . 2011-11-05 20:49 -------- d-----w- c:\program files\Blender Foundation
2011-11-05 20:25 . 2011-11-05 20:25 -------- d-----w- c:\users\Jakub.Jakub-PC\.thumbnails
2011-11-05 20:25 . 2011-11-05 20:28 -------- d-----w- c:\program files (x86)\Blender Foundation
2011-11-05 20:17 . 2011-12-02 18:50 -------- d-----w- C:\Python27
2011-11-05 20:15 . 2011-11-05 20:15 -------- d-----w- c:\program files (x86)\IronPython 2.7.1
2011-11-05 20:12 . 2011-11-05 20:12 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\Blender Foundation
2011-11-05 19:54 . 2011-11-13 10:40 -------- d-----w- c:\programdata\boost_interprocess
2011-11-05 19:48 . 2011-11-23 14:16 -------- d-----w- c:\programdata\FLEXnet
2011-11-05 19:48 . 2011-11-05 19:49 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Local\Autodesk
2011-11-05 19:18 . 2011-11-05 19:18 -------- d-----w- c:\program files\Autodesk
2011-11-05 19:18 . 2011-11-05 19:18 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-11-05 19:12 . 2011-11-05 19:17 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-11-05 19:11 . 2011-11-05 19:11 -------- d-----w- c:\program files (x86)\Autodesk
2011-11-05 19:08 . 2011-11-05 19:16 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2011-11-05 19:00 . 2011-11-07 17:10 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\Autodesk
2011-11-05 19:00 . 2011-11-05 19:49 -------- d-----w- c:\programdata\Autodesk
2011-11-05 16:10 . 2011-12-02 18:50 -------- d-----w- c:\program files (x86)\ZModeler
2011-11-05 12:51 . 2011-11-05 12:51 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\DxfSharpViewer
2011-11-05 12:51 . 2011-11-05 12:51 -------- d-----w- c:\program files (x86)\DXF Sharp Viewer 2
2011-11-05 12:49 . 2011-12-02 19:00 -------- d-----w- c:\program files (x86)\Any DWG DXF Converter
2011-11-04 19:32 . 2011-11-04 19:32 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-11-04 19:32 . 2011-11-04 19:32 -------- d-----w- c:\users\Jakub.Jakub-PC\SystemRequirementsLab
2011-11-04 14:34 . 2011-11-04 14:34 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Local\GIANTS Editor 4.1.9
2011-11-04 14:34 . 2011-11-04 14:34 -------- d-----w- c:\program files (x86)\GIANTS Software
2011-11-03 13:15 . 2011-11-03 13:15 -------- d-----w- c:\users\Jakub.Jakub-PC\AppData\Roaming\Z-Software
2011-11-03 12:43 . 2011-11-18 11:14 -------- d-----w- c:\programdata\Z-Software
2011-11-03 12:40 . 2008-05-30 13:18 238088 ----a-w- c:\windows\SysWow64\xactengine3_1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 18:15 . 2011-09-01 19:30 737280 ----a-w- c:\windows\iun6002.exe
2011-11-12 11:15 . 2011-08-13 18:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-26 20:25 . 2011-10-26 20:25 100464 ----a-w- c:\windows\SysWow64\ICKHTTPS2.OCX
2011-10-01 03:21 . 2011-10-27 13:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-27 13:12 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 20:45 . 2011-08-13 21:31 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-08-13 21:31 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-08-13 21:31 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-08-13 21:31 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-08-13 21:31 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-08-13 21:31 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-08-13 21:31 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-08-13 21:31 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-08-13 21:31 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"QIP Internet Guardian"="c:\users\Jakub.Jakub-PC\AppData\Roaming\QipGuard\QipGuard.exe" [2010-10-20 188416]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2011-11-28 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"spydig.exe"="c:\program files (x86)\SpyDig\spydig.exe" [2011-11-01 2004480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Jakub.Jakub-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_02.12.2011_23-03.lnk - c:\users\Jakub.Jakub-PC\Desktop\Virus Removal Tool\setup_9.0.0.722_02.12.2011_23-03\startup.exe [2011-12-2 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-05 1431888]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 15171162;15171162 Boot Guard Driver;c:\windows\system32\DRIVERS\15171162.sys [x]
S1 15171161;15171161;c:\windows\system32\DRIVERS\15171161.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 setup_9.0.0.722_02.12.2011_23-03drv;setup_9.0.0.722_02.12.2011_23-03drv;c:\windows\system32\DRIVERS\1517116.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;d:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 dyncal64;Dynamic64 Calibration Driver;c:\windows\system32\DRIVERS\dyncal64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"combofix"="c:\combofix\CF18463.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-737 Pilot in Command - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstal_737PIC.exe
AddRemove-A310 The Master's Edition v1.5 Update - 0:\program files (x86)\Microsoft Games\Flight Simulator 9\A310.Patch.1.5.Uninstal.exe
AddRemove-Carenado C 152 II - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Carenado Cessna Skylane 182 RG II - c:\program files (x86)\Microsoft Games\Flight Simulator 9\UNCARCESSNA182RGII.exe
AddRemove-EasyBCD - c:\program files (x86)\NeoSmart Technologies\EasyBCD\uninstall.exe
AddRemove-FeelThere Caravan! Deluxe - c:\program files (x86)\Microsoft Games\Flight Simulator 9\caravandlx-uninst.exe
AddRemove-Flight Simulator 9.0 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE
AddRemove-Fly the Maddog Professional 2010 Edition - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstall Fly the Maddog for FS9.exe
AddRemove-FS2Crew: 737 Professional Edition - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstall.exe
AddRemove-FS2Crew: iFly737NG Voice Control Edition - c:\program files (x86)\Microsoft Games\Flight Simulator 9\unFS2Crew2010_FS9_IFly737NG_Voice_Control.exe
AddRemove-FS2Crew: Level-D 767 Voice Commander Edition - c:\program files (x86)\Microsoft Games\Flight Simulator 9\unFS2Crew2010_FS9_LDS767.exe
AddRemove-iFly Jets - The 737NG for FS2004 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Un-iFly737.exe
AddRemove-Mozilla Firefox 7.0.1 (x86 cs) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-PSPad editor_is1 - c:\program files (x86)\PSPad editor\Uninst\unins000.exe
AddRemove-rFactor - d:\program files (x86)\rFactor\Uninstall.exe
AddRemove-Teamspeak 2 RC2_is1 - c:\program files (x86)\Teamspeak2_RC2\unins000.exe
AddRemove-TeamViewer 6 - c:\program files (x86)\TeamViewer\Version6\uninstall.exe
AddRemove-TOPCAT - c:\program files (x86)\TOPCAT starsi\uninst.exe
AddRemove-TSS Airbus IAE-V2500 New Gen sound - c:\program files (x86)\TSS Airbus IAE-V2500 New Gen sound\Uninstal.exe
AddRemove-TSS Boeing 767 GE Sound - c:\program files (x86)\TSS Boeing 767 GE Sound\Uninstal.exe
AddRemove-UK2000 London City Xtreme FS9 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 London City Xtreme\uninstall.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-VATSpy - c:\program files (x86)\VATSpy\uninstall.exe
AddRemove-VLC media player - c:\program files (x86)\VideoLAN\VLC\uninstall.exe
AddRemove-ZModeler - c:\program files (x86)\ZModeler\zmuninst.exe
AddRemove-{32B08666-1587-435D-988C-7958A04B218A}_is1 - c:\program files (x86)\OMSI Addon Manager\unins000.exe
AddRemove-{66CFDDB7-E8B4-4239-80DC-F5AA86D81BC3}_is1 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\unins000.exe
AddRemove-Carenado's C172N Skyhawk II FS2004 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-FeelThere E-Jets v.2 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstal-ftejets2.exe
AddRemove-PhotoFiltre - c:\program files (x86)\PhotoFiltre\Uninst.exe
AddRemove-PT Tu-154M Czechoslovak version 1.1 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-PT Tu-154M Czechoslovak version 1.2 - c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstal_PT_TU-154Mcz.exe
AddRemove-QIP 2005 - c:\program files (x86)\QIP\unins000.exe
AddRemove-QIP Infium - c:\program files (x86)\QIP Infium\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Celkový čas: 2011-12-02 21:23:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-02 20:22
.
Před spuštěním: 2 524 426 240
Po spuštění: 2 838 835 200
.
- - End Of File - - 5E39B4405E87AAD8E30C9675F7D578C7



Díky moc.

Zdravím!
Něco CF smazal. Tento soubor: c:\windows\SysWow64\mwgfxcopy.exe otestujte online na www.virustotal.com .

Nic. Je to čistý soubor.

Jinak avast to dává do truhly, teď s procesem explorer.exe..

OK. Udělejte sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.

Je možný, že v prvním logu nic nemám? Zapl jsem program, počkal, dal Save a nic v tom nebylo.

Vyplivlo mi to po hodně dlouhý době jen tohle:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-02 23:56:44
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Intel(R) 82566DC \x2013 gigabitové síťové připojení 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Intel(R) 82566DC \x2013 gigabitové síťové připojení 1?

---- EOF - GMER 1.0.15 ----


. Vpravo v tom sloupci jsem mohl vybrat jen tři poslední řádky .

EDIT: Hru jsem instaloval do particie kde není systém. Teď jsem tam objevil podvný soubory a přesně i ten co se řadí k tomu viru, typ tmp či co. Smazal jsem, ale zatím nepomohlo :/. Nevím už sakra..

Rozhodl jsem se nad reinstallem. V linuxu (live cd) si hodim nějaké soubory na extérní HDD a potom udělám formát všech oddílu.

OK. To je také řešení.