PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:46:22, on 4.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E7AC88-3BD9-4673-A8D9-DA1CFF080C49}: NameServer = 10.10.10.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5149 bytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4387

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

4.11.2010 19:35:16
mbam-log-2010-11-04 (19-35-16).txt

Typ skenu: Rychlý sken
Skenované objekty: 141630
Uplynulý čas: 4 minuta(y), 18 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

FIxni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Tak téměř hotovo, ještě ten ComboFix

ComboFix 10-11-05.01 - Martin 05.11.2010 18:26:42.8.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2047.880 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-05 do 2010-11-05 )))))))))))))))))))))))))))))))
.

2010-11-05 17:32 . 2010-11-05 17:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-11-05 17:32 . 2010-11-05 17:32 -------- d-----w- c:\users\Ostatní\AppData\Local\temp
2010-11-05 17:32 . 2010-11-05 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-05 16:59 . 2010-11-05 17:19 -------- d-----w- c:\users\Martin\DoctorWeb
2010-11-05 07:46 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CD30967-D81A-4188-A55C-23DB865B0ABA}\mpengine.dll
2010-10-31 10:07 . 2010-10-31 10:07 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6
2010-10-31 09:11 . 2010-11-02 16:48 -------- d-----w- c:\program files\SpeedFan
2010-10-28 15:55 . 2010-10-28 15:57 -------- d-----w- c:\program files\The KMPlayer
2010-10-27 10:27 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 10:27 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 10:27 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 10:27 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 10:26 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-24 08:14 . 2010-10-24 08:14 -------- d-----w- c:\users\Ostatní\AppData\Local\NFS Underground 2
2010-10-20 12:47 . 2010-10-20 12:47 -------- d-----w- c:\users\Public\CyberLink
2010-10-20 12:46 . 2010-10-20 12:46 -------- d-----w- c:\users\Martin\AppData\Roaming\CyberLink
2010-10-20 12:46 . 2010-10-20 12:46 -------- d-----w- c:\programdata\CyberLink
2010-10-20 12:44 . 2010-10-20 12:44 -------- d-----w- c:\programdata\SmartSound Software Inc
2010-10-20 12:44 . 2010-10-20 12:44 -------- d-----w- c:\program files\SmartSound Software
2010-10-20 12:42 . 2010-10-20 12:43 -------- d-----w- c:\program files\CyberLink
2010-10-16 09:58 . 2010-10-16 09:58 -------- d-----w- c:\users\Martin\AppData\Roaming\GameRanger
2010-10-15 11:22 . 2010-10-15 11:22 -------- d-----w- c:\program files\Common Files\Skype
2010-10-13 13:49 . 2010-10-13 13:49 -------- d-----w- c:\users\Martin\AppData\Local\Pmcc
2010-10-13 13:49 . 2010-10-13 13:49 -------- d-----w- c:\users\Martin\AppData\Roaming\Pmcc
2010-10-13 13:48 . 2010-10-13 13:48 -------- d-----w- c:\program files\Pmcc
2010-10-08 17:23 . 2010-10-08 17:23 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-08 17:23 . 2010-09-22 09:52 183240 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-10-08 17:23 . 2010-10-08 17:23 -------- d-----w- c:\program files\Soluto
2010-10-08 17:22 . 2010-10-11 13:44 -------- d-----w- c:\programdata\Soluto

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 13:36 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-11-01 13:36 . 2010-06-01 17:00 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-11-01 13:36 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-11-01 13:36 . 2010-06-01 17:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-11-01 13:36 . 2010-06-04 09:55 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-10-30 12:54 . 2010-09-27 14:32 165232 ---ha-w- c:\users\Martin\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-10-20 14:23 . 2010-07-02 09:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-20 14:23 . 2010-07-02 09:01 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-20 14:23 . 2010-07-02 09:01 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-19 09:41 . 2010-05-17 15:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 19:45 . 2010-09-26 19:45 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-26 19:45 . 2010-09-26 19:45 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-25 18:30 . 2010-09-25 18:30 138056 ----a-w- c:\users\Martin\AppData\Roaming\PnkBstrK.sys
2010-09-25 18:27 . 2010-09-25 18:27 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-08-31 22:46 . 2010-09-18 08:23 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-08-31 22:44 . 2010-09-18 08:23 367104 ----a-w- c:\windows\system32\html.iec
2010-08-31 22:44 . 2010-09-18 08:23 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-08-31 22:44 . 2010-09-18 08:22 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-08-31 22:44 . 2010-09-18 08:23 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-08-31 22:43 . 2010-09-18 08:23 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-08-31 22:43 . 2010-09-18 08:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-31 22:43 . 2010-09-18 08:23 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-08-31 22:43 . 2010-09-18 08:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 22:43 . 2010-09-18 08:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 22:42 . 2010-09-18 08:23 51200 ----a-w- c:\windows\system32\admparse.dll
2010-08-31 22:42 . 2010-09-18 08:23 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-08-31 22:42 . 2010-09-18 08:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-08-31 22:42 . 2010-09-18 08:22 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-08-31 22:42 . 2010-09-18 08:22 149504 ----a-w- c:\windows\system32\wextract.exe
2010-08-31 22:42 . 2010-09-18 08:23 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-08-31 22:42 . 2010-09-18 08:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-31 22:42 . 2010-09-18 08:23 11264 ----a-w- c:\windows\system32\mshta.exe
2010-08-31 22:42 . 2010-09-18 08:23 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 22:42 . 2010-09-18 08:23 63488 ----a-w- c:\windows\system32\tdc.ocx
2010-08-31 22:41 . 2010-09-18 08:23 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-27 12:21 . 2010-05-17 17:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-27 09:04 . 2010-08-16 14:35 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-08-27 09:04 . 2010-08-16 14:35 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-08-21 05:32 . 2010-09-15 12:07 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-18 15:10 . 2010-09-26 19:45 809560 ----a-r- c:\windows\system32\tmp9109.tmp
2010-08-18 15:10 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmp90C9.tmp
2010-08-16 12:12 . 2009-06-18 11:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-16 12:12 . 2009-06-18 11:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-16 06:15 . 2010-09-18 08:22 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-08-16 06:14 . 2010-09-18 08:22 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-08-16 06:14 . 2010-09-18 08:22 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-08-16 06:14 . 2010-09-18 08:22 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-08-16 06:14 . 2010-09-18 08:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-11-01 2500552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-16 12:12 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-09-22 183240]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-11-01 236088]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-11-01 30112]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-09-22 330784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - DWPROT
*Deregistered* - Dwsh00000B97
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Načítať použitie &BitSpirit
TCP: {49E7AC88-3BD9-4673-A8D9-DA1CFF080C49} = 10.10.10.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\tsf9vihz.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Martin\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
FF - plugin: c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\tsf9vihz.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Google Update - c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(4808)
c:\windows\System32\guard32.dll

- - - - - - - > 'lsass.exe'(596)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(5700)
c:\windows\system32\guard32.dll
c:\windows\System32\shacct.dll
.
Celkový čas: 2010-11-05 18:34:42
ComboFix-quarantined-files.txt 2010-11-05 17:34

Před spuštěním: Volných bajtů: 47 554 572 288
Po spuštění: Volných bajtů: 47 114 223 616

- - End Of File - - 487100BE1ACC750CAF9836CF980B26FB

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\tmp9109.tmp
c:\windows\system32\tmp90C9.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"EnableLUA"=-
"EnableUIADesktopToggle"=-
"PromptOnSecureDesktop"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

ComboFix 10-11-05.01 - Martin 06.11.2010 12:42:46.9.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2047.1408 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\tmp90C9.tmp"
"c:\windows\system32\tmp9109.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp90C9.tmp
c:\windows\system32\tmp9109.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-06 do 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-06 11:48 . 2010-11-06 12:02 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-11-06 11:48 . 2010-11-06 11:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-11-06 11:48 . 2010-11-06 11:48 -------- d-----w- c:\users\Ostatní\AppData\Local\temp
2010-11-06 11:48 . 2010-11-06 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-05 16:59 . 2010-11-05 17:19 -------- d-----w- c:\users\Martin\DoctorWeb
2010-11-05 07:46 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CD30967-D81A-4188-A55C-23DB865B0ABA}\mpengine.dll
2010-10-31 10:07 . 2010-10-31 10:07 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6
2010-10-31 09:11 . 2010-11-02 16:48 -------- d-----w- c:\program files\SpeedFan
2010-10-28 15:55 . 2010-10-28 15:57 -------- d-----w- c:\program files\The KMPlayer
2010-10-27 10:27 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 10:27 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 10:27 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 10:27 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 10:26 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-24 08:14 . 2010-10-24 08:14 -------- d-----w- c:\users\Ostatní\AppData\Local\NFS Underground 2
2010-10-20 12:47 . 2010-10-20 12:47 -------- d-----w- c:\users\Public\CyberLink
2010-10-20 12:46 . 2010-10-20 12:46 -------- d-----w- c:\users\Martin\AppData\Roaming\CyberLink
2010-10-20 12:46 . 2010-10-20 12:46 -------- d-----w- c:\programdata\CyberLink
2010-10-20 12:44 . 2010-10-20 12:44 -------- d-----w- c:\programdata\SmartSound Software Inc
2010-10-20 12:44 . 2010-10-20 12:44 -------- d-----w- c:\program files\SmartSound Software
2010-10-20 12:42 . 2010-10-20 12:43 -------- d-----w- c:\program files\CyberLink
2010-10-16 09:58 . 2010-10-16 09:58 -------- d-----w- c:\users\Martin\AppData\Roaming\GameRanger
2010-10-15 11:22 . 2010-10-15 11:22 -------- d-----w- c:\program files\Common Files\Skype
2010-10-13 13:49 . 2010-10-13 13:49 -------- d-----w- c:\users\Martin\AppData\Local\Pmcc
2010-10-13 13:49 . 2010-10-13 13:49 -------- d-----w- c:\users\Martin\AppData\Roaming\Pmcc
2010-10-13 13:48 . 2010-10-13 13:48 -------- d-----w- c:\program files\Pmcc
2010-10-08 17:23 . 2010-10-08 17:23 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-08 17:23 . 2010-09-22 09:52 183240 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-10-08 17:23 . 2010-10-08 17:23 -------- d-----w- c:\program files\Soluto
2010-10-08 17:22 . 2010-10-11 13:44 -------- d-----w- c:\programdata\Soluto

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 13:36 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-11-01 13:36 . 2010-06-01 17:00 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-11-01 13:36 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-11-01 13:36 . 2010-06-01 17:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-11-01 13:36 . 2010-06-04 09:55 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-10-30 12:54 . 2010-09-27 14:32 165232 ---ha-w- c:\users\Martin\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-10-20 14:23 . 2010-07-02 09:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-20 14:23 . 2010-07-02 09:01 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-20 14:23 . 2010-07-02 09:01 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-19 09:41 . 2010-05-17 15:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 19:45 . 2010-09-26 19:45 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-26 19:45 . 2010-09-26 19:45 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-25 18:30 . 2010-09-25 18:30 138056 ----a-w- c:\users\Martin\AppData\Roaming\PnkBstrK.sys
2010-09-25 18:27 . 2010-09-25 18:27 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-08-31 22:46 . 2010-09-18 08:23 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-08-31 22:44 . 2010-09-18 08:23 367104 ----a-w- c:\windows\system32\html.iec
2010-08-31 22:44 . 2010-09-18 08:23 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-08-31 22:44 . 2010-09-18 08:22 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-08-31 22:44 . 2010-09-18 08:23 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-08-31 22:43 . 2010-09-18 08:23 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-08-31 22:43 . 2010-09-18 08:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-31 22:43 . 2010-09-18 08:23 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-08-31 22:43 . 2010-09-18 08:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 22:43 . 2010-09-18 08:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 22:42 . 2010-09-18 08:23 51200 ----a-w- c:\windows\system32\admparse.dll
2010-08-31 22:42 . 2010-09-18 08:23 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-08-31 22:42 . 2010-09-18 08:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-08-31 22:42 . 2010-09-18 08:22 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-08-31 22:42 . 2010-09-18 08:22 149504 ----a-w- c:\windows\system32\wextract.exe
2010-08-31 22:42 . 2010-09-18 08:23 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-08-31 22:42 . 2010-09-18 08:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-31 22:42 . 2010-09-18 08:23 11264 ----a-w- c:\windows\system32\mshta.exe
2010-08-31 22:42 . 2010-09-18 08:23 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 22:42 . 2010-09-18 08:23 63488 ----a-w- c:\windows\system32\tdc.ocx
2010-08-31 22:41 . 2010-09-18 08:23 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-27 12:21 . 2010-05-17 17:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-27 09:04 . 2010-08-16 14:35 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-08-27 09:04 . 2010-08-16 14:35 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-08-21 05:32 . 2010-09-15 12:07 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 12:12 . 2009-06-18 11:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-16 12:12 . 2009-06-18 11:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-16 06:15 . 2010-09-18 08:22 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-08-16 06:14 . 2010-09-18 08:22 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-08-16 06:14 . 2010-09-18 08:22 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-08-16 06:14 . 2010-09-18 08:22 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-08-16 06:14 . 2010-09-18 08:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-11-01 2500552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-16 12:12 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-09-22 183240]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-11-01 236088]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-11-01 30112]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-09-22 330784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Načítať použitie &BitSpirit
TCP: {49E7AC88-3BD9-4673-A8D9-DA1CFF080C49} = 10.10.10.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\tsf9vihz.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Martin\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
FF - plugin: c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\tsf9vihz.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(4012)
c:\windows\system32\guard32.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\taskhost.exe
c:\program files\Soluto\soluto.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2010-11-06 13:03:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-06 12:03
ComboFix2.txt 2010-11-05 17:34

Před spuštěním: Volných bajtů: 47 073 378 304
Po spuštění: Volných bajtů: 46 946 516 992

- - End Of File - - 7504DF27E9BCA2703C5A039012DED51D

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ HJT

Nějaké problémy?

Uplně jsem na to zapomněl..

CCleaner - hotovo
T-Cleaner - NOD mi hlásil vir
HJT - hned bude

Proto jsem tam psal tu poznámku, že máš antivir vypnout. ESET v tom výčtu chybí, ale týká se jej to taky

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:12, on 8.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\IM\QIP Infium bz™Pack\inf.exe
C:\Windows\Explorer.exe
C:\Users\Martin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E7AC88-3BD9-4673-A8D9-DA1CFF080C49}: NameServer = 10.10.10.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4929 bytes

Bez problémů..

T-Cleaner - mám strašně malý CMD, takže nevidím, nepřečtu co mám mačkat ..

fixni:
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

jinak ok. Nejde ten CMD roztáhnout? Jinak se tam mačká jen "y" a enter

Nejde roztáhnout..

PC-HELP.CZ

Prosím o preventivní kontrolu logu, díky

Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky

Re: Prosím o preventivní kontrolu logu, díky