PC-HELP.CZ

Ahoj,prosil bych o preventivku po dlouhy dobe,dekuji


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 21:27:31, on 2010-07-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6781085453
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6839 bytes

Ahoj,
log vypadá v pořádku, máš s pc nějaké problémy?
Rději bych ale důkladnější skener, který poví víc

Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit

**********************

Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde

jj ,snad jediný problém..po spuštění pc se mi objeví ikonka Sitova Pripojeni az 1-3. minutě (myslim VPRAVO DOLE U HODIN) tzn. ze musim cekat 1-3 minuty nez mi pude internet.Nevis cim to muze byt? BTW. CCLeaner pouzivam kazdej den ..takze se nic moc nezmeni.

Tu je log:

info.txt logfile of random's system information tool 1.06 2010-07-02 08:15:13

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\4977c84bcdc298c444ccfbdcccb660d\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Setup-->MsiExec.exe /I{0901FCE8-5415-4499-BBC8-1AA106DD66E2}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AIMP2-->C:\Program Files\AIMP2\Uninstall.exe
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atf Profi-->"C:\Program Files\All Ten Fingers\uninstall.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
BurnAware Free 2.4.6-->"C:\Program Files\BurnAware Free\unins000.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Counter-Strike: Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DirectX10 LV (Last Version)-->"C:\Program Files\Common Files\unins000.exe"
DivX Setup-->C:\Documents and Settings\All Users\Data aplikací\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Flow 1.01-->"C:\Program Files\Flow\unins000.exe"
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
Google Earth-->MsiExec.exe /X{C2D129C0-7508-11DF-9F1B-005056806466}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x5 -removeonly
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HD View-->MsiExec.exe /I{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
HLSW v1.3.2.1-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InstallScript-->"C:\Program Files\Octatec\InstallScript\uninstall\unsetup.exe" "C:\Program Files\Octatec\InstallScript\uninstall"
ioCentre-->C:\Program Files\InstallShield Installation Information\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}\setup.exe -runfromtemp -l0x0005 -removeonly
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
KeePass Password Safe 2.10-->"C:\Program Files\KeePass Password Safe 2\unins000.exe"
K-Lite Codec Pack 6.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetLimiter 1.30 (remove only)-->"C:\Program Files\NetLimiter\nluninst.exe"
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PDFZilla V1.2.9-->"c:\PDFZilla\unins000.exe"
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Revo Uninstaller 1.89-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Safari-->MsiExec.exe /I{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0005 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0005 -removeonly
Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x0005 -removeonly
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Skype™ 4.2-->MsiExec.exe /X{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Startup Delayer v2.5 (build 138)-->C:\Program Files\r2 Studios\Startup Delayer\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPER © Version 2010.bld.37 (Jan 2, 2010)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TrackMania Nations ESWC 0.1.7.9-->"C:\Program Files\TrackMania Nations ESWC\unins000.exe"
Trillian-->C:\Program Files\Trillian\Trillian.exe /uninstall
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Ultra AVI Converter 1.7.2-->"C:\Program Files\Ultra AVI Converter\unins000.exe"
Unlocker 1.8.9-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platforma Ovladače zařízení-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VirusTotal Uploader 2.0-->"C:\Program Files\VirusTotalUploader2\uninstall.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WhoCrashed 2.00-->"C:\Program Files\WhoCrashed\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinUtilities 9.66 Pro-->"C:\Program Files\WinUtilities\unins000.exe"
XP TCP/IP Repair-->"C:\Program Files\XP TCPIP Repair\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop
FW: ZoneAlarm Firewall

======System event log======

Computer Name: MTA
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě avast! Mail Scanner úspěšně odeslán.

Record Number: 27582
Source Name: Service Control Manager
Time Written: 20100610193632.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: MTA
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Kompatibilita pro rychlé přepínání uživatelů úspěšně odeslán.

Record Number: 27581
Source Name: Service Control Manager
Time Written: 20100610193632.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: MTA
Event Code: 7036
Message: Stav služby Terminálová služba byl změněn na: Spuštěno

Record Number: 27580
Source Name: Service Control Manager
Time Written: 20100610193632.000000+120
Event Type: Informace
User:

Computer Name: MTA
Event Code: 7022
Message: Služba Pomocná služba protokolu IPv6 přestala během spouštění reagovat.

Record Number: 27579
Source Name: Service Control Manager
Time Written: 20100610193632.000000+120
Event Type: Chyba
User:

Computer Name: MTA
Event Code: 7000
Message: Služba HDDlife HDD Access service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


Record Number: 27578
Source Name: Service Control Manager
Time Written: 20100610193509.000000+120
Event Type: Chyba
User:

=====Application event log=====

Computer Name: HONZA
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 1588
Source Name: SecurityCenter
Time Written: 20100417191900.000000+120
Event Type: Informace
User:

Computer Name: HONZA
Event Code: 0
Message: Service started

Record Number: 1587
Source Name: HDDlife HDD Access service
Time Written: 20100417191851.000000+120
Event Type: Informace
User:

Computer Name: HONZA
Event Code: 0
Message:
Record Number: 1586
Source Name: gupdate
Time Written: 20100417191850.000000+120
Event Type: Informace
User:

Computer Name: HONZA
Event Code: 0
Message:
Record Number: 1585
Source Name: gupdate
Time Written: 20100417191638.000000+120
Event Type: Informace
User:

Computer Name: HONZA
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 1584
Source Name: SecurityCenter
Time Written: 20100417191612.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0303
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Zkus:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Mimochodem,jeste jsem zapomel dodat ze nedavno jsem mel problemy s nactenim nekterych webovych stranek..coz jsou typicke priznaky pro DDOS Trojan ,ci naky spyware.Proskenoval jsem pc Norton scanerem,spyware terminatorem a trojan removerem,spybotem..a zadna detekce..bojim se toho nejhorsiho ,ze bude problem v hardwaru.

Tu je log z MBAM


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4267

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-07-02 18:24:11
mbam-log-2010-07-02 (18-24-11).txt

Typ skenu: Rychlý sken
Skenované objekty: 153924
Uplynulý čas: 16 minuta(y), 45 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

ComboFix 10-07-01.02 - Butterfly 2010-07-02 21:20:18.2.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1022.647 [GMT 2:00]
Spuštěný z: c:\documents and settings\Butterfly\Plocha\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-02 do 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-07-02 06:14 . 2010-07-02 06:15 -------- d-----w- C:\rsit
2010-07-01 10:25 . 2010-07-02 06:15 -------- d-----w- c:\program files\Trend Micro
2010-07-01 09:01 . 2010-07-01 09:02 -------- d-----w- c:\program files\QuickTime
2010-07-01 07:58 . 2010-07-01 07:58 -------- d-----w- c:\documents and settings\Butterfly\KBCertifikat
2010-06-30 08:34 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-30 08:34 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-30 08:34 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-30 08:34 . 2010-06-28 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-30 08:33 . 2010-07-01 10:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-30 08:29 . 2010-06-30 08:29 -------- d-----w- c:\windows\system32\drivers\NSS
2010-06-30 08:29 . 2010-06-30 08:29 -------- d-----w- c:\program files\Norton Security Scan
2010-06-30 08:29 . 2010-06-30 08:29 -------- d-----w- c:\program files\NortonInstaller
2010-06-28 17:24 . 2010-06-23 11:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-28 17:24 . 2010-06-23 11:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-28 17:24 . 2010-06-23 11:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-28 17:24 . 2010-06-28 17:25 -------- d-----w- c:\windows\system32\ZoneLabs
2010-06-28 17:24 . 2010-06-28 17:24 -------- d-----w- c:\program files\Zone Labs
2010-06-28 12:18 . 2010-06-28 17:37 -------- d-----w- c:\program files\Crawler
2010-06-28 12:18 . 2010-06-28 12:18 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-28 12:18 . 2010-06-29 16:03 -------- d-----w- c:\program files\Spyware Terminator
2010-06-27 07:54 . 2010-07-02 19:30 -------- d-----w- c:\windows\Internet Logs
2010-06-26 21:46 . 2010-06-26 21:46 -------- d-----w- c:\program files\Common Files\Java
2010-06-26 20:51 . 2010-06-26 20:51 -------- d-----w- c:\program files\NetLimiter
2010-06-26 16:23 . 2010-06-26 16:25 -------- d-----w- c:\program files\Ultimate Process Manager
2010-06-26 15:21 . 2010-06-26 15:21 -------- d-s---w- c:\documents and settings\LocalService\Oblíbené položky
2010-06-26 15:12 . 2010-06-27 08:08 -------- d-----w- c:\program files\Sunbelt Software
2010-06-26 08:53 . 2010-06-26 08:55 -------- d-----w- c:\program files\Hide My IP
2010-06-23 19:30 . 2010-06-23 19:30 -------- d-----w- c:\program files\XP TCPIP Repair
2010-06-23 19:08 . 2010-06-23 19:08 -------- d-----w- c:\program files\VS Revo Group
2010-06-23 12:09 . 2010-06-14 14:39 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-06-21 08:05 . 2006-08-14 19:09 82816 ----a-w- c:\windows\system32\drivers\Rtnic.sys
2010-06-21 08:05 . 2006-08-14 19:09 82816 ----a-w- c:\windows\system32\drivers\Rtenic.sys
2010-06-21 07:53 . 2010-06-22 17:17 -------- d-----w- c:\program files\Driver Checker
2010-06-17 18:14 . 2010-06-25 12:41 217260 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-17 18:14 . 2010-06-25 12:41 217260 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-17 18:14 . 2010-06-25 12:41 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-06-17 17:46 . 2010-06-17 17:46 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-06-17 14:05 . 2010-07-01 08:39 -------- d-----w- c:\program files\Opera 10.60 Beta
2010-06-17 13:59 . 2010-06-17 14:01 -------- dc-h--w- c:\windows\ie8
2010-06-17 05:46 . 2010-06-17 05:46 -------- d-sh--w- c:\documents and settings\Butterfly\wc
2010-06-17 05:45 . 2010-06-17 05:45 -------- d-----w- c:\program files\Software Informer
2010-06-17 05:43 . 2010-06-17 05:43 -------- d-----w- c:\program files\Flow
2010-06-13 21:07 . 2010-06-13 21:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-06-13 09:04 . 2010-06-13 09:04 55572 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-13 09:04 . 2010-06-13 09:04 -------- d-----w- c:\program files\Safari
2010-06-12 09:26 . 2010-06-12 09:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 08:29 . 2010-06-17 14:01 -------- d--h--w- c:\windows\msdownld.tmp
2010-06-11 08:19 . 2010-06-11 08:19 -------- d-----w- c:\program files\Secunia
2010-06-11 07:31 . 2010-06-27 09:06 -------- d-----w- c:\program files\AVG
2010-06-11 07:17 . 2010-06-11 07:18 94 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-06-10 21:43 . 2010-06-10 21:45 -------- d-----w- c:\program files\DVBViewerTE
2010-06-10 05:39 . 2010-06-08 15:16 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-06-09 09:14 . 2010-06-23 11:30 -------- d-----w- c:\program files\Panda Security
2010-06-09 07:25 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 17:01 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-07 18:39 . 2007-08-31 10:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-06-07 18:39 . 2007-08-31 10:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-06-07 18:39 . 1999-11-22 13:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-06-07 18:39 . 1999-11-22 13:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-06-07 18:39 . 2010-06-07 18:50 -------- d-----w- c:\program files\WinUtilities
2010-06-06 07:45 . 2010-06-23 18:41 -------- d-----w- c:\program files\Defraggler
2010-06-05 08:04 . 2010-06-07 18:15 -------- d-----w- c:\program files\ScreenCamera

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 17:07 . 2010-03-08 11:38 -------- d-----w- c:\program files\Steam
2010-07-02 07:05 . 2010-07-02 07:07 1930240 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-07-02 07:05 . 2010-07-02 07:07 32256 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-07-01 22:26 . 2010-07-02 06:05 35328 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-07-01 22:26 . 2010-07-02 06:05 1923584 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-07-01 15:44 . 2010-07-01 17:48 1920000 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-07-01 15:44 . 2010-07-01 17:48 161280 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-07-01 11:57 . 2010-02-12 21:12 -------- d-----w- c:\program files\Google
2010-07-01 08:49 . 2010-02-12 13:43 -------- d-----w- c:\program files\MSECache
2010-07-01 08:41 . 2010-02-12 04:39 -------- d-----w- c:\program files\Opera
2010-06-30 12:50 . 2010-04-17 16:00 -------- d-----w- c:\program files\ESET
2010-06-30 08:35 . 2010-03-03 21:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-29 22:23 . 2010-06-30 07:19 34304 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-06-29 18:45 . 2010-06-29 19:54 1780224 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-06-29 18:45 . 2010-06-29 19:54 54272 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-06-28 21:00 . 2010-06-29 11:44 19968 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-06-28 19:33 . 2010-06-28 20:33 43520 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-06-28 17:57 . 2010-03-28 12:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-28 17:25 . 2010-02-24 16:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-27 07:44 . 2010-03-20 11:58 -------- d-----w- c:\program files\IObit
2010-06-26 21:43 . 2010-04-24 08:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 08:02 . 2010-02-28 20:04 -------- d-----w- c:\program files\PKR
2010-06-23 12:09 . 2010-02-27 09:18 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-23 11:47 . 2001-10-25 14:00 79424 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 11:47 . 2001-10-25 14:00 432386 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 08:10 . 2010-03-28 13:00 -------- d-----w- c:\program files\Realtek
2010-06-21 08:10 . 2010-02-09 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 13:34 . 2010-04-05 19:11 -------- d-----w- c:\program files\ICQ6.5
2010-06-20 07:43 . 2010-02-14 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 07:43 . 2010-06-20 07:43 311296 ----a-w- c:\windows\~DF7BF9.tmp
2010-06-20 07:43 . 2010-06-20 07:43 311296 ----a-w- c:\windows\~DF6E59.tmp
2010-06-20 07:42 . 2010-06-20 07:42 65536 ----a-w- c:\windows\~DF23ED.tmp
2010-06-17 18:15 . 2010-02-16 20:52 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-17 18:02 . 2010-05-08 08:47 -------- d-----w- c:\program files\BurnAware Free
2010-06-17 17:47 . 2010-02-28 21:24 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-14 14:45 . 2010-02-27 09:19 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-13 09:03 . 2010-05-31 19:58 -------- d-----w- c:\program files\Bonjour
2010-06-12 09:08 . 2010-04-24 08:05 -------- d-----w- c:\program files\DivX
2010-06-12 09:07 . 2010-04-24 08:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-12 09:06 . 2010-05-30 08:27 -------- d-----r- c:\program files\Skype
2010-06-12 09:01 . 2010-04-03 08:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-11 07:18 . 2010-02-17 18:37 133836 ----a-w- c:\windows\BricoPackUninst.cmd
2010-06-09 10:55 . 2010-02-16 21:52 -------- d-----w- c:\program files\Alwil Software
2010-06-08 15:16 . 2010-03-29 18:56 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-06-08 15:16 . 2010-03-29 18:56 359016 ----a-w- c:\windows\vncutil.exe
2010-06-08 15:16 . 2010-03-29 18:56 1833576 ----a-w- c:\windows\SkyTel.exe
2010-06-08 15:16 . 2010-03-29 18:56 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-06-08 15:16 . 2010-03-29 18:56 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-06-08 15:16 . 2010-03-29 18:56 6056040 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-06-08 15:16 . 2010-03-29 18:56 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-06-08 15:16 . 2010-03-29 18:56 19552872 ----a-w- c:\windows\RTHDCPL.EXE
2010-06-08 15:16 . 2010-02-14 08:00 52840 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-06-08 15:16 . 2010-03-29 18:56 2180712 ----a-w- c:\windows\MicCal.exe
2010-06-08 15:16 . 2010-03-29 18:56 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-06-07 23:57 . 2010-02-10 18:46 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2010-02-10 18:46 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 23:57 . 2010-02-10 18:46 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2010-02-10 18:46 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2010-02-10 18:46 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2010-02-10 18:46 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2010-02-10 18:46 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2010-02-10 18:46 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2010-02-10 18:46 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2010-02-10 18:46 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 23:57 . 2010-02-10 18:46 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57 . 2010-02-10 18:46 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 18:20 . 2010-03-08 18:33 -------- d-----w- c:\program files\The KMPlayer
2010-06-04 11:58 . 2010-03-09 09:17 -------- d-----w- c:\program files\SlySoft
2010-05-31 20:00 . 2010-02-18 21:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-31 19:44 . 2010-05-31 19:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-27 17:05 . 2010-04-12 18:53 -------- d-----w- c:\program files\Valve
2010-05-27 16:53 . 2010-05-27 17:23 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-27 13:34 . 2010-02-10 22:42 -------- d-----w- c:\program files\CCleaner
2010-05-26 10:52 . 2010-05-26 10:46 -------- d-----w- c:\program files\VPN Anonymizer
2010-05-23 20:27 . 2010-05-22 08:13 -------- d-----w- c:\program files\VideoLAN
2010-05-23 20:11 . 2010-05-21 13:30 -------- d--h--w- c:\program files\Process Lasso
2010-05-22 07:58 . 2010-03-07 14:26 -------- d-----w- c:\program files\Microsoft Games
2010-05-20 20:15 . 2010-05-20 20:13 -------- d-----w- c:\program files\ScreenShots
2010-05-20 15:56 . 2010-05-20 15:56 -------- d-----w- c:\program files\Microsoft Research
2010-05-20 15:52 . 2010-05-20 15:52 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 19:03 . 2010-02-12 16:23 -------- d-----w- c:\program files\CyberLink
2010-05-12 16:41 . 2010-03-27 20:28 -------- d-----w- c:\program files\Trillian
2010-05-11 14:23 . 2010-02-12 21:17 -------- d-----w- c:\program files\Common Files\CyberLink
2010-05-11 14:20 . 2010-02-12 21:17 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-11 14:20 . 2010-02-12 16:23 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-11 14:20 . 2010-02-12 16:23 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-10 21:59 . 2010-05-09 11:02 -------- d-----w- c:\program files\DAP
2010-05-08 18:47 . 2010-05-08 18:47 -------- d-----w- c:\program files\LIUtilities
2010-05-06 10:35 . 2004-08-17 13:49 907264 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 19:51 . 2010-02-12 21:53 -------- d-----w- c:\program files\QIP
2010-05-05 17:25 . 2010-02-11 19:56 -------- d-----w- c:\program files\Common Files\BinarySense
2010-05-02 08:09 . 2010-03-21 11:47 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-02-25 20:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-02-25 20:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 16:45 . 2010-02-18 14:35 1251872 ----a-w- c:\windows\RtlExUpd.dll
2010-04-24 08:32 . 2010-03-19 16:35 8030 ----a-w- c:\program files\Common Files\unins000.dat
2010-04-24 08:31 . 2010-03-19 16:35 728858 ----a-w- c:\program files\Common Files\unins000.exe
2006-05-03 10:06 . 2010-04-01 18:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-04-01 18:54 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-04-01 18:54 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-08-06 . A089AB141D4E25E543EEC2230CB50BD6 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . A089AB141D4E25E543EEC2230CB50BD6 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[-] 2010-05-06 . 05379DF185A4199865D8B1AA169C3FD3 . 6224896 . . [8.00.6001.18928] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-05-06 . 05379DF185A4199865D8B1AA169C3FD3 . 6224896 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
[7] 2010-05-06 . 06B941C7749A9F071444B4C7563F36B5 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-05-06 . 3F88F981AA7BC20744E0D2C699F500EF . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-02-26 . 23CB63CC448E14C4069E9CE40483E987 . 3094528 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll
[7] 2010-02-25 . AC93856CC1D10E74986EA4E70D90748F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2010-01-05 . 5DA02EE50F8FC661964857F21A2AE606 . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[7] 2009-12-22 . 25B289964AE031D4ECF189B8CD50F306 . 3092480 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . 41A55A865F00CE20284132E8FDE1FFB3 . 3092480 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . BD2EE2BDF5954172F509A16EBEA06D85 . 3094528 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2009-12-21 . BD424F12E808F3AA345C4816F7124F7C . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll

[-] 2010-05-06 . C9C1E562FE51D92193AD5F19AB5F9E36 . 907264 . . [8.00.6001.18923] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-05-06 . C9C1E562FE51D92193AD5F19AB5F9E36 . 907264 . . [8.00.6001.18923] . . c:\windows\system32\wininet.dll
[7] 2010-05-06 . B7ECEF0CCF63119356E174A78C185171 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-05-06 . 72064DA077E9D6912F39438D97CC0C60 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-26 . FD0F4E4BC28B18715BC1323ACD48E1A6 . 669696 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
[7] 2010-02-25 . 2E6504E28C7E0F753F68731861A94214 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2010-01-05 . 0D90D150ED0DD4C673C627C52D3F7149 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[7] 2009-12-22 . A0C158A24DA9F9C48B5B067948B31AA4 . 669696 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll
[7] 2009-12-22 . 50C587017A3F2FB5B1B1B4267CB2EA91 . 668160 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll
[7] 2009-12-22 . 5F072B7F1CF448D6ED5FF79511890E60 . 669696 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
[7] 2009-12-21 . 9256DA4AEE5E2C20FC6C126BDBC11997 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll

[-] 2008-04-14 . 71C54FF181A2C03921A74DB4D9ADD20E . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 71C54FF181A2C03921A74DB4D9ADD20E . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\Butterfly\\Dokumenty\\My DAP Downloads\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Flow\\Flow.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-06-08 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-28 697328]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2010-02-21 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-02-21 52224]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-02-09 13696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-06-28 142592]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-06-14 1051976]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2010-03-17 18944]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2010-03-17 11520]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-03-29 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-06-13 23456]
S3 esihdrv;esihdrv; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-02-25 38224]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-05-28 14896]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-25 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2010-06-14 14:48]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 20:33]

2010-06-30 c:\windows\Tasks\Norton Security Scan for Butterfly.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-30 08:22]

2010-07-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-796845957-879983540-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-06-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-879983540-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
IE: &Download with &DAP
IE: Download &all with DAP
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Zobrazit originál
FF - ProfilePath - c:\documents and settings\Butterfly\Data aplikací\Mozilla\Firefox\Profiles\s8h2coht.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 21:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-879983540-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):78,29,7c,ae,b5,3d,f0,d2,64,dd,34,df,08,fb,70,87,4a,3b,ec,24,9f,
57,44,1d,e0,99,34,68,10,d1,9d,d3,07,54,73,22,09,3a,ab,46,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6bbadbfa-e8da-4a90-9241-1934d8476915}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a1
"Therad"=dword:00000012

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(892)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Celkový čas: 2010-07-02 21:35:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-02 19:35

Před spuštěním: Volných bajtů: 73,212,280,832
Po spuštění: Volných bajtů: 73,148,620,800

- - End Of File - - 05E1687B59119BEC515F9F59A56096EE

Otestuj na http://www.virustotal.com


c:\windows\system32\wuauclt.exe
c:\windows\system32\mshtml.dll
c:\windows\system32\wininet.dll
c:\windows\explorer.exe
c:\program files\Common Files\unins000.exe
c:\windows\system32\flvDX.dll
c:\windows\system32\msfDX.dll
c:\windows\system32\nbDX.dll
c:\windows\RtlExUpd.dll
c:\windows\system32\wininet.dll
:\windows\system32\drivers\DrvAgent32.sys

-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.


Trojana TDSS nemáš, spíš bych zkusila vypnout rezidentní štít od Spyware Terminátora. Jakou verzi ZA máš? Ta devítková verze u některých pc brzdila start počítače.
Máš v pc také hodně složek po bezpečnostních programech, pokud nepoužíváš, odinstaluj. To jsi všechno zkoušel?

c:\program files\Secunia
c:\program files\AVG
c:\program files\Panda Security
c:\program files\Sunbelt Software
c:\program files\Norton Security Scan
c:\program files\ESET

jj mam ZoneALarm 9 FREE a antivir mam jen 1 ..a to Aviru ..vsechny jsem postupne otestoval.ale jen Avira se mi zalibila a nechal jsem ji. Spyware Terminator pouzivam jen obcas s vypnutym rezidentnim stitem ..a nespousti se mi po startu pc.Jinak problem se siti jsem uz vyresil ikdyz ikona se stale nacte az po nekolika minutach.

http://www.virustotal.com/cs/analisis/0 ... 1278104266
http://www.virustotal.com/cs/analisis/8 ... 1278105300
http://www.virustotal.com/cs/analisis/5 ... 1278104340
http://www.virustotal.com/cs/analisis/7 ... 1278104429
http://www.virustotal.com/cs/analisis/3 ... 1278105318
http://www.virustotal.com/cs/analisis/3 ... 1278105442

ostatní jsem nenasel

Když jsi dělal HJT, tak jsi měl Terminátora zapnutého?
Takže Ti mám ponechat pouze Aviru a ZA a zbytek můžu smazat?

ee,nemel..
jj jen Aviru a ZA mam zaplou

Tak zkontroluj pořádně ten rezidentní štít u Terminátora, protože podle logu z HJT byl zapnutý.

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka


-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.