VIRY.CZ

Dobrý večer,

Dostal se mi do rukou počítač kamaráda s tím, že se mu strašně seká a osobně mám podezření, že to má nehorázně zavirované. Proto bych Vás chtěl poprosit o kontrolu tohoto logu - předem moc děkuji!!

Logfile of random's system information tool 1.09 (written by random/random)
Run by Holadovi at 2012-03-14 00:13:38
Microsoft Windows 7 Home Premium
System drive C: has 190 GB (41%) free of 463 GB
Total RAM: 3839 MB (41% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
/QuitInfo:00000000000002A8;00000000000002CC; /AddRef;
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe"
C:\Windows\update.7.1\svchostdriver.exe srv
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe"
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Windows\sysdriver32.exe srv
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\update.1\svchost.exe srv
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b3d4fa42-8dc6-4ec5-bea2-1d2223a0c344 -SystemEventPortName:HostProcess-0bb7650f-4523-4870-994b-092296acc875 -IoCancelEventPortName:HostProcess-e4d9d376-e63b-4e90-9a10-c4c8856312e1 -NonStateChangingEventPortName:HostProcess-839e7677-7276-4558-b417-617627a0dadb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3fdb311c-e4cf-47d5-bf62-9f169189b6b6
"taskhost.exe"
/QuitInfo:00000000000008B0;00000000000008B4; /AddRef;
/QuitInfo:0000000000000864;00000000000008BC;
"C:\Windows\system32\Dwm.exe"
/loadhooks /Parent:00000000000008B8
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
C:\Users\Holadovi\AppData\Roaming\SystemProc\lsass.exe
"C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe"
"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
"C:\Windows\update.tray-9-0\svchost.exe"
"C:\Windows\update.tray-10-0\svchost.exe"
"C:\Windows\update.tray-2-0\svchost.exe"
"C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe"
"C:\Windows\l1rezerv.exe"
"C:\Windows\systemup.exe" stand
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
HPTouchSmartSyncCalReminderApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe"
taskeng.exe {05C1BF22-711A-4F27-A97E-9D0F482B5B09}
"c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
"c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"taskhost.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\WinRAR\WinRAR.exe" "F:\STOPz_5.0.30.72.rar"
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Holadovi\AppData\Local\Temp\Rar$DI00.761\Step by step Get STOPZilla! Registered.txt
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\update.7.1\svchostdriver.exe" stand
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"F:\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-570946610-1608995928-4223595886-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-570946610-1608995928-4223595886-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-02-29 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll [2012-01-16 346168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
CescrtHlpr Object - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll [2010-11-07 225720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-02-29 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-16 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-02-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-02-29 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll []
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarTlbr.dll [2010-11-07 184760]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-02-29 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-20 7981088]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-18 16334368]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-26 2184520]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-17 767312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]
"RTHDBPL"=C:\Users\Holadovi\AppData\Roaming\SystemProc\lsass.exe [2010-07-15 75264]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-02-17 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"HP KEYBOARDx"=C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [2009-07-15 715264]
"Buttons & OSDs control application gen3"=c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe [2009-07-03 212992]
"UpdatePRCShortCut"=C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"IJNetworkScanUtility"=C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2009-05-19 136544]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\qttask.exe [2011-05-05 77824]
"B2C_AGENT"=C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [2011-09-28 404568]
"wxpdrv"=C:\Windows\services32.exe [2011-08-21 1216000]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-9-0\svchost.exe [2011-08-21 1216000]
"tray_ico1"=C:\Windows\update.tray-10-0\svchost.exe [2011-08-21 1216000]
"tray_ico2"=C:\Windows\update.tray-2-0\svchost.exe [2011-08-21 1216000]
"tray_ico3"= []
"tray_ico4"= []
"7219880.exe"=C:\Windows\Temp\7219880.exe []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-11-02 257024]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-11-02 257024]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-08-21 232960]
"systemup"=C:\Windows\systemup.exe [2011-08-28 130560]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Holadovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-14 00:13:38 ----D---- C:\rsit
2012-03-14 00:13:38 ----D---- C:\Program Files\trend micro
2012-03-12 12:18:54 ----HD---- C:\Windows\update.tray-2-0-lnk
2012-03-12 12:18:54 ----HD---- C:\Windows\update.tray-2-0
2012-03-12 11:38:52 ----D---- C:\Users\Holadovi\AppData\Roaming\VS Revo Group
2012-03-12 11:30:26 ----A---- C:\Windows\system32\drivers\revoflt.sys
2012-03-12 11:30:24 ----D---- C:\Program Files\VS Revo Group
2012-03-11 15:29:26 ----ASH---- C:\pagefile.sys
2012-03-10 00:41:59 ----ASH---- C:\Windows\system32\dds_log_ad13.cmd

======List of files/folders modified in the last 1 month======

2012-03-14 00:13:38 ----RD---- C:\Program Files
2012-03-14 00:13:36 ----D---- C:\Windows\Temp
2012-03-14 00:09:21 ----SHD---- C:\Windows\Installer
2012-03-14 00:09:21 ----D---- C:\Windows\SYSWOW64\drivers
2012-03-14 00:09:21 ----D---- C:\Windows\SysWOW64
2012-03-14 00:09:21 ----D---- C:\Program Files (x86)\Common Files
2012-03-14 00:09:21 ----D---- C:\Program Files (x86)
2012-03-14 00:09:20 ----HD---- C:\ProgramData
2012-03-14 00:07:31 ----SHD---- C:\System Volume Information
2012-03-14 00:05:51 ----D---- C:\Windows\system32\Tasks
2012-03-14 00:03:03 ----D---- C:\Windows\System32
2012-03-14 00:03:03 ----D---- C:\Windows\inf
2012-03-14 00:03:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-13 23:57:19 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2012-03-13 23:57:12 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-03-13 23:04:21 ----D---- C:\Windows\system32\config
2012-03-13 22:26:19 ----D---- C:\Windows\system32\drivers
2012-03-13 22:04:04 ----D---- C:\Windows\Prefetch
2012-03-12 12:20:42 ----A---- C:\Windows\SYSWOW64\lgAxconfig.ini
2012-03-12 12:20:24 ----D---- C:\Windows\av_ico
2012-03-12 12:18:54 ----D---- C:\Windows
2012-03-12 12:17:38 ----A---- C:\Windows\winlog-ids.txt
2012-03-12 12:17:38 ----A---- C:\Windows\winlog-dirs.txt
2012-03-12 12:01:58 ----D---- C:\ProgramData\Hewlett-Packard
2012-03-12 12:01:36 ----D---- C:\Users\Holadovi\AppData\Roaming\Skype
2012-03-12 11:59:02 ----D---- C:\Program Files (x86)\Hewlett-Packard
2012-03-12 11:55:00 ----D---- C:\Program Files (x86)\Canon
2012-03-12 11:48:20 ----D---- C:\Users\Holadovi\AppData\Roaming\HP Support Assistant
2012-03-12 11:42:22 ----RD---- C:\Program Files (x86)\Skype
2012-03-12 11:26:48 ----D---- C:\Windows\system32\drivers\etc
2012-03-12 11:18:03 ----A---- C:\Windows\iecheck_iplist.txt
2012-03-12 10:21:22 ----D---- C:\Windows\ufa
2012-03-12 10:20:28 ----D---- C:\Windows\Minidump
2012-03-12 10:10:52 ----D---- C:\Program Files (x86)\DsNET Corp
2012-03-12 10:05:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-03-12 09:50:58 ----D---- C:\Program Files (x86)\Rockstar Games
2012-03-12 09:35:50 ----D---- C:\Program Files (x86)\Electronic Arts
2012-03-12 09:35:00 ----D---- C:\Seven Kingdoms II
2012-03-12 09:25:11 ----D---- C:\Windows\Tasks
2012-03-12 09:18:25 ----D---- C:\Program Files (x86)\HP Games
2012-03-12 09:18:11 ----D---- C:\ProgramData\WildTangent
2012-03-12 08:59:09 ----D---- C:\Users\Holadovi\AppData\Roaming\uTorrent
2012-03-12 08:48:22 ----D---- C:\Windows\system32\NDF
2012-03-11 12:39:43 ----A---- C:\Windows\btc_client_iplist.txt
2012-03-11 12:38:55 ----A---- C:\Windows\iplist.txt
2012-03-10 00:40:54 ----ASH---- C:\Windows\system32\dds_log_trash.cmd
2012-03-03 18:36:50 ----D---- C:\ProgramData\CanonIJPLM
2012-03-03 12:45:57 ----D---- C:\Windows\system32\catroot2
2012-02-16 22:41:52 ----D---- C:\ProgramData\CanonIJ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-06-22 240672]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [2009-11-25 402992]
R1 BHDrvx64;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [2010-01-20 334384]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [2010-02-13 583296]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-02-13 475696]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 34472]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS [2009-11-25 32304]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-11-25 31280]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS [2009-11-25 278576]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-03-24 124760]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 47632]
R3 ACPIService;Buttons and OSDs ACPI driver gen2; C:\Windows\system32\DRIVERS\OSDACPI.SYS [2009-06-17 17992]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-04-28 21832]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-20 1831968]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2009-05-19 339360]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-04-25 28704]
R3 NW1950;NextWindow 1950 Touch Screen; C:\Windows\system32\DRIVERS\NW1950.sys [2009-07-29 24568]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2010-02-13 172592]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [2009-11-25 120880]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [2009-11-25 56880]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 36352]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100409.001\IDSvia64.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 hidkmdf;Microsoft HID Class Shim for KMDF; C:\Windows\system32\DRIVERS\hidkmdf.sys [2009-07-29 13816]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100415.019\ENG64.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100415.019\EX64.SYS []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS [2009-11-25 476720]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2011-02-14 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2011-02-14 28160]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2011-02-14 34816]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [2009-03-31 92160]
R2 audstub;Safety Settings Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 CalendarSynchService;CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-11-30 378880]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-18 382496]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-03-13 66872]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-11-14 347648]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-10-30 1942528]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-11-02 257024]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-08-21 1216000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe []
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe []
S2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll /prefetch:1 []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-17 182768]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe []
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]

-----------------EOF-----------------

Zdravím!
Máte pravdu, že je tam halda virů. Nejprve proveďte úplný sken MBAM: http://www.malwarebytes.org/mbam.php .Dejte log, předem nic nemažte. Zbytek pak dočistíme ručně.

Tady to je. Ještě jednou předem děkuji.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.07

Windows 7 x64 FAT32
Internet Explorer 8.0.7600.16385
Holadovi :: HOLADOVI-PC [administrator]

Protection: Enabled

15.3.2012 0:41:24
mbytes_log

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 412321
Time elapsed: 53 minute(s), 28 second(s)

Memory Processes Detected: 15
C:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 1532 -> No action taken.
C:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 5808 -> No action taken.
C:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 464 -> No action taken.
C:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 196 -> No action taken.
C:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 1520 -> No action taken.
C:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 4076 -> No action taken.
C:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> 4580 -> No action taken.
C:\Users\Holadovi\AppData\Roaming\SystemProc\lsass.exe (Worm.KoobFace) -> 2636 -> No action taken.
C:\Windows\sysdriver32.exe (Trojan.Agent) -> 2824 -> No action taken.
C:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 1668 -> No action taken.
C:\Windows\update.tray-9-0\svchost.exe (Trojan.Dropper) -> 3544 -> No action taken.
C:\Windows\update.tray-10-0\svchost.exe (Trojan.Dropper) -> 3552 -> No action taken.
C:\Windows\update.tray-2-0\svchost.exe (Trojan.Dropper) -> 3676 -> No action taken.
C:\Windows\l1rezerv.exe (Trojan.Agent) -> 3044 -> No action taken.
C:\Windows\systemup.exe (Trojan.Agent.H) -> 2068 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKLM\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Dropper.H) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKLM\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKLM\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKLM\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Registry Values Detected: 13
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RTHDBPL (Worm.KoobFace) -> Data: C:\Users\Holadovi\AppData\Roaming\SystemProc\lsass.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysdriver32.exe (Trojan.Agent) -> Data: "C:\Windows\sysdriver32.exe" rezerv -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico0 (Trojan.Dropper) -> Data: C:\Windows\update.tray-9-0\svchost.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico1 (Trojan.Dropper) -> Data: C:\Windows\update.tray-10-0\svchost.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray_ico2 (Trojan.Dropper) -> Data: C:\Windows\update.tray-2-0\svchost.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|l1rezerv.exe (Trojan.Agent) -> Data: "C:\Windows\l1rezerv.exe" -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|systemup (Trojan.Agent.H) -> Data: "C:\Windows\systemup.exe" stand -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wxpdrv (Trojan.Dropper) -> Data: C:\Windows\services32.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysdriver32_.exe (Trojan.Agent) -> Data: "C:\Windows\sysdriver32_.exe" rezerv -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|7219880.exe (Trojan.Downloader.Gen) -> Data: "C:\Windows\Temp\7219880.exe" -> No action taken.
HKLM\SOFTWARE\Services32.exe|close (Trojan.Agent) -> Data: 0 -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\ddservice|ImagePath (Trojan.Agent) -> Data: C:\Windows\update.7.1\svchostdriver.exe srv -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\wxpDrivers|ImagePath (Trojan.Agent) -> Data: C:\Windows\update.1\svchost.exe srv -> No action taken.

Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Control\SAFEBOOT|AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> No action taken.

Folders Detected: 5
C:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.
C:\Users\Holadovi\AppData\Roaming\SystemProc (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> No action taken.

Files Detected: 45
C:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> No action taken.
C:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
C:\Windows\update.2\svchost.exe (Trojan.Dropper.H) -> No action taken.
C:\Users\Holadovi\AppData\Roaming\SystemProc\lsass.exe (Worm.KoobFace) -> No action taken.
C:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
C:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
C:\Windows\update.tray-9-0\svchost.exe (Trojan.Dropper) -> No action taken.
C:\Windows\update.tray-10-0\svchost.exe (Trojan.Dropper) -> No action taken.
C:\Windows\update.tray-2-0\svchost.exe (Trojan.Dropper) -> No action taken.
C:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
C:\Windows\systemup.exe (Trojan.Agent.H) -> No action taken.
C:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
C:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
C:\Users\Holadovi\Downloads\Flash-Player.exe (Trojan.Dropper) -> No action taken.
C:\Windows\assembly\tmp\U\00000001.@ (Rootkit.0Access) -> No action taken.
C:\Windows\assembly\tmp\U\000000cb.@ (Trojan.Agent) -> No action taken.
C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> No action taken.
C:\Windows\assembly\tmp\U\800000c0.@ (Rootkit.0Access) -> No action taken.
C:\Windows\assembly\tmp\U\800000cb.@ (Rootkit.0Access) -> No action taken.
C:\Windows\assembly\tmp\U\800000cf.@ (Rootkit.0Access) -> No action taken.
C:\Windows\rpcminer\rpcminer-cpu.exe (PUP.BitCoinMiner) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\712d2e9b\X (Rootkit.Agent) -> No action taken.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\712d2e9b\X (Rootkit.Agent) -> No action taken.
C:\Windows\update.tray-10-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
C:\Windows\update.tray-2-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
C:\Windows\update.tray-9-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
C:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
C:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
C:\Users\Holadovi\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> No action taken.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> No action taken.

(end)

Vše co MBAM nalezl, smažte. Restartujte PC a dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Snažil jsem se u ComboFixu jít podle instrukcí - poté, co jsem odsouhlasil podmínky se však extrahoval a dál se nic neděje (ani po opakovaných pokusech). Spouštím ho jako administrátor a okamžitě po restartu/spuštění počítače.

V čem by prosím mohl být problém?

Zkuste to v nouz. režimu.

v nouzovém režimu bohužel to samé...

EDIT: Nemohl by být problém v 64bitové verzi Windows 7?

64b verze už CF umí asi rok. Zkuste soubor CF přejmenovat třeba na cokoli.com.

Pořád nic..

Jinak, už se mě to nikdy neptá, jestli souhlasím s licenčními podmínkami (disclaimer) - ptalo se to jen poprvé. Od té doby nic..

Tak na to půjdeme jinak. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Scan AvP toolem nešel dokončit.. zasekl se na 49% a dál nepokračoval (na nějakém .dll v System32),.. nepohl se na jiný soubor ani po 24h.

Ze zoufalství jsem teda updatoval Windows na Service Pack 1 a zkusil spustit ComboFix - a povedlo se. Níže přikládám log:


ComboFix 12-03-15.03 - Holadovi 17.03.2012 23:43:09.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.3839.2219 [GMT 1:00]
Spuštěný z: c:\users\Holadovi\Desktop\cokoliv.com.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Holadovi\AppData\Roaming\chrtmp
c:\windows\assembly\tmp\U
c:\windows\av_ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\av_ico\ico_norton_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\inf\win32
c:\windows\inf\win32\0x0404.ini
c:\windows\inf\win32\0x0405.ini
c:\windows\inf\win32\0x0406.ini
c:\windows\inf\win32\0x0407.ini
c:\windows\inf\win32\0x0408.ini
c:\windows\inf\win32\0x0409.ini
c:\windows\inf\win32\0x040a.ini
c:\windows\inf\win32\0x040b.ini
c:\windows\inf\win32\0x040c.ini
c:\windows\inf\win32\0x040e.ini
c:\windows\inf\win32\0x0410.ini
c:\windows\inf\win32\0x0411.ini
c:\windows\inf\win32\0x0412.ini
c:\windows\inf\win32\0x0413.ini
c:\windows\inf\win32\0x0414.ini
c:\windows\inf\win32\0x0415.ini
c:\windows\inf\win32\0x0416.ini
c:\windows\inf\win32\0x0418.ini
c:\windows\inf\win32\0x0419.ini
c:\windows\inf\win32\0x041a.ini
c:\windows\inf\win32\0x041d.ini
c:\windows\inf\win32\0x041f.ini
c:\windows\inf\win32\0x0804.ini
c:\windows\inf\win32\0x0816.ini
c:\windows\inf\win32\1028.mst
c:\windows\inf\win32\1029.mst
c:\windows\inf\win32\1030.mst
c:\windows\inf\win32\1031.mst
c:\windows\inf\win32\1032.mst
c:\windows\inf\win32\1033.mst
c:\windows\inf\win32\1034.mst
c:\windows\inf\win32\1035.mst
c:\windows\inf\win32\1036.mst
c:\windows\inf\win32\1038.mst
c:\windows\inf\win32\1040.mst
c:\windows\inf\win32\1041.mst
c:\windows\inf\win32\1042.mst
c:\windows\inf\win32\1043.mst
c:\windows\inf\win32\1044.mst
c:\windows\inf\win32\1045.mst
c:\windows\inf\win32\1046.mst
c:\windows\inf\win32\1048.mst
c:\windows\inf\win32\1049.mst
c:\windows\inf\win32\1050.mst
c:\windows\inf\win32\1053.mst
c:\windows\inf\win32\1055.mst
c:\windows\inf\win32\2052.mst
c:\windows\inf\win32\2070.mst
c:\windows\inf\win32\BBalloon.dll
c:\windows\inf\win32\brcmVista\bcbthid32.cat
c:\windows\inf\win32\brcmVista\bcbthid32.inf
c:\windows\inf\win32\brcmVista\bcbtums-win7x86-brcm.cat
c:\windows\inf\win32\brcmVista\Bcbtums-Win7x86-brcm.inf
c:\windows\inf\win32\brcmVista\btusbflt.sys
c:\windows\inf\win32\brcmVista\DPInst.exe
c:\windows\inf\win32\brcmWin7\bcbthid32.cat
c:\windows\inf\win32\brcmWin7\bcbthid32.inf
c:\windows\inf\win32\brcmWin7\bcbtums-win7x86-brcm.cat
c:\windows\inf\win32\brcmWin7\Bcbtums-Win7x86-brcm.inf
c:\windows\inf\win32\brcmWin7\btusbflt.sys
c:\windows\inf\win32\brcmWin7\DPInst.exe
c:\windows\inf\win32\BtSetup.dll
c:\windows\inf\win32\BTW.msi
c:\windows\inf\win32\btw_ci.dll
c:\windows\inf\win32\btwaudio.cat
c:\windows\inf\win32\btwaudio.inf
c:\windows\inf\win32\btwaudio.sys
c:\windows\inf\win32\btwavdt.cat
c:\windows\inf\win32\btwavdt.inf
c:\windows\inf\win32\btwavdt.sys
c:\windows\inf\win32\btwl2cap.cat
c:\windows\inf\win32\btwl2cap.inf
c:\windows\inf\win32\BTWL2CAP.sys
c:\windows\inf\win32\BtwMM.exe
c:\windows\inf\win32\btwprofpack.dll
c:\windows\inf\win32\btwrchid.cat
c:\windows\inf\win32\btwrchid.inf
c:\windows\inf\win32\btwrchid.sys
c:\windows\inf\win32\BtwRSupport.dll
c:\windows\inf\win32\Data1.cab
c:\windows\inf\win32\Inst.exe
c:\windows\inf\win32\instmsia.exe
c:\windows\inf\win32\instmsiw.exe
c:\windows\inf\win32\Setup.exe
c:\windows\inf\win32\Setup.ini
c:\windows\inf\win32\svcpack\SvcPack.ini
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\AeLookupSvc.dll
c:\windows\system32\clipsrv.dll
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\rpsupdaterr.dll
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\vbpng1.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-17 do 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 21:00 . 2012-03-17 21:00 -------- d-----w- c:\windows\system32\SPReview
2012-03-17 20:59 . 2012-03-17 20:59 -------- d-----w- c:\windows\system32\EventProviders
2012-03-15 22:25 . 2012-03-15 22:25 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-14 23:40 . 2012-03-14 23:40 -------- d-----w- c:\users\Holadovi\AppData\Roaming\Malwarebytes
2012-03-14 23:39 . 2012-03-14 23:39 -------- d-----w- c:\programdata\Malwarebytes
2012-03-14 23:39 . 2012-03-14 23:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-14 23:39 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 23:13 . 2012-03-13 23:13 -------- d-----w- c:\program files\trend micro
2012-03-13 22:57 . 2012-03-13 22:57 -------- d-----w- c:\users\Holadovi\AppData\Local\PunkBuster
2012-03-12 11:18 . 2012-03-15 18:51 -------- d--h--w- c:\windows\update.tray-2-0
2012-03-12 11:18 . 2012-03-15 18:50 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2012-03-12 10:38 . 2012-03-12 10:38 -------- d-----w- c:\users\Holadovi\AppData\Roaming\VS Revo Group
2012-03-12 10:30 . 2012-03-12 10:30 -------- d-----w- c:\users\Holadovi\AppData\Local\VS Revo Group
2012-03-12 10:30 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-03-12 10:30 . 2012-03-12 10:30 -------- d-----w- c:\program files\VS Revo Group
2012-03-09 23:41 . 2012-03-16 06:10 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-03-02 10:06 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B37D2001-7DAA-4412-B07F-B0999FCB03C3}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 22:52 . 2011-08-21 12:29 1409 ----a-w- c:\windows\QTFont.for
2012-03-17 22:38 . 2011-11-12 22:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 21:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-17 21:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-13 22:57 . 2011-12-24 20:24 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-13 22:57 . 2011-12-24 20:24 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-05 77824]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Holadovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100409.001\IDSvia64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-03-31 92160]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570946610-1608995928-4223595886-1001Core.job
- c:\users\Holadovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 14:57]
.
2012-03-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570946610-1608995928-4223595886-1001UA.job
- c:\users\Holadovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 14:57]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 16:08]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 16:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"combofix"="c:\cokoliv.com\CF9036.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
pivot
ccproxy
iap
swmsflt
ctaud2k
TPECioCtl
sf
n3900
JRAID
backupexecjobengine
ATNT40K
pinger
jobserver_report
VCAM
atirage3
ikhfile
LCcfltr
spupdsvc
acrotray
aic78xx
oraclesnmppeermasteragent
MRESP50
usbsermpt
iaimfp2
agrsrvce
CdaC15BA
basic2
aic116x
pageserver
mcpromgr
backupclientsvc
upnp
cqcpu
w550mdm
datasvr
DLH5X
si3114r
agnfilt
smartscaps
ASDR
SE27mgmt
backupexecagentaccelerator
dirms_defragmentation
cebdaldr
gdrv
SimpTcp
dlpwd
se2Cnd5
twotrack
SQTECH9080
pmshellsrv
wusb54gv2svc
GTPTSER
flutilssvc
ptserial
dbmanagerscheduler
ASFWHide
LwUsbHid
rppkt
RushTopDevice
tomcatcws3
tunmp
npkcusb
SeratoUsb
digirefresh
splitter
rsvchost
vzupsvc
npkcrypt
Mvc25U870_VID_1262&PID_25FD
dac2w2k
iastor
PolarUSB
SE26mdm
dktknsrv
CTEDSPIO.DLL
SE27mdfl
audstub
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CZ&c=94&bd=crossfire&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 4.4.4.4 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-03-17 23:59:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-17 22:59
.
Před spuštěním: 208 376 406 016 bytes free
Po spuštění: 207 863 140 352 bytes free
.
- - End Of File - - 030A21440006BA86DB45B11040C2B0F8

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0-lnk
c:\program files (x86)\Google\GoogleToolbarNotifier
c:\program files (x86)\Google\Update
c:\users\Holadovi\AppData\Local\Facebook\Update

Collect::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570946610-1608995928-4223595886-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570946610-1608995928-4223595886-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate
gupdatem

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Hotovo - pro jistotu předkládám log pro potvrzení, že je již vše OK


ComboFix 12-03-15.03 - Holadovi 18.03.2012 13:24:16.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.3839.2459 [GMT 1:00]
Spuštěný z: c:\users\Holadovi\Desktop\cokoliv.com.exe
Použité ovládací přepínače :: c:\users\Holadovi\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\GoogleToolbarNotifier
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\gth.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\Readme.url
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.99\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.99\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.99\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.79\chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files (x86)\Google\Update\Download\{AF61C960-23A5-4A1F-B976-678CE78BF111}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.3.2710.138\GoogleToolbarInstaller_updater_signed.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\users\Holadovi\AppData\Local\Facebook\Update
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\Holadovi\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570946610-1608995928-4223595886-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570946610-1608995928-4223595886-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-18 do 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 14:45 . 2012-03-18 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-17 21:00 . 2012-03-17 21:00 -------- d-----w- c:\windows\system32\SPReview
2012-03-17 20:59 . 2012-03-17 20:59 -------- d-----w- c:\windows\system32\EventProviders
2012-03-15 22:25 . 2012-03-15 22:25 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-14 23:40 . 2012-03-14 23:40 -------- d-----w- c:\users\Holadovi\AppData\Roaming\Malwarebytes
2012-03-14 23:39 . 2012-03-14 23:39 -------- d-----w- c:\programdata\Malwarebytes
2012-03-14 23:39 . 2012-03-14 23:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-14 23:39 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 23:13 . 2012-03-13 23:13 -------- d-----w- c:\program files\trend micro
2012-03-13 22:57 . 2012-03-13 22:57 -------- d-----w- c:\users\Holadovi\AppData\Local\PunkBuster
2012-03-12 10:38 . 2012-03-12 10:38 -------- d-----w- c:\users\Holadovi\AppData\Roaming\VS Revo Group
2012-03-12 10:30 . 2012-03-12 10:30 -------- d-----w- c:\users\Holadovi\AppData\Local\VS Revo Group
2012-03-12 10:30 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-03-12 10:30 . 2012-03-12 10:30 -------- d-----w- c:\program files\VS Revo Group
2012-03-09 23:41 . 2012-03-16 06:10 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-03-02 10:06 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B37D2001-7DAA-4412-B07F-B0999FCB03C3}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 14:45 . 2011-08-21 12:29 1409 ----a-w- c:\windows\QTFont.for
2012-03-17 22:38 . 2011-11-12 22:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 21:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-17 21:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-13 22:57 . 2011-12-24 20:24 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-13 22:57 . 2011-12-24 20:24 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_22.54.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-25 11:13 . 2012-03-18 12:02 62094 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-18 14:49 48072 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-13 17:33 . 2012-03-18 14:49 20554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-570946610-1608995928-4223595886-1001_UserData.bin
- 2010-02-13 17:45 . 2012-03-17 22:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-13 17:45 . 2012-03-18 11:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-13 17:45 . 2012-03-18 11:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-13 17:45 . 2012-03-17 22:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-13 17:45 . 2012-03-18 11:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-13 17:45 . 2012-03-17 22:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-13 17:07 . 2012-03-17 22:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-13 17:07 . 2012-03-18 14:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-13 17:07 . 2012-03-17 22:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-13 17:07 . 2012-03-18 14:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-25 11:06 . 2012-03-17 22:52 2672 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-11-25 11:06 . 2012-03-18 14:46 2672 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-03-17 22:53 . 2012-03-17 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-18 14:47 . 2012-03-18 14:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-18 14:47 . 2012-03-18 14:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-17 22:53 . 2012-03-17 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-17 22:37 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-18 11:33 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-18 11:33 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-17 22:37 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-03-18 14:04 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-07-01 01:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-13 16:59 . 2012-03-18 14:04 458752 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-13 16:59 . 2012-03-17 22:36 458752 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-18 14:04 868352 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-17 22:36 868352 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-03-17 22:52 314424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-18 14:46 314424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-02-13 16:59 . 2012-03-17 22:36 3489792 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-13 16:59 . 2012-03-18 14:04 3489792 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-15 02:20 . 2012-03-18 14:46 5795536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-05 77824]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Holadovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100409.001\IDSvia64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-03-31 92160]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [BU]
"combofix"="c:\cokoliv.com\CF4484.3XE" [2010-11-20 345088]
.
NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
pivot
ccproxy
iap
swmsflt
ctaud2k
TPECioCtl
sf
n3900
JRAID
backupexecjobengine
ATNT40K
pinger
jobserver_report
VCAM
atirage3
ikhfile
LCcfltr
spupdsvc
acrotray
aic78xx
oraclesnmppeermasteragent
MRESP50
usbsermpt
iaimfp2
agrsrvce
CdaC15BA
basic2
aic116x
pageserver
mcpromgr
backupclientsvc
upnp
cqcpu
w550mdm
datasvr
DLH5X
si3114r
agnfilt
smartscaps
ASDR
SE27mgmt
backupexecagentaccelerator
dirms_defragmentation
cebdaldr
gdrv
SimpTcp
dlpwd
se2Cnd5
twotrack
SQTECH9080
pmshellsrv
wusb54gv2svc
GTPTSER
flutilssvc
ptserial
dbmanagerscheduler
ASFWHide
LwUsbHid
rppkt
RushTopDevice
tomcatcws3
tunmp
npkcusb
SeratoUsb
digirefresh
splitter
rsvchost
vzupsvc
npkcrypt
Mvc25U870_VID_1262&PID_25FD
dac2w2k
iastor
PolarUSB
SE26mdm
dktknsrv
CTEDSPIO.DLL
SE27mdfl
audstub
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CZ&c=94&bd=crossfire&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 4.4.4.4 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-03-18 15:52:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-18 14:52
ComboFix2.txt 2012-03-17 22:59
.
Před spuštěním: 207 429 935 104 bytes free
Po spuštění: 206 437 642 240 bytes free
.
- - End Of File - - B901ED0CB71413DDBB3D26E01E5707BC
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý.

Velmi děkuji za Váš čas i pomoc! Šíleně jste mi pomohl.

Přeju pěkný zbytek víkendu a co nejméně virů do budoucna, J.L.