VIRY.CZ

Zdravim,

neviem si rady s virom/virmi nechcu sa zmazat, su to trojany, po vymazani a restarte sa to znova vrati
mazal som superantispyware-om, MBAM, aj MS Essentials.... vsetky mazu ale stale je to spät

-omLogfile of random's system information tool 1.09 (written by random/random)
Run by Eddo at 2012-03-02 06:35:19
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 9 GB (7%) free of 137 GB
Total RAM: 2037 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:35:28, on 2. 3. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HTC Home\Clock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nightly\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Eddo\Documents\RSIT.exe
C:\Program Files\trend micro\Eddo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Clock Widget (HTC Home)] "C:\Program Files\HTC Home\Clock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 2895 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Eddo\AppData\Roaming\Mozilla\Firefox\Profiles\wrurej6y.default

prefs.js - "browser.startup.homepage" - "www.google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.300.130 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_300_130.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Nightly\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Nightly\components\
binary.manifest
browsercomps.dll

C:\Program Files\Nightly\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Eddo\AppData\Roaming\Mozilla\Firefox\Profiles\wrurej6y.default\extensions\
Stratiform@SoapySpew
uriloader@pdf.js

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-10-25 173592]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Clock Widget (HTC Home)"=C:\Program Files\HTC Home\Clock.exe [2011-06-21 2035712]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Eddo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk]
C:\PROGRA~1\Trillian\trillian.exe [2012-01-10 830976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.IV41"=IR41_32.AX

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2030-08-29 13:22:30 ----N---- C:\Windows\system32\iyvu9_32.dll
2030-08-29 13:22:30 ----N---- C:\Windows\system32\iacenc.dll
2012-03-02 06:32:27 ----A---- C:\Windows\system32\drivers\yjxwjsie.sys
2012-03-02 06:31:46 ----D---- C:\rsit
2012-03-02 01:47:55 ----SHD---- C:\Windows\system32\%APPDATA%
2012-03-02 01:20:48 ----ASH---- C:\Windows\system32\dds_log_trash.cmd
2012-02-22 12:32:47 ----D---- C:\Users\Eddo\AppData\Roaming\Dev-Cpp
2012-02-22 12:28:00 ----D---- C:\Dev-Cpp
2012-02-15 18:12:31 ----SHD---- C:\Config.Msi
2012-02-15 17:53:58 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-15 17:53:56 ----A---- C:\Windows\system32\jscript.dll
2012-02-15 17:53:56 ----A---- C:\Windows\system32\iertutil.dll
2012-02-15 17:53:54 ----A---- C:\Windows\system32\jscript9.dll
2012-02-15 17:53:53 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-15 17:53:51 ----A---- C:\Windows\system32\wininet.dll
2012-02-15 17:53:51 ----A---- C:\Windows\system32\url.dll
2012-02-15 17:53:50 ----A---- C:\Windows\system32\ieui.dll
2012-02-15 17:53:46 ----A---- C:\Windows\system32\mshtml.dll
2012-02-15 17:53:43 ----A---- C:\Windows\system32\ieframe.dll
2012-02-15 17:53:42 ----A---- C:\Windows\system32\urlmon.dll
2012-02-15 12:33:28 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-15 12:33:24 ----A---- C:\Windows\system32\shell32.dll
2012-02-15 12:33:23 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-15 12:31:36 ----A---- C:\Windows\system32\win32k.sys
2012-02-11 00:55:42 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2012-03-02 06:35:25 ----D---- C:\Program Files\trend micro
2012-03-02 06:33:46 ----D---- C:\Windows\Temp
2012-03-02 06:32:27 ----D---- C:\Windows\system32\drivers
2012-03-02 06:31:58 ----D---- C:\Windows\Prefetch
2012-03-02 06:30:31 ----D---- C:\Program Files\HTC Home
2012-03-02 06:30:16 ----D---- C:\Windows\system32\config
2012-03-02 06:26:56 ----D---- C:\Windows
2012-03-02 06:23:41 ----D---- C:\Users\Eddo\AppData\Roaming\Media Player Classic
2012-03-02 06:23:05 ----D---- C:\Users\Eddo\AppData\Roaming\uTorrent
2012-03-02 06:22:40 ----D---- C:\Windows\inf
2012-03-02 06:22:28 ----D---- C:\Windows\debug
2012-03-02 06:12:48 ----D---- C:\Windows\en-US
2012-03-02 02:30:52 ----D---- C:\Windows\System32
2012-03-02 02:30:25 ----D---- C:\Windows\pss
2012-03-02 02:24:26 ----D---- C:\Program Files\Trillian
2012-03-02 02:22:05 ----D---- C:\Program Files\SUPERAntiSpyware
2012-03-02 02:11:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-02 00:33:52 ----D---- C:\Users\Eddo\AppData\Roaming\vlc
2012-03-02 00:18:44 ----D---- C:\Windows\system32\log
2012-03-01 18:28:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-01 09:45:31 ----D---- C:\Program Files\Mozilla Firefox
2012-02-29 22:44:39 ----D---- C:\Windows\system32\catroot
2012-02-29 22:44:37 ----D---- C:\Windows\system32\DriverStore
2012-02-29 14:53:31 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-02-29 01:35:25 ----SHD---- C:\System Volume Information
2012-02-24 17:23:32 ----D---- C:\Program Files\Nightly
2012-02-23 20:40:06 ----D---- C:\Windows\system32\NDF
2012-02-21 17:12:09 ----A---- C:\Users\Eddo\AppData\Roaming\Network Meter_Settings.ini
2012-02-19 22:26:27 ----D---- C:\Program Files\Mozilla Thunderbird
2012-02-18 19:32:50 ----D---- C:\Program Files\uTorrent
2012-02-16 01:17:21 ----RSD---- C:\Windows\assembly
2012-02-16 01:17:21 ----D---- C:\Windows\Microsoft.NET
2012-02-15 18:25:25 ----D---- C:\Windows\winsxs
2012-02-15 18:23:00 ----D---- C:\Windows\system32\migration
2012-02-15 18:22:59 ----D---- C:\Program Files\Internet Explorer
2012-02-15 18:20:18 ----SHD---- C:\Windows\Installer
2012-02-15 18:08:22 ----A---- C:\Windows\system32\MRT.exe
2012-02-15 18:07:59 ----D---- C:\ProgramData\Microsoft Help
2012-02-15 17:54:24 ----D---- C:\Windows\system32\catroot2
2012-02-13 10:26:14 ----D---- C:\Windows\Tasks
2012-02-13 10:22:01 ----D---- C:\Windows\system32\drivers\etc
2012-02-11 00:55:45 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-03-31 1792512]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-10-25 4807168]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-05 242992]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S1 yjxwjsie;yjxwjsie; \??\C:\Windows\system32\drivers\yjxwjsie.sys [2012-03-02 41680]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
S3 GPCIDrv;GPCIDrv; \??\C:\Users\Eddo\Desktop\Download\GV-N560OC-1GI\GPCIDrv.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 S6000KNT;S6000KNT_WebCam Driver; C:\Windows\System32\Drivers\S6000KNT.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 RsFx0105;RsFx0105 Driver; C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-09-22 97640]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-02-24 112584]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400]
S4 CscService;Offline Files; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2011-09-22 255336]

-----------------EOF-----------------

Také zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Este pred sputenim Combofixu sa mi nejakym sposobom podarilo zastavit vyskakovanie hrozieb po kazdom restarte.

ComboFix 12-03-02.01 - Eddo . 03. 2012 19:55:06.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.2037.1418 [GMT 1:00]
Running from: c:\users\Eddo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eddo\AppData\Local\264cf9cc\U
c:\users\Eddo\AppData\Local\264cf9cc\U\00000001.$
c:\users\Eddo\AppData\Local\264cf9cc\U\000000cb.$
c:\users\Eddo\AppData\Local\264cf9cc\U\000000cf.$
c:\users\Eddo\AppData\Local\264cf9cc\U\80000000.@
c:\users\Eddo\AppData\Roaming\Microsoft\Windows\Recent\ (2)
c:\users\Eddo\AppData\Roaming\Microsoft\Windows\Recent\ (3)
c:\users\Public\Desktop\AntiMalware.lnk
c:\windows\$NtUninstallKB8319$
c:\windows\$NtUninstallKB8319$\3956726504
c:\windows\$NtUninstallKB8319$\642578892\@
c:\windows\$NtUninstallKB8319$\642578892\L\xadqgnnk
c:\windows\$NtUninstallKB8319$\642578892\loader.tlb
c:\windows\$NtUninstallKB8319$\642578892\U\@00000001
c:\windows\$NtUninstallKB8319$\642578892\U\@000000c0
c:\windows\$NtUninstallKB8319$\642578892\U\@000000cb
c:\windows\$NtUninstallKB8319$\642578892\U\@000000cf
c:\windows\$NtUninstallKB8319$\642578892\U\@80000000
c:\windows\$NtUninstallKB8319$\642578892\U\@800000c0
c:\windows\$NtUninstallKB8319$\642578892\U\@800000cb
c:\windows\$NtUninstallKB8319$\642578892\U\@800000cf
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\setupsqm.exe
c:\windows\system32\oobe\windeploy.exe
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2030-08-29 12:22 . 2030-08-29 12:22 56832 ------w- c:\windows\system32\iyvu9_32.dll
2030-08-29 12:22 . 2030-08-29 12:22 143872 ------w- c:\windows\system32\iacenc.dll
2012-03-02 19:17 . 2012-03-02 19:22 -------- d-----w- c:\users\Eddo\AppData\Local\temp
2012-03-02 19:17 . 2012-03-02 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 19:17 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-02 18:51 . 2012-03-02 18:51 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\offreg.dll
2012-03-02 13:59 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\mpengine.dll
2012-03-02 07:03 . 2012-03-02 07:03 -------- d-----w- C:\_OTM
2012-03-02 05:31 . 2012-03-02 05:32 -------- d-----w- C:\rsit
2012-03-02 00:47 . 2012-03-02 00:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-02 00:20 . 2012-03-02 19:15 -------- d-sh--w- c:\users\Eddo\AppData\Local\264cf9cc
2012-02-22 11:32 . 2012-02-22 12:42 -------- d-----w- c:\users\Eddo\AppData\Roaming\Dev-Cpp
2012-02-22 11:28 . 2012-02-22 11:32 -------- d-----w- C:\Dev-Cpp
2012-02-15 11:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 11:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 11:33 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 11:31 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-11 00:00 . 2012-02-11 00:00 -------- d-----w- c:\users\Eddo\AppData\Local\Macromedia
2012-02-10 23:55 . 2012-02-10 23:58 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-02-10 06:19 . 2011-11-30 19:11 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 06:19 . 2012-02-10 06:18 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BACEB08-1E37-4BA4-B995-F079AC1B4DC2}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 19:23 . 2012-03-02 19:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\MpKsl2eac0beb.sys
2012-02-10 23:58 . 2011-05-13 18:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2011-11-30 22:52 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-11-20 02:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 02:12 . 2011-02-15 23:31 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-12-10 14:24 . 2011-08-30 08:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 08:45 . 2011-10-23 13:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clock Widget (HTC Home)"="c:\program files\HTC Home\Clock.exe" [2011-06-21 2035712]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Eddo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk]
path=c:\users\Eddo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
backup=c:\windows\pss\Trillian.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 GPCIDrv;GPCIDrv;c:\users\Eddo\Desktop\Download\GV-N560OC-1GI\GPCIDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-01 112584]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S1 MpKsl2eac0beb;MpKsl2eac0beb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\MpKsl2eac0beb.sys [2012-03-02 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL2EAC0BEB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Eddo\AppData\Roaming\Mozilla\Firefox\Profiles\wrurej6y.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_xy4Č"*ŚZ*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_xy4Č"*ŚZ*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2Ü4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2Ü4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3988)
c:\program files\SDExplorer\SDShellNSE.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Completion time: 2012-03-02 20:33:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 19:33
.
Pre-Run: 10 004 926 464 bytes free
Post-Run: 9 642 500 096 bytes free
.
- - End Of File - - EB6DBE8325957EF681355AFC96520422

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_xy4Č"*ŚZ*]
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_xy4Č"*ŚZ*\OpenWithList]
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2Ü4]
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2Ü4\OpenWithList]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Tak hadam som to dobre dal.

ComboFix 12-03-02.01 - Eddo . 03. 2012 21:12:27.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.2037.1138 [GMT 1:00]
Running from: c:\users\Eddo\Desktop\ComboFix.exe
Command switches used :: c:\users\Eddo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2030-08-29 12:22 . 2030-08-29 12:22 56832 ------w- c:\windows\system32\iyvu9_32.dll
2030-08-29 12:22 . 2030-08-29 12:22 143872 ------w- c:\windows\system32\iacenc.dll
2012-03-02 20:26 . 2012-03-02 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 20:12 . 2012-03-02 20:12 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\MpKsl684eca67.sys
2012-03-02 19:33 . 2012-03-02 20:26 -------- d-----w- c:\users\Eddo\AppData\Local\temp
2012-03-02 19:23 . 2012-03-02 19:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\MpKsl2eac0beb.sys
2012-03-02 19:17 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-02 18:51 . 2012-03-02 18:51 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\offreg.dll
2012-03-02 13:59 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\mpengine.dll
2012-03-02 07:03 . 2012-03-02 07:03 -------- d-----w- C:\_OTM
2012-03-02 05:31 . 2012-03-02 05:32 -------- d-----w- C:\rsit
2012-03-02 00:47 . 2012-03-02 00:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-02 00:20 . 2012-03-02 19:15 -------- d-sh--w- c:\users\Eddo\AppData\Local\264cf9cc
2012-02-22 11:32 . 2012-02-22 12:42 -------- d-----w- c:\users\Eddo\AppData\Roaming\Dev-Cpp
2012-02-22 11:28 . 2012-02-22 11:32 -------- d-----w- C:\Dev-Cpp
2012-02-15 11:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 11:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 11:33 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 11:31 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-11 00:00 . 2012-02-11 00:00 -------- d-----w- c:\users\Eddo\AppData\Local\Macromedia
2012-02-10 23:55 . 2012-02-10 23:58 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-02-10 06:19 . 2011-11-30 19:11 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 06:19 . 2012-02-10 06:18 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BACEB08-1E37-4BA4-B995-F079AC1B4DC2}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 23:58 . 2011-05-13 18:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2011-11-30 22:52 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-11-20 02:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 02:12 . 2011-02-15 23:31 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-12-10 14:24 . 2011-08-30 08:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 08:45 . 2011-10-23 13:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clock Widget (HTC Home)"="c:\program files\HTC Home\Clock.exe" [2011-06-21 2035712]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Eddo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk]
path=c:\users\Eddo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
backup=c:\windows\pss\Trillian.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 GPCIDrv;GPCIDrv;c:\users\Eddo\Desktop\Download\GV-N560OC-1GI\GPCIDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-01 112584]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S1 MpKsl2eac0beb;MpKsl2eac0beb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\MpKsl2eac0beb.sys [2012-03-02 29904]
S1 MpKsl684eca67;MpKsl684eca67;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{342B885A-0C97-40E6-9A5E-CAF73380E60E}\MpKsl684eca67.sys [2012-03-02 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL2EAC0BEB
*NewlyCreated* - MPKSL684ECA67
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Eddo\AppData\Roaming\Mozilla\Firefox\Profiles\wrurej6y.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_xy4Č"*ŚZ*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_xy4Č"*ŚZ*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2Ü4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1125952511-3963374178-2526684035-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2Ü4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1860)
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
.
Completion time: 2012-03-02 21:34:47
ComboFix-quarantined-files.txt 2012-03-02 20:34
ComboFix2.txt 2012-03-02 19:33
.
Pre-Run: 9 712 775 168 bytes free
Post-Run: 9 643 659 264 bytes free
.
- - End Of File - - 53A771E86F85A0D6DDE71CFF837A319A

Log již vypadá OK. Nastala nějaká změna?

ano, vsetko funguje ako ma bez problemov, vdaka

Nemáte zač!

VIRY.CZ

Help v virom

Help v virom

Re: Help v virom

Re: Help v virom

Re: Help v virom

Re: Help v virom

Re: Help v virom

Re: Help v virom

Re: Help v virom