Prosím o pomoc s Rootkitem Vyřešeno

[standacich]

2012/10/09 19:40:43.0837 2908 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2012/10/09 19:40:43.0891 2908 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2012/10/09 19:40:43.0937 2908 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2012/10/09 19:40:43.0976 2908 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2012/10/09 19:40:44.0033 2908 NVHDA (1f07b814c0bb5aaba703abff1f31f2e8) C:\Windows\system32\drivers\nvhda64v.sys
2012/10/09 19:40:44.0263 2908 nvlddmkm (bf7a24a71e1932200d864bc1ce15e596) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2012/10/09 19:40:44.0363 2908 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
2012/10/09 19:40:44.0402 2908 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2012/10/09 19:40:44.0431 2908 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\DRIVERS\nvstor.sys
2012/10/09 19:40:44.0460 2908 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\drivers\nvstor64.sys
2012/10/09 19:40:44.0512 2908 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2012/10/09 19:40:44.0545 2908 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2012/10/09 19:40:44.0608 2908 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2012/10/09 19:40:44.0645 2908 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
2012/10/09 19:40:44.0703 2908 pccsmcfd (3fde033dfb0d07f8b7d5c9a3044aa121) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2012/10/09 19:40:44.0737 2908 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2012/10/09 19:40:44.0762 2908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2012/10/09 19:40:44.0803 2908 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2012/10/09 19:40:44.0826 2908 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2012/10/09 19:40:44.0846 2908 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2012/10/09 19:40:44.0977 2908 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2012/10/09 19:40:45.0004 2908 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2012/10/09 19:40:45.0052 2908 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2012/10/09 19:40:45.0096 2908 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2012/10/09 19:40:45.0142 2908 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2012/10/09 19:40:45.0170 2908 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2012/10/09 19:40:45.0190 2908 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2012/10/09 19:40:45.0220 2908 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2012/10/09 19:40:45.0247 2908 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2012/10/09 19:40:45.0271 2908 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2012/10/09 19:40:45.0296 2908 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2012/10/09 19:40:45.0314 2908 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2012/10/09 19:40:45.0340 2908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2012/10/09 19:40:45.0365 2908 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2012/10/09 19:40:45.0385 2908 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2012/10/09 19:40:45.0413 2908 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2012/10/09 19:40:45.0459 2908 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
2012/10/09 19:40:45.0477 2908 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2012/10/09 19:40:45.0524 2908 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
2012/10/09 19:40:45.0576 2908 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2012/10/09 19:40:45.0607 2908 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2012/10/09 19:40:45.0667 2908 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2012/10/09 19:40:45.0695 2908 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2012/10/09 19:40:45.0729 2908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2012/10/09 19:40:45.0768 2908 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2012/10/09 19:40:45.0801 2908 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2012/10/09 19:40:45.0824 2908 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2012/10/09 19:40:45.0878 2908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2012/10/09 19:40:45.0894 2908 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2012/10/09 19:40:45.0910 2908 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2012/10/09 19:40:45.0928 2908 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2012/10/09 19:40:45.0957 2908 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2012/10/09 19:40:45.0982 2908 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2012/10/09 19:40:46.0019 2908 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2012/10/09 19:40:46.0057 2908 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2012/10/09 19:40:46.0108 2908 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
2012/10/09 19:40:46.0108 2908 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
2012/10/09 19:40:46.0113 2908 sptd - detected Locked file (1)
2012/10/09 19:40:46.0150 2908 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2012/10/09 19:40:46.0177 2908 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2012/10/09 19:40:46.0201 2908 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2012/10/09 19:40:46.0242 2908 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2012/10/09 19:40:46.0276 2908 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2012/10/09 19:40:46.0390 2908 Tcpip (f782cad3cedbb3f9ffe3bf2775d92ddc) C:\Windows\system32\drivers\tcpip.sys
2012/10/09 19:40:46.0503 2908 TCPIP6 (f782cad3cedbb3f9ffe3bf2775d92ddc) C:\Windows\system32\DRIVERS\tcpip.sys
2012/10/09 19:40:46.0538 2908 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2012/10/09 19:40:46.0566 2908 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2012/10/09 19:40:46.0605 2908 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
2012/10/09 19:40:46.0634 2908 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2012/10/09 19:40:46.0656 2908 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2012/10/09 19:40:46.0705 2908 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2012/10/09 19:40:46.0726 2908 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2012/10/09 19:40:46.0755 2908 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\DRIVERS\TsUsbGD.sys
2012/10/09 19:40:46.0779 2908 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2012/10/09 19:40:46.0805 2908 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2012/10/09 19:40:46.0837 2908 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2012/10/09 19:40:46.0882 2908 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2012/10/09 19:40:46.0904 2908 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2012/10/09 19:40:46.0926 2908 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2012/10/09 19:40:46.0986 2908 upperdev (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2012/10/09 19:40:47.0024 2908 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2012/10/09 19:40:47.0053 2908 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2012/10/09 19:40:47.0073 2908 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2012/10/09 19:40:47.0102 2908 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2012/10/09 19:40:47.0124 2908 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2012/10/09 19:40:47.0153 2908 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2012/10/09 19:40:47.0200 2908 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2012/10/09 19:40:47.0250 2908 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
2012/10/09 19:40:47.0266 2908 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2012/10/09 19:40:47.0290 2908 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2012/10/09 19:40:47.0324 2908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2012/10/09 19:40:47.0351 2908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2012/10/09 19:40:47.0373 2908 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2012/10/09 19:40:47.0401 2908 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2012/10/09 19:40:47.0425 2908 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2012/10/09 19:40:47.0480 2908 Video3D (fc7eb58f50967eb910eb4aa2e1dae263) C:\Windows\system32\Drivers\Video3D64.sys
2012/10/09 19:40:47.0507 2908 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2012/10/09 19:40:47.0536 2908 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2012/10/09 19:40:47.0556 2908 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2012/10/09 19:40:47.0582 2908 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2012/10/09 19:40:47.0612 2908 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2012/10/09 19:40:47.0646 2908 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2012/10/09 19:40:47.0682 2908 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2012/10/09 19:40:47.0715 2908 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2012/10/09 19:40:47.0741 2908 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2012/10/09 19:40:47.0753 2908 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2012/10/09 19:40:47.0801 2908 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2012/10/09 19:40:47.0823 2908 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2012/10/09 19:40:47.0877 2908 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2012/10/09 19:40:47.0898 2908 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2012/10/09 19:40:47.0969 2908 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2012/10/09 19:40:48.0012 2908 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2012/10/09 19:40:48.0051 2908 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2012/10/09 19:40:48.0076 2908 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2012/10/09 19:40:48.0240 2908 ================================================================================
2012/10/09 19:40:48.0240 2908 Scan finished
2012/10/09 19:40:48.0240 2908 ================================================================================
2012/10/09 19:40:48.0252 4324 Detected object count: 1
2012/10/09 19:40:58.0049 4324 Locked file(sptd) - User select action: Skip
2012/10/09 19:41:10.0194 4884 Deinitialize success

[Reklama]

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Collect::
c:\users\standa\AppData\Roaming\avgnamsmufpnmtlqopn.exe
c:\users\standa\AppData\Roaming\krgojyumulcksaaifht.exe
c:\users\standa\AppData\Roaming\Microsoft\Windows\Templates\spsreng.exe
c:\users\standa\AppData\Roaming\poclbm120327GeForce GT 430gv1w256l4.bin
c:\users\standa\AppData\Roaming\poclbm120327GeForce GT 430gv1w256l4.bin
c:\users\standa\AppData\Roaming\stplpfhevfcucfammws.exe
c:\windows\system32\drivers\onapxgez.sys

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Google\Update
c:\program files (x86)\Skype\Updater

Driver::
onapxgez
gupdate
SkypeUpdate
gupdatem

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stplpfhevfcucfammws"=-
"krgojyumulcksaaifht"=-
"Activex Application Updater"=-
"avgnamsmufpnmtlqopn"=-

DDS::
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... =203256994
mSearchAssistant = hxxp://start.facemoods.com/?a=wbsttst2&s={searchTerms}&f=4

Firefox::
FF - ProfilePath - c:\users\standa\AppData\Roaming\Mozilla\Firefox\Profiles\s4cae0wr.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 86ce24e0000000000000f80f411981d7
FF - user.js: extensions.BabylonToolbar_i.hardId - 86ce24e0000000000000f80f411981d7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15385
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.177:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=wbst
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=wbst
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=wbst&q=
FF - user.js: extensions.funmoods_i.instlDay - 15407
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.20:04
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - wbst
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[standacich]

tak jsem to vše udělal a tady jsou ty logy

ComboFix 12-10-09.01 - standa 10.10.2012 14:45:49.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.3.1250.420.1029.18.4095.2765 [GMT 2:00]
Spuštěný z: c:\users\standa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\standa\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.123\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.123\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.123\psuser.dll
c:\program files (x86)\Google\Update\Download\{0C7B8751-9BA0-4864-BABD-90B9C1B7426F}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\users\standa\AppData\Roaming\avgnamsmufpnmtlqopn.exe
c:\users\standa\AppData\Roaming\krgojyumulcksaaifht.exe
c:\users\standa\AppData\Roaming\Microsoft\Windows\Templates\spsreng.exe
c:\users\standa\AppData\Roaming\poclbm120327GeForce GT 430gv1w256l4.bin
c:\users\standa\AppData\Roaming\stplpfhevfcucfammws.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_onapxgez
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-10 do 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 13:24 . 2012-10-10 13:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-10 13:24 . 2012-10-10 13:24 -------- d-----w- c:\users\Deti\AppData\Local\temp
2012-10-09 17:28 . 2012-10-09 17:28 388096 ----a-r- c:\users\standa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-09 17:28 . 2012-10-09 17:28 -------- d-----w- c:\program files (x86)\Trend Micro
2012-10-08 17:14 . 2012-10-08 17:14 -------- d-----w- c:\windows\SysWow64\Adobe
2012-10-08 11:54 . 2012-10-08 11:54 -------- d-----w- c:\program files\ESET
2012-10-08 09:40 . 2012-10-08 09:40 -------- d-----w- c:\users\standa\AppData\Roaming\Malwarebytes
2012-10-08 09:39 . 2012-10-08 09:39 -------- d-----w- c:\programdata\Malwarebytes
2012-10-08 09:39 . 2012-10-08 14:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-08 09:39 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 15:26 . 2012-10-06 16:00 -------- d-----w- c:\program files (x86)\FIFA 13
2012-10-05 08:56 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{199BF7EE-956B-4F1A-834E-8D00ABF328B5}\mpengine.dll
2012-09-30 14:12 . 2012-09-30 14:42 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-09-28 09:17 . 2012-09-28 09:17 -------- d-----w- c:\program files (x86)\Sega
2012-09-25 19:03 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 21:39 . 2012-08-24 10:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-13 18:48 . 2012-09-15 20:40 -------- d-----w- C:\temp
2012-09-12 11:41 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 11:41 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 11:41 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 11:41 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 11:41 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 11:41 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 11:41 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 17:10 . 2012-03-31 06:10 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 17:10 . 2011-07-13 10:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 13:07 . 2012-09-09 09:52 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-09-13 13:07 . 2012-09-09 09:52 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-09-12 20:44 . 2011-12-13 21:28 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-04 20:49 . 2012-09-04 20:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 20:49 . 2012-05-13 21:12 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-04 20:49 . 2012-02-11 14:20 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 19:14 . 2012-03-25 08:39 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-03-25 08:39 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2010-08-09 05:05 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 16:18 . 2010-08-08 22:12 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2010-08-08 22:12 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2010-08-08 22:12 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2010-08-08 22:12 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-03-25 08:40 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2010-08-08 22:12 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2010-08-08 22:12 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-21 09:12 . 2012-07-07 19:46 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-29 13:27 . 2011-12-17 12:51 189248 ------w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-18 18:15 . 2012-08-15 09:10 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2010-11-21 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-13 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-13 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-13 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-08 974944]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-17 283200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"TNod UP"="c:\users\standa\Downloads\Eset Smart Securiry 5 a Eset Nod 32 Antivirus 5 - pouze 64bit + licence čisté bez virů\TNODUP Generátor jména a hesla\TNODUP.exe" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 4030008]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=wbsttst2&s={searchTerms}&f=4
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9C12250E-AAB3-4871-B8F1-268F4A73B13C}: NameServer = 212.96.161.6,212.96.160.7
TCP: Interfaces\{A549F560-B2DC-4477-8201-DC7D3934645A}: NameServer = 212.96.161.6,212.96.160.7
FF - ProfilePath - c:\users\standa\AppData\Roaming\Mozilla\Firefox\Profiles\s4cae0wr.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.id - 86ce24e0000000000000f80f411981d7
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-AC Revelations_is1 - c:\program files (x86)\AC Revelations\unins000.exe
AddRemove-All rights reserved_is1 - c:\program files (x86)\Common Files\Temp\6.1\unins000.exe
AddRemove-Call of Duty: Black Ops_is1 - c:\program files (x86)\Activision\Call of Duty - Black Ops\unins000.exe
AddRemove-FIFA 12 (c) EA_is1 - c:\program files (x86)\FIFA 12\unins000.exe
AddRemove-HUD PANEL - c:\users\standa\Documents\18 WoS Pedal to the Metal\Uninstal.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-WTA-4e66db9b-c96a-4ba7-98b4-bd9061a1726b - c:\program files (x86)\WildGames\18 Wheels of Steel Extreme Trucker 2\uninstall\uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-834648176-2438481772-1138511732-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-834648176-2438481772-1138511732-1000\Software\SecuROM\License information*]
"datasecu"=hex:16,94,6d,75,89,13,02,b9,be,b9,8b,eb,53,25,85,51,9b,b3,c0,21,d7,
c5,40,94,44,e2,92,07,3d,a0,45,29,34,ad,2f,74,d7,81,b0,a0,f0,51,e6,e2,20,a1,\
"rkeysecu"=hex:c3,31,56,8c,2b,f8,46,2c,38,46,34,13,af,a3,1e,9a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Celkový čas: 2012-10-10 15:39:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-10 13:39
ComboFix2.txt 2012-10-09 18:10
.
Před spuštěním: Volných bajtů: 85 057 593 344
Po spuštění: Volných bajtů: 84 518 199 296
.
- - End Of File - - 8B1F6C0CF1808369036437783B209AE4
Nahr nˇ probŘhlo ŁspŘçnŘ

[standacich]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:40, on 10.10.2012
Platform: Windows 7 SP3 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=wbsttst2&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C12250E-AAB3-4871-B8F1-268F4A73B13C}: NameServer = 212.96.161.6,212.96.160.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{A549F560-B2DC-4477-8201-DC7D3934645A}: NameServer = 212.96.161.6,212.96.160.7
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\Windows\ATKKBService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11996 bytes

[standacich]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 16:44:30
-----------------------------
16:44:30.993 OS Version: Windows x64 6.1.7601 Service Pack 3
16:44:30.993 Number of processors: 2 586 0x603
16:44:30.994 ComputerName: STANDA-PC UserName: standa
16:44:34.334 Initialize success
16:44:39.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
16:44:39.756 Disk 0 Vendor: ST310005 JC45 Size: 953869MB BusType: 3
16:44:39.774 Disk 0 MBR read successfully
16:44:39.777 Disk 0 MBR scan
16:44:39.780 Disk 0 Windows 7 default MBR code
16:44:39.789 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048
16:44:39.801 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
16:44:39.814 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 467918 MB offset 35858432
16:44:39.838 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 468441 MB offset 994154496
16:44:39.857 Disk 0 scanning C:\Windows\system32\drivers
16:44:45.924 Service scanning
16:44:54.111 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:44:56.571 Modules scanning
16:44:56.597 Disk 0 trace - called modules:
16:44:56.614 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003cfe2c0]<<sptd.sys storport.sys hal.dll nvstor.sys
16:44:56.621 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f51060]
16:44:56.632 3 CLASSPNP.SYS[fffff88001b8343f] -> nt!IofCallDriver -> [0xfffffa8003dec520]
16:44:56.642 5 ACPI.sys[fffff880011a17a1] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8003dec740]
16:44:56.651 \Driver\nvstor[0xfffffa8003de3e70] -> IRP_MJ_CREATE -> 0xfffffa8003cfe2c0
16:44:56.662 Scan finished successfully
16:45:14.036 Disk 0 MBR has been saved successfully to "C:\Users\standa\Desktop\MBR.dat"
16:45:14.042 The log file has been saved successfully to "C:\Users\standa\Desktop\aswMBR.txt"

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=wbsttst2&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
DDS::
mSearchAssistant = hxxp://start.facemoods.com/?a=wbsttst2&s={searchTerms}&f=4

Firefox::
FF - ProfilePath - c:\users\standa\AppData\Roaming\Mozilla\Firefox\Profiles\s4cae0wr.default\
FF - user.js: extensions.funmoods_i.id - 86ce24e0000000000000f80f411981d7


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[standacich]

ok tak už jsem spustil combofix hned jak to bude tak sem vložím výpis blogu zatím dík :-)

[standacich]

tak hotovo a tady jsou ty logy

ComboFix 12-10-09.01 - standa 10.10.2012 20:50:38.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.3.1250.420.1029.18.4095.2651 [GMT 2:00]
Spuštěný z: c:\users\standa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\standa\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-10 do 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 18:58 . 2012-10-10 18:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-10 18:58 . 2012-10-10 18:58 -------- d-----w- c:\users\Deti\AppData\Local\temp
2012-10-10 18:58 . 2012-10-10 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 17:28 . 2012-10-09 17:28 388096 ----a-r- c:\users\standa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-09 17:28 . 2012-10-09 17:28 -------- d-----w- c:\program files (x86)\Trend Micro
2012-10-08 17:14 . 2012-10-08 17:14 -------- d-----w- c:\windows\SysWow64\Adobe
2012-10-08 11:54 . 2012-10-08 11:54 -------- d-----w- c:\program files\ESET
2012-10-08 09:40 . 2012-10-08 09:40 -------- d-----w- c:\users\standa\AppData\Roaming\Malwarebytes
2012-10-08 09:39 . 2012-10-08 09:39 -------- d-----w- c:\programdata\Malwarebytes
2012-10-08 09:39 . 2012-10-08 14:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-08 09:39 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 15:26 . 2012-10-06 16:00 -------- d-----w- c:\program files (x86)\FIFA 13
2012-10-05 08:56 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{199BF7EE-956B-4F1A-834E-8D00ABF328B5}\mpengine.dll
2012-09-30 14:12 . 2012-09-30 14:42 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-09-28 09:17 . 2012-09-28 09:17 -------- d-----w- c:\program files (x86)\Sega
2012-09-25 19:03 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 21:39 . 2012-08-24 10:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-13 18:48 . 2012-09-15 20:40 -------- d-----w- C:\temp
2012-09-12 11:41 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 11:41 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 11:41 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 11:41 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 11:41 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 11:41 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 11:41 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 17:10 . 2012-03-31 06:10 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 17:10 . 2011-07-13 10:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 13:07 . 2012-09-09 09:52 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-09-13 13:07 . 2012-09-09 09:52 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-09-12 20:44 . 2011-12-13 21:28 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-04 20:49 . 2012-09-04 20:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 20:49 . 2012-05-13 21:12 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-04 20:49 . 2012-02-11 14:20 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 19:14 . 2012-03-25 08:39 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-03-25 08:39 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2010-08-09 05:05 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 16:18 . 2010-08-08 22:12 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2010-08-08 22:12 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2010-08-08 22:12 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2010-08-08 22:12 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-03-25 08:40 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2010-08-08 22:12 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2010-08-08 22:12 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-21 09:12 . 2012-07-07 19:46 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-29 13:27 . 2011-12-17 12:51 189248 ------w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-18 18:15 . 2012-08-15 09:10 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2010-11-21 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-13 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-13 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-13 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-08 974944]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-17 283200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"TNod UP"="c:\users\standa\Downloads\Eset Smart Securiry 5 a Eset Nod 32 Antivirus 5 - pouze 64bit + licence čisté bez virů\TNODUP Generátor jména a hesla\TNODUP.exe" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 4030008]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=wbsttst2&s={searchTerms}&f=4
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9C12250E-AAB3-4871-B8F1-268F4A73B13C}: NameServer = 212.96.161.6,212.96.160.7
TCP: Interfaces\{A549F560-B2DC-4477-8201-DC7D3934645A}: NameServer = 212.96.161.6,212.96.160.7
FF - ProfilePath - c:\users\standa\AppData\Roaming\Mozilla\Firefox\Profiles\s4cae0wr.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-AC Revelations_is1 - c:\program files (x86)\AC Revelations\unins000.exe
AddRemove-All rights reserved_is1 - c:\program files (x86)\Common Files\Temp\6.1\unins000.exe
AddRemove-Call of Duty: Black Ops_is1 - c:\program files (x86)\Activision\Call of Duty - Black Ops\unins000.exe
AddRemove-FIFA 12 (c) EA_is1 - c:\program files (x86)\FIFA 12\unins000.exe
AddRemove-HUD PANEL - c:\users\standa\Documents\18 WoS Pedal to the Metal\Uninstal.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-WTA-4e66db9b-c96a-4ba7-98b4-bd9061a1726b - c:\program files (x86)\WildGames\18 Wheels of Steel Extreme Trucker 2\uninstall\uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-834648176-2438481772-1138511732-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-834648176-2438481772-1138511732-1000\Software\SecuROM\License information*]
"datasecu"=hex:16,94,6d,75,89,13,02,b9,be,b9,8b,eb,53,25,85,51,9b,b3,c0,21,d7,
c5,40,94,44,e2,92,07,3d,a0,45,29,34,ad,2f,74,d7,81,b0,a0,f0,51,e6,e2,20,a1,\
"rkeysecu"=hex:c3,31,56,8c,2b,f8,46,2c,38,46,34,13,af,a3,1e,9a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Celkový čas: 2012-10-10 21:13:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-10 19:13
ComboFix2.txt 2012-10-10 13:56
ComboFix3.txt 2012-10-09 18:10
.
Před spuštěním: Volných bajtů: 80 077 742 080
Po spuštění: Volných bajtů: 79 764 049 920
.
- - End Of File - - 737B79881E0FFF386729361CC7368A41

[standacich]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:15:42, on 10.10.2012
Platform: Windows 7 SP3 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C12250E-AAB3-4871-B8F1-268F4A73B13C}: NameServer = 212.96.161.6,212.96.160.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{A549F560-B2DC-4477-8201-DC7D3934645A}: NameServer = 212.96.161.6,212.96.160.7
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\Windows\ATKKBService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11556 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Jak to vypadá? Mělo by to být už OK.

[standacich]

ok supeeer moc a moc díky už to šlape jak má fakt moc dík ale přeci kdyby něco tak se můžu zase obrátit sem ???

Samozřejmě můžeš! jaro3