Prosím o preventivní kontrolu Vyřešeno

[Jaros]

Zdravím,

trošku mně znepokojuje krátké zamrzávání prohlížeče, prosím tedy o preventivní kontrolu předpokládané špíny.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:53, on 7.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jarda\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jarda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7422 bytes

LOG z MBAM:

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3097
Windows 6.0.6002 Service Pack 2

4.11.2009 10:00:51
mbam-log-2009-11-04 (10-00-51).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 100109
Uplynulý čas: 4 minute(s), 21 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O13 - Gopher Prefix:


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Jaros]

Log:

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3097
Windows 6.0.6002 Service Pack 2

4.11.2009 11:19:14
mbam-log-2009-11-04 (11-19-14).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 100080
Uplynulý čas: 3 minute(s), 33 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[jaro3]

Omlouvám se , log z MbAM už si dával..

Vypni rez. ochranu u Norton/Symantec.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Později se podívám

[Jaros]

Log:

ComboFix 09-11-03.03 - Jarda 04.11.2009 12:42.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2776 [GMT 1:00]
Spuštěný z: c:\users\Jarda\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-10-04 do 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 12:01 . 2009-11-04 12:01 -------- d-----w- c:\users\Jarda\AppData\Local\temp
2009-11-04 12:01 . 2009-11-04 12:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-04 12:01 . 2009-11-04 12:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-04 07:37 . 2009-11-04 07:37 -------- d-----w- c:\windows\system32\Adobe
2009-11-02 18:08 . 2009-11-02 18:08 -------- d-----w- c:\program files\CCleaner
2009-10-28 14:15 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 14:15 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 13:38 . 2009-10-27 13:44 -------- d-----w- c:\program files\Lame for Audacity
2009-10-27 13:24 . 2009-10-27 14:06 -------- d-----w- c:\users\Jarda\AppData\Roaming\Audacity
2009-10-27 13:24 . 2009-10-27 13:24 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-10-21 09:28 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 09:28 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 09:28 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 09:28 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 09:27 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 09:27 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 09:27 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 09:27 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 09:27 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-15 06:14 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 06:14 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 06:14 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 06:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 06:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-07 13:22 . 2009-10-07 13:22 -------- d-----w- c:\program files\Trend Micro
2009-10-06 10:16 . 2007-03-26 06:25 38784 ----a-w- c:\windows\system32\drivers\Axtmvprt.sys
2009-10-06 10:15 . 2007-03-26 06:25 40064 ----a-w- c:\windows\system32\drivers\Axtmvmdm.sys
2009-10-06 10:15 . 2007-03-22 08:36 3456 ----a-w- c:\windows\system32\drivers\Axtmvflt.sys
2009-10-06 10:15 . 2009-10-06 10:17 -------- d-----w- c:\program files\Axesstel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 11:31 . 2008-01-21 06:46 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-11-04 11:31 . 2008-01-21 06:46 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 17:48 . 2009-09-09 17:50 99936 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 15:33 . 2009-10-01 09:16 -------- d-----w- c:\users\Jarda\AppData\Roaming\FileZilla
2009-10-22 21:14 . 2009-10-01 09:17 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-16 16:55 . 2009-08-28 21:23 -------- d-----w- c:\programdata\Microsoft Help
2009-10-15 12:49 . 2009-08-28 11:35 99936 ----a-w- c:\users\Jarda\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-15 12:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-15 11:56 . 2009-08-29 10:04 -------- d-----w- c:\program files\Microsoft Works
2009-10-02 10:45 . 2009-09-19 18:57 -------- d-----w- c:\program files\EA Sports
2009-09-29 19:07 . 2009-09-01 12:18 -------- d-----w- c:\users\Jarda\AppData\Roaming\Skype
2009-09-29 19:03 . 2009-09-01 12:21 -------- d-----w- c:\users\Jarda\AppData\Roaming\skypePM
2009-09-29 07:22 . 2009-09-29 07:21 -------- d-----w- c:\programdata\CyberLink
2009-09-29 07:22 . 2009-09-29 07:21 -------- d-----w- c:\users\Jarda\AppData\Roaming\CyberLink
2009-09-29 07:19 . 2009-09-29 07:19 -------- d-----w- c:\program files\Common Files\CyberLink
2009-09-29 07:19 . 2009-08-28 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-29 07:18 . 2009-09-29 07:18 -------- d-----w- c:\program files\CyberLink
2009-09-29 07:17 . 2009-09-29 07:18 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-29 07:17 . 2009-08-28 12:10 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-29 07:17 . 2003-03-18 20:14 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-25 09:30 . 2009-09-22 19:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-25 09:29 . 2009-09-22 19:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-25 06:14 . 2009-09-25 06:14 -------- d-----w- c:\program files\CDex_170b2
2009-09-22 19:04 . 2009-09-22 19:05 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-22 18:50 . 2009-09-22 18:50 -------- d-----w- c:\program files\Electronic Arts
2009-09-20 10:16 . 2009-09-20 10:16 -------- d-----w- c:\program files\DVDVIDEOSOFT
2009-09-19 22:18 . 2009-09-19 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-19 19:03 . 2009-09-19 19:03 -------- d--h--r- c:\users\Jarda\AppData\Roaming\SecuROM
2009-09-17 20:41 . 2009-09-08 09:38 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2009-09-17 13:11 . 2009-09-17 13:11 -------- d-----w- c:\users\Jarda\AppData\Roaming\GHISLER
2009-09-14 14:31 . 2009-09-14 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 14:31 . 2009-09-14 14:31 -------- d-----w- c:\users\Jarda\AppData\Roaming\Malwarebytes
2009-09-14 14:31 . 2009-09-14 14:31 -------- d-----w- c:\programdata\Malwarebytes
2009-09-14 12:01 . 2009-09-14 11:59 -------- d-----w- c:\program files\The KMPlayer
2009-09-11 13:52 . 2009-09-11 13:06 650 ---ha-w- C:\os848618.bin
2009-09-11 13:02 . 2009-08-29 16:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 12:50 . 2009-09-11 12:50 -------- d-----w- c:\program files\Common Files\Vbox
2009-09-11 11:55 . 2009-09-11 11:36 -------- d-----w- c:\users\Jarda\AppData\Roaming\PSpad
2009-09-11 11:36 . 2009-09-11 11:36 -------- d-----w- c:\program files\PSPad editor
2009-09-10 12:54 . 2009-09-14 14:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-09-14 14:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 17:50 . 2009-09-09 17:50 -------- d-----w- c:\users\Guest\AppData\Roaming\Symantec
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\UC.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\RAR.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\LHA.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\ARJ.PIF
2009-09-08 10:16 . 2009-09-08 10:16 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-09-08 10:16 . 2009-09-08 10:16 737280 ----a-w- c:\windows\iun6002.exe
2009-09-04 11:41 . 2009-10-15 06:13 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 12:21 . 2009-09-01 12:21 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-08-30 12:09 . 2009-08-30 11:46 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-29 10:46 . 2009-08-29 10:46 971232 ----a-w- c:\windows\system32\drivers\tdrpm147.sys
2009-08-29 10:46 . 2009-08-29 10:46 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:46 . 2009-08-29 10:46 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:46 . 2009-08-29 10:46 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-08-29 00:27 . 2009-09-03 10:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 10:36 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 06:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 06:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 06:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 06:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 11:10 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 11:10 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 11:10 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 11:10 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 11:10 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 11:10 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 11:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 11:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 11:10 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 11:10 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 11:10 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-29 380928]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-08-26 16986112]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):85,bb,7e,bb,1b,28,ca,01

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091101.001\IDSvix86.sys [1.11.2009 10:51 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [24.8.2007 22:07 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30.8.2009 13:12 102448]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19.2.2009 12:31 41008]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [28.8.2009 13:19 870400]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\System32\drivers\Axtmvflt.sys [6.10.2009 11:15 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\System32\drivers\Axtmvmdm.sys [6.10.2009 11:15 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\System32\drivers\Axtmvprt.sys [6.10.2009 11:16 38784]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [29.5.2007 13:55 23888]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Obsah adresáře 'Naplánované úlohy'

2009-11-02 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - Jarda.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2007-08-26 17:19]

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{C0874FDC-663C-42E5-B8BA-43204E9C6485}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\amkikk3h.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\amkikk3h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.mozilla.org
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccessc:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 13:01
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-11-04 13:02
ComboFix-quarantined-files.txt 2009-11-04 12:02

Před spuštěním: Volných bajtů: 320 296 808 448
Po spuštění: Volných bajtů: 320 225 083 392

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\programdata\ezsidmv.dat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Firefox::
FF - ProfilePath - c:\users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\amkikk3h.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Jaros]

Log z Combofixu:

ComboFix 09-11-03.03 - Jarda 04.11.2009 15:11.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2391 [GMT 1:00]
Spuštěný z: c:\users\Jarda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jarda\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-04 do 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 14:31 . 2009-11-04 14:31 -------- d-----w- c:\users\Jarda\AppData\Local\temp
2009-11-04 14:31 . 2009-11-04 14:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-04 14:31 . 2009-11-04 14:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-04 14:31 . 2009-11-04 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-04 07:37 . 2009-11-04 07:37 -------- d-----w- c:\windows\system32\Adobe
2009-11-02 18:08 . 2009-11-02 18:08 -------- d-----w- c:\program files\CCleaner
2009-10-28 14:15 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 14:15 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 13:38 . 2009-10-27 13:44 -------- d-----w- c:\program files\Lame for Audacity
2009-10-27 13:24 . 2009-10-27 14:06 -------- d-----w- c:\users\Jarda\AppData\Roaming\Audacity
2009-10-27 13:24 . 2009-10-27 13:24 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-10-21 09:28 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 09:28 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 09:28 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 09:28 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 09:27 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 09:27 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 09:27 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 09:27 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 09:27 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-15 06:14 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 06:14 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 06:14 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 06:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 06:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-07 13:22 . 2009-10-07 13:22 -------- d-----w- c:\program files\Trend Micro
2009-10-06 10:16 . 2007-03-26 06:25 38784 ----a-w- c:\windows\system32\drivers\Axtmvprt.sys
2009-10-06 10:15 . 2007-03-26 06:25 40064 ----a-w- c:\windows\system32\drivers\Axtmvmdm.sys
2009-10-06 10:15 . 2007-03-22 08:36 3456 ----a-w- c:\windows\system32\drivers\Axtmvflt.sys
2009-10-06 10:15 . 2009-10-06 10:17 -------- d-----w- c:\program files\Axesstel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 11:31 . 2008-01-21 06:46 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-11-04 11:31 . 2008-01-21 06:46 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 17:48 . 2009-09-09 17:50 99936 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 15:33 . 2009-10-01 09:16 -------- d-----w- c:\users\Jarda\AppData\Roaming\FileZilla
2009-10-22 21:14 . 2009-10-01 09:17 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-16 16:55 . 2009-08-28 21:23 -------- d-----w- c:\programdata\Microsoft Help
2009-10-15 12:49 . 2009-08-28 11:35 99936 ----a-w- c:\users\Jarda\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-15 12:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-15 11:56 . 2009-08-29 10:04 -------- d-----w- c:\program files\Microsoft Works
2009-10-02 10:45 . 2009-09-19 18:57 -------- d-----w- c:\program files\EA Sports
2009-09-29 19:07 . 2009-09-01 12:18 -------- d-----w- c:\users\Jarda\AppData\Roaming\Skype
2009-09-29 19:03 . 2009-09-01 12:21 -------- d-----w- c:\users\Jarda\AppData\Roaming\skypePM
2009-09-29 07:22 . 2009-09-29 07:21 -------- d-----w- c:\programdata\CyberLink
2009-09-29 07:22 . 2009-09-29 07:21 -------- d-----w- c:\users\Jarda\AppData\Roaming\CyberLink
2009-09-29 07:19 . 2009-09-29 07:19 -------- d-----w- c:\program files\Common Files\CyberLink
2009-09-29 07:19 . 2009-08-28 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-29 07:18 . 2009-09-29 07:18 -------- d-----w- c:\program files\CyberLink
2009-09-29 07:17 . 2009-09-29 07:18 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-09-29 07:17 . 2009-08-28 12:10 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-29 07:17 . 2003-03-18 20:14 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-25 09:30 . 2009-09-22 19:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-25 09:29 . 2009-09-22 19:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-25 06:14 . 2009-09-25 06:14 -------- d-----w- c:\program files\CDex_170b2
2009-09-22 19:04 . 2009-09-22 19:05 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-22 18:50 . 2009-09-22 18:50 -------- d-----w- c:\program files\Electronic Arts
2009-09-20 10:16 . 2009-09-20 10:16 -------- d-----w- c:\program files\DVDVIDEOSOFT
2009-09-19 22:18 . 2009-09-19 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-19 19:03 . 2009-09-19 19:03 -------- d--h--r- c:\users\Jarda\AppData\Roaming\SecuROM
2009-09-17 20:41 . 2009-09-08 09:38 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2009-09-17 13:11 . 2009-09-17 13:11 -------- d-----w- c:\users\Jarda\AppData\Roaming\GHISLER
2009-09-14 14:31 . 2009-09-14 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 14:31 . 2009-09-14 14:31 -------- d-----w- c:\users\Jarda\AppData\Roaming\Malwarebytes
2009-09-14 14:31 . 2009-09-14 14:31 -------- d-----w- c:\programdata\Malwarebytes
2009-09-14 12:01 . 2009-09-14 11:59 -------- d-----w- c:\program files\The KMPlayer
2009-09-11 13:52 . 2009-09-11 13:06 650 ---ha-w- C:\os848618.bin
2009-09-11 13:02 . 2009-08-29 16:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 12:50 . 2009-09-11 12:50 -------- d-----w- c:\program files\Common Files\Vbox
2009-09-11 11:55 . 2009-09-11 11:36 -------- d-----w- c:\users\Jarda\AppData\Roaming\PSpad
2009-09-11 11:36 . 2009-09-11 11:36 -------- d-----w- c:\program files\PSPad editor
2009-09-10 12:54 . 2009-09-14 14:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-09-14 14:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 17:50 . 2009-09-09 17:50 -------- d-----w- c:\users\Guest\AppData\Roaming\Symantec
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\UC.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\RAR.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\LHA.PIF
2009-09-09 05:50 . 2009-09-17 13:11 545 ----a-w- c:\windows\ARJ.PIF
2009-09-08 10:16 . 2009-09-08 10:16 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-09-08 10:16 . 2009-09-08 10:16 737280 ----a-w- c:\windows\iun6002.exe
2009-09-04 11:41 . 2009-10-15 06:13 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 12:09 . 2009-08-30 11:46 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-29 10:46 . 2009-08-29 10:46 971232 ----a-w- c:\windows\system32\drivers\tdrpm147.sys
2009-08-29 10:46 . 2009-08-29 10:46 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:46 . 2009-08-29 10:46 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:46 . 2009-08-29 10:46 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-08-29 00:27 . 2009-09-03 10:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 10:36 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 06:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 06:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 06:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 06:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 11:10 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 11:10 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 11:10 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 11:10 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 11:10 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 11:10 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 11:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 11:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 11:10 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 11:10 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 11:10 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-04_12.01.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-08-28 11:33 . 2009-11-04 10:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-28 11:33 . 2009-11-04 13:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-28 11:33 . 2009-11-04 13:04 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-28 11:33 . 2009-11-04 10:22 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-28 11:33 . 2009-11-04 13:04 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-28 11:33 . 2009-11-04 10:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-29 380928]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-08-26 16986112]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):85,bb,7e,bb,1b,28,ca,01

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091101.001\IDSvix86.sys [1.11.2009 10:51 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [24.8.2007 22:07 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30.8.2009 13:12 102448]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19.2.2009 12:31 41008]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [28.8.2009 13:19 870400]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\System32\drivers\Axtmvflt.sys [6.10.2009 11:15 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\System32\drivers\Axtmvmdm.sys [6.10.2009 11:15 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\System32\drivers\Axtmvprt.sys [6.10.2009 11:16 38784]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [29.5.2007 13:55 23888]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Obsah adresáře 'Naplánované úlohy'

2009-11-02 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - Jarda.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2007-08-26 17:19]

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{C0874FDC-663C-42E5-B8BA-43204E9C6485}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\amkikk3h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\amkikk3h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.mozilla.org
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccessc:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 15:31
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-11-04 15:32
ComboFix-quarantined-files.txt 2009-11-04 14:32
ComboFix2.txt 2009-11-04 12:02

Před spuštěním: Volných bajtů: 320 226 168 832
Po spuštění: Volných bajtů: 320 194 600 960

[Jaros]

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:53, on 7.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jarda\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jarda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7422 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost


takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno, zelenou fajfku.

[Jaros]

Všiml jsem si, že i po fixnutí řádku: O1 - Hosts: ::1 localhost se při dalším scanu opět objeví, je to nějaký problém?

A nedaří se mně stáhnout T-Cleaner - Norton Internet Security hlásí Trojan Horse a to i z jiného zdroje, tak nevím jestli to je nějaký planý poplach nebo opravdu vir, zkrátko to nechce a odmítá stáhnout.

[jaro3]

O1 - Hosts: ::1 localhost není problém, je to jen víceméně zbytečnost.

T-Cleaner- nákaza tam není, je to chyba několika antivirů.
Postupuj takto , vypni rez. ochranu ( případně zcela deaktivuj) antivir, antispyware,firewall. Stáhni si T-Cleaner, proveď čištění. Následně T-Cleaner zase smaž a zapni si antivir, antispyware,firewall.

Je to vše.

[Jaros]

Dobře... děkuji tedy za pomoc.