VIRY.CZ

Dobrý den, chtěl bych požádat o pomoc. Najednou mi začal neustále vypadávat internet, ale pokud přes kabel propojim notebook tak skvěle funguje, takže problém je asi v počítači. PC jsem projem Norton Internet Security /nalezen 1trojan a cookies/ a použil jsem defragmentaci disku a opravu registrů. Bohužel nic nepomohlo Neví někdo co bych měl zkusit ?
Předem mooc děkuju

Zdravim

Pro zacatek sem dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 a mrkneme na to

vyběhl mi log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2012-05-08 16:45:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 60 GB (25%) free of 238 GB
Total RAM: 2047 MB (17% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\uowl8kr9.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://isearch.glarysoft.com/?src=ffhome"

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
"{ea614400-e918-4741-9a97-7a972ff7c30b}"=C:\Program Files\Seznam.cz\firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
glarysearch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\uowl8kr9.default\extensions\
{056d0610-e44d-11df-bccf-0800200c9a66}

C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\uowl8kr9.default\searchplugins\
s-amazon-bymp-int.xml
wot-safe-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll [2012-04-19 502200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL [2012-03-29 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2012-04-09 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2011-09-27 2080800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13 1307928]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll [2012-04-19 502200]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2012-04-09 2403392]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2011-09-27 188960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-03-27 421736]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-29 17148552]
"MobileDocuments"=C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-08 16:45:21 ----D---- C:\Program Files\trend micro
2012-05-08 16:45:18 ----D---- C:\rsit
2012-05-08 14:36:34 ----D---- C:\Users\Tomáš\AppData\Roaming\FastStone
2012-05-07 19:56:05 ----D---- C:\Program Files\Glarysoft
2012-05-07 19:23:58 ----D---- C:\Program Files\RegCleaner
2012-05-07 17:07:09 ----A---- C:\Windows\system32\rdpwsx.dll
2012-05-07 17:07:09 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-05-07 16:35:58 ----D---- C:\Windows\system32\SPReview
2012-05-07 16:35:19 ----D---- C:\Windows\system32\EventProviders
2012-05-07 16:32:08 ----A---- C:\Windows\system32\MRT.exe
2012-04-30 20:50:18 ----D---- C:\ProgramData\ATI
2012-04-30 20:49:42 ----D---- C:\Program Files\AMD AVT
2012-04-30 20:49:28 ----D---- C:\Program Files\AMD APP
2012-04-27 22:12:56 ----D---- C:\Program Files\Seznam.cz
2012-04-27 22:08:43 ----D---- C:\Program Files\MusicJet
2012-04-27 22:08:34 ----HDC---- C:\ProgramData\{C2CB35B2-EB02-4E24-A9B7-4119FA0645A9}
2012-04-22 13:14:47 ----D---- C:\Program Files\VirtualDJ
2012-04-17 22:13:56 ----D---- C:\Users\Tomáš\AppData\Roaming\PhotoScape
2012-04-17 22:13:52 ----A---- C:\Users\Tomáš\AppData\Roaming\FotoSketcher.ini
2012-04-17 22:13:11 ----D---- C:\Program Files\PhotoScape
2012-04-17 22:12:51 ----D---- C:\Program Files\FotoSketcher
2012-04-17 22:12:20 ----D---- C:\Program Files\PicPick
2012-04-15 11:16:09 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-15 11:16:08 ----A---- C:\Windows\system32\jscript9.dll
2012-04-15 11:16:08 ----A---- C:\Windows\system32\jscript.dll
2012-04-15 11:16:08 ----A---- C:\Windows\system32\iertutil.dll
2012-04-15 11:16:07 ----A---- C:\Windows\system32\wininet.dll
2012-04-15 11:16:07 ----A---- C:\Windows\system32\url.dll
2012-04-15 11:16:07 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-15 11:16:07 ----A---- C:\Windows\system32\ieui.dll
2012-04-15 11:16:06 ----A---- C:\Windows\system32\urlmon.dll
2012-04-15 11:16:04 ----A---- C:\Windows\system32\ieframe.dll
2012-04-15 11:16:02 ----A---- C:\Windows\system32\mshtml.dll
2012-04-15 11:15:15 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-15 11:15:14 ----A---- C:\Windows\system32\wmi.dll
2012-04-15 11:15:13 ----A---- C:\Windows\system32\wintrust.dll
2012-04-15 11:15:13 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-15 11:09:42 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-15 11:09:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-15 09:29:28 ----D---- C:\Users\Tomáš\AppData\Roaming\GlarySoft
2012-04-15 09:29:27 ----D---- C:\Program Files\Absolute Uninstaller
2012-04-13 20:03:10 ----A---- C:\Windows\system32\FlashPlayerInstaller.exe
2012-04-09 19:00:50 ----D---- C:\Windows\system32\Macromed
2012-04-09 19:00:50 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-04-09 18:45:55 ----D---- C:\Users\Tomáš\AppData\Roaming\Mozilla
2012-04-09 18:45:35 ----D---- C:\Program Files\Mozilla Firefox
2012-04-09 14:28:00 ----D---- C:\Users\Tomáš\AppData\Roaming\XnView
2012-04-09 14:12:46 ----D---- C:\Program Files\XnView
2012-04-09 14:08:08 ----D---- C:\Program Files\FastStone Image Viewer
2012-04-09 13:50:01 ----ASH---- C:\Windows\system32\KGyGaAvL.sys
2012-04-09 13:40:40 ----D---- C:\Program Files\Corel
2012-04-09 13:38:00 ----D---- C:\Users\Tomáš\AppData\Roaming\gtk-2.0
2012-04-09 13:18:31 ----D---- C:\Program Files\GIMP-2.0
2012-04-09 13:12:20 ----D---- C:\ProgramData\Google
2012-04-09 13:11:41 ----D---- C:\Program Files\Google
2012-04-09 13:11:22 ----D---- C:\Users\Tomáš\AppData\Roaming\IrfanView
2012-04-09 13:11:21 ----D---- C:\Program Files\IrfanView

======List of files/folders modified in the last 1 month======

2012-05-08 16:45:22 ----D---- C:\Windows\Prefetch
2012-05-08 16:45:21 ----RD---- C:\Program Files
2012-05-08 16:45:19 ----D---- C:\Windows\Temp
2012-05-08 14:19:51 ----D---- C:\Windows\system32\config
2012-05-08 14:07:10 ----SHD---- C:\System Volume Information
2012-05-08 14:05:25 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2012-05-08 12:50:17 ----D---- C:\Windows\system32\catroot
2012-05-08 12:50:16 ----D---- C:\Windows\system32\catroot2
2012-05-08 12:50:13 ----D---- C:\Windows\winsxs
2012-05-08 12:47:58 ----D---- C:\Windows\System32
2012-05-08 12:47:58 ----D---- C:\Windows\inf
2012-05-08 12:47:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-08 09:38:12 ----D---- C:\Windows\rescache
2012-05-07 22:05:09 ----D---- C:\Users\Tomáš\AppData\Roaming\Apple Computer
2012-05-07 17:37:08 ----D---- C:\Windows\Microsoft.NET
2012-05-07 17:29:41 ----RSD---- C:\Windows\assembly
2012-05-07 16:58:49 ----SHD---- C:\Boot
2012-05-07 16:57:58 ----D---- C:\Windows
2012-05-07 16:55:33 ----D---- C:\Windows\system32\DriverStore
2012-05-07 16:51:57 ----D---- C:\Program Files\Windows Sidebar
2012-05-07 16:51:57 ----D---- C:\Program Files\Windows Portable Devices
2012-05-07 16:51:57 ----D---- C:\Program Files\Windows Media Player
2012-05-07 16:51:57 ----D---- C:\Program Files\Windows Mail
2012-05-07 16:51:57 ----D---- C:\Program Files\Internet Explorer
2012-05-07 16:51:57 ----D---- C:\Program Files\DVD Maker
2012-05-07 16:51:56 ----D---- C:\Program Files\Windows Photo Viewer
2012-05-07 16:51:56 ----D---- C:\Program Files\Windows Journal
2012-05-07 16:51:55 ----D---- C:\Program Files\Common Files\System
2012-05-07 16:51:52 ----D---- C:\Windows\servicing
2012-05-07 16:51:52 ----D---- C:\Windows\ehome
2012-05-07 16:51:52 ----D---- C:\Program Files\Windows Defender
2012-05-07 16:51:43 ----D---- C:\Windows\system32\da-DK
2012-05-07 16:51:42 ----D---- C:\Windows\system32\sysprep
2012-05-07 16:51:42 ----D---- C:\Windows\system32\oobe
2012-05-07 16:51:42 ----D---- C:\Windows\system32\migration
2012-05-07 16:51:42 ----D---- C:\Windows\system32\en-US
2012-05-07 16:51:41 ----D---- C:\Windows\system32\Setup
2012-05-07 16:51:41 ----D---- C:\Windows\system32\cs
2012-05-07 16:51:41 ----D---- C:\Windows\system32\AdvancedInstallers
2012-05-07 16:51:40 ----D---- C:\Windows\system32\cs-CZ
2012-05-07 16:51:38 ----D---- C:\Windows\system32\sppui
2012-05-07 16:51:38 ----D---- C:\Windows\system32\manifeststore
2012-05-07 16:51:38 ----D---- C:\Windows\system32\es-ES
2012-05-07 16:51:37 ----D---- C:\Windows\system32\wbem
2012-05-07 16:51:37 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-05-07 16:51:37 ----D---- C:\Windows\system32\drivers
2012-05-07 16:51:36 ----D---- C:\Windows\system32\migwiz
2012-05-07 16:51:36 ----D---- C:\Windows\system32\Dism
2012-05-07 16:51:02 ----RSD---- C:\Windows\Fonts
2012-05-07 16:51:02 ----D---- C:\Windows\AppPatch
2012-05-07 16:50:50 ----D---- C:\Windows\system32\Boot
2012-05-07 16:43:44 ----A---- C:\Windows\system32\msclmd.dll
2012-05-07 16:32:18 ----D---- C:\Windows\debug
2012-05-05 03:06:16 ----SHD---- C:\Windows\Installer
2012-05-05 03:06:16 ----SHD---- C:\Config.Msi
2012-04-30 20:50:18 ----HD---- C:\ProgramData
2012-04-30 20:49:43 ----D---- C:\ProgramData\AMD
2012-04-30 20:48:55 ----D---- C:\Program Files\ATI Technologies
2012-04-30 20:46:33 ----SHD---- C:\$Recycle.Bin
2012-04-30 20:15:17 ----D---- C:\Windows\system32\Tasks
2012-04-30 20:09:58 ----D---- C:\Windows\system32\drivers\NIS
2012-04-24 15:07:36 ----D---- C:\Windows\system32\wdi
2012-04-22 16:18:36 ----D---- C:\Windows\Tasks
2012-04-22 16:11:39 ----D---- C:\Program Files\NCSoft
2012-04-22 16:11:37 ----HD---- C:\Program Files\InstallShield Installation Information
2012-04-15 11:18:09 ----D---- C:\ProgramData\Microsoft Help
2012-04-13 21:05:01 ----D---- C:\ProgramData\PMB Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1307000.009\SYMDS.SYS [2011-07-26 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS [2012-03-29 905336]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [2012-04-03 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NIS\1307000.009\ccSetx86.sys [2011-11-30 132744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-03-29 374392]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120507.001\IDSvix86.sys [2012-04-28 368248]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1307000.009\SRTSPX.SYS [2012-03-29 32888]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1307000.009\Ironx86.SYS [2012-03-29 149624]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NIS\1307000.009\SYMNETS.SYS [2012-03-29 318584]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 9334784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 275968]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-18 106104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120507.038\NAVENG.SYS [2012-03-29 86136]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120507.038\NAVEX15.SYS [2012-03-29 1576312]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1307000.009\SRTSP.SYS [2012-03-29 574072]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-03-24 141944]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2012-02-16 80824]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-02-16 181432]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-02-15 43520]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 217600]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 291840]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-28 138232]
R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 240408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 821608]
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-04-09 138168]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-18 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem files) Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Mě se stal problém, že jsem místo ok nechtěně kliknul na křížek , tak jsem to opakoval,
(pokud jsem to udělal špatně tak se moc omlouvám )
posílám log z toho druhého procesu:

All processes killed
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
File/Folder C:\Windows\tasks\Adobe Flash Player Updater.job not found.
File/Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AMD AVT not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype not found.
========== SERVICES/DRIVERS ==========
Error: No service named AdobeARMservice was found to stop!
Service\Driver key AdobeARMservice not found.
Error: No service named BBUpdate was found to stop!
Service\Driver key BBUpdate not found.
Error: No service named BBSvc was found to stop!
Service\Driver key BBSvc not found.
Error: No service named SkypeUpdate was found to stop!
Service\Driver key SkypeUpdate not found.
Error: No service named AdobeFlashPlayerUpdateSvc was found to stop!
Service\Driver key AdobeFlashPlayerUpdateSvc not found.
Error: No service named gusvc was found to stop!
Service\Driver key gusvc not found.
Error: No service named McComponentHostService was found to stop!
Service\Driver key McComponentHostService not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tomáš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6932943 bytes
->Flash cache emptied: 343 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tomáš
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 05082012_175323

OTM pise, ze nic z toho nemuze najit. Takze predpokladam, ze to smaznul uz napoprve

Nastala nejaka zmena?

Bohužel nestala, vše jde stejně pomalu a přerušovaně

Mrkneme hloubeji.

Nejdrive
Udelejte uplnou kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a pokud neco najde, dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Potom

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Takže projel jsem pc MBAM a našel:
/ehm nevím jak z toho dát výsledky/
Backdoor.hupi...
PUP.ToolbarDo...

jinak to druhý jsem zatím neprovedl...

V MBAM je zalozka Protokoly, tam budou vysledky.

Potrebuju totiz vedet, kde ty viry nasel, umisteni a nazvy souboru.

Tady to je:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.04.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tomáš :: TOMÁŠ-PC [administrátor]

Ochrana: Povolena

8.5.2012 19:03:54
mbam-log-2012-05-09 (13-53-13).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 451202
Uplynulý čas: 2 hodin, 10 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Windows.old\Users\Tomáš\AppData\Local\Temp\Rar$DR95.792\VirtualMT2\VirtualMT2 (bez patchera).exe (Backdoor.Hupigon) -> Žádná instrukce nebyla provedena.
C:\Windows.old\Users\Tomáš\Desktop\VirtualMT2\VirtualMT2 (bez patchera).exe (Backdoor.Hupigon) -> Žádná instrukce nebyla provedena.
C:\Windows.old\Users\Tomáš\Downloads\SoftonicDownloader_for_mac-os-x-lion-skin-pack.exe (PUP.ToolbarDownloader) -> Žádná instrukce nebyla provedena.
C:\Windows.old\Users\Tomáš\Downloads\SoftonicDownloader_for_sony-vegas-video.exe (PUP.ToolbarDownloader) -> Žádná instrukce nebyla provedena.

(konec)

Jinak to OTL jsem zkoušel a ono se to nějak zastaví a nevygeneruje ty dva soubory tak nevím co je špatně

Nalezy MBAM nechte odstranit

Zkuste spustit OTL podle stejneho navodu jeste jednou, akorat s timto upravenym skriptem

Bohužel se mi stalo to samý hlásí to: proces timed out

Zkuste to v nouzovem rezimu s tim upravenym skriptem (restartujte pc, mackejte klavesu F8 - pripadne jinou, zalezi na typu stroje a zvolte moznost nouzovy rezim, pripadne tady jiny postup http://forum.viry.cz/viewtopic.php?f=46&t=7554 )

Zkoušel jsem to i v nouzovém režimu a taky to nešlo