Problémy s PC - prosím o kontrolu Vyřešeno

[jarek99]

Prosím o kontrolu logu - PC sotva leze a na internet nedoleze

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:06, on 2.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\EXPERTool\TBPANEL.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 32 missing)
O13 - Gopher Prefix:
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

--
End of file - 5646 bytes

Děkuji za rady a pomoc!

[Reklama]

[jaro3]

Najdi a smaž:
C:\Windows\System32\appdrvrem01.exe
Odinstaluj:
ICQToolBar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 32 missing)
O13 - Gopher Prefix:
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[jarek99]

Nepodařilo se fixnout:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 32 missing)
O13 - Gopher Prefix:
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology -

Zde je log
Malwarebytes' Anti-Malware 1.34
Verze databáze: 1749
Windows 6.0.6001 Service Pack 1

2.3.2009 23:03:34
mbam-log-2009-03-02 (23-02-07).txt

Typ skenu: Rychlý sken
Objektu skenováno: 52712
Uplynulý cas: 1 minute(s), 23 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\systems.txt (Trojan.Vundo) -> No action taken.
C:\Windows\logo1_.exe (Worm.Viking) -> No action taken.
Děkuji za další rady!

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Pokud máš 32 bitovou verzi win, postupuj takto:
vypni rez. ochranu u Avastu.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[jarek99]

Avast nešel ukončit ani ve Správci úloh. Běžel jen jeden proces.
Zde jsou oba logy:
Malwarebytes' Anti-Malware 1.34
Verze databáze: 1749
Windows 6.0.6001 Service Pack 1

3.3.2009 13:28:16
mbam-log-2009-03-03 (13-28-16).txt

Typ skenu: Rychlý sken
Objektu skenováno: 52621
Uplynulý cas: 1 minute(s), 15 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Další:
ComboFix 09-03-02.03 - jarek 2009-03-03 13:37:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.2046.1329 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com
E:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-02 22:46 . 2009-03-02 22:46 <DIR> d-------- c:\users\jarek\AppData\Roaming\Malwarebytes
2009-03-02 22:46 . 2009-03-02 22:46 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-02 22:46 . 2009-03-02 22:46 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-02 22:46 . 2009-03-02 22:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 22:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-02 22:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:38 . 2009-03-02 18:38 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 17:20 . 2009-03-02 17:20 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-02 13:14 . 2009-03-02 13:14 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-03-02 13:14 . 2009-03-02 13:14 <DIR> d-------- c:\programdata\WindowsSearch
2009-02-24 20:39 . 2009-03-02 01:00 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-24 20:15 . 2008-01-21 03:24 163,840 --a------ c:\windows\System32\T.COM
2009-02-24 20:15 . 2008-01-21 03:24 134,656 --a------ c:\windows\R.COM
2009-02-24 19:50 . 2009-02-23 22:38 626,688 --a------ c:\windows\System32\msvcr80.dll
2009-02-24 19:50 . 2009-02-23 22:38 548,864 --a------ c:\windows\System32\msvcp80.dll
2009-02-24 19:50 . 2009-02-24 19:50 28,672 --a------ c:\windows\System32\eEmpty.exe
2009-02-24 19:50 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2009-02-15 22:37 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-15 22:37 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-15 22:37 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-15 22:37 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-15 22:37 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-15 22:37 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-15 22:37 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-15 22:37 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-15 22:33 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-15 22:33 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-15 22:33 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-15 22:33 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-15 22:33 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-15 10:25 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 10:25 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 10:25 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 10:25 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 10:25 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 10:20 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 10:20 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 12:18 16,608 ----a-w c:\windows\gdrv.sys
2009-03-02 17:12 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-02 16:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-02 12:02 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-02 00:01 --------- d-----w c:\programdata\Lavasoft
2009-03-01 14:06 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-24 18:50 --------- d-----w c:\programdata\Kaspersky SDK
2009-02-15 21:54 --------- d-----w c:\program files\Windows Mail
2009-02-14 16:25 --------- d-----w c:\users\jarek\AppData\Roaming\Hamachi
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-02-02 13:30 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-17 20:09 --------- d-----w c:\users\jarek\AppData\Roaming\ICQ
2009-01-05 19:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 19:44 --------- d-----w c:\program files\Electronic Arts
2009-01-05 19:43 2,498 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-05 15:15 --------- d-----w c:\program files\EA SPORTS
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-08-20 2177576]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-20 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-20 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-370977081-628982516-4054219225-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{810FBBB9-C3E0-4C50-AC2C-5B05DED20E8F}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{84C2D467-76AB-40D6-ACFC-BD8DCBBE4757}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{8B0200E6-AD02-449A-BA75-4975F7FE6019}"= UDP:c:\program files\Lavasoft\Ad-Aware\Ad-Aware.exe:Ad-Aware
"{2CB0D1ED-AFFB-47A1-9C64-92FAD7A6997C}"= TCP:c:\program files\Lavasoft\Ad-Aware\Ad-Aware.exe:Ad-Aware
"{29740BB2-1FB5-4E30-BB9C-E482A0A64305}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{0FC8FB34-9CDB-4B47-A323-DF64E49D119F}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"TCP Query User{15671F42-8E71-4DF0-836D-F85B626579DD}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{726CC0D6-8C01-400E-844D-95572420084D}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{12A6D147-3F67-48DD-BF39-E33B42FA062F}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{B6BAEB19-A901-4455-80EC-1D98079592A8}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"TCP Query User{2BF4D3C3-73F1-4967-B14D-A8A50EB6D9C4}d:\\hry\\fifa08.exe"= UDP:d:\hry\fifa08.exe:FIFA08
"UDP Query User{5979E30D-FDDF-4901-8CFF-87DC8B79CA70}d:\\hry\\fifa08.exe"= TCP:d:\hry\fifa08.exe:FIFA08
"TCP Query User{E0175152-12E3-41C4-BFD0-222E9DBAD8D8}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7866E5E6-7C5D-41FB-AA74-059F64DBE2AD}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{07807B50-E624-42C7-9AFC-3F2C133C7E08}"= UDP:d:\hry\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{4EB8CB58-4789-4F41-8D8A-5F28FD2EED92}"= TCP:d:\hry\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{EAAA306A-58B2-4B26-9B6B-FEF6CC5B5C17}d:\\fifa 08\\fifa08.exe"= UDP:d:\fifa 08\fifa08.exe:FIFA08
"UDP Query User{F221E8E8-228D-4072-BBE2-8B748FAFB996}d:\\fifa 08\\fifa08.exe"= TCP:d:\fifa 08\fifa08.exe:FIFA08
"TCP Query User{0020F726-EF27-4BC5-978E-EDC3656CE056}c:\\users\\jarek\\appdata\\local\\temp\\rar$ex66.216\\crack\\pes2009.exe"= UDP:c:\users\jarek\appdata\local\temp\rar$ex66.216\crack\pes2009.exe:pes2009.exe
"UDP Query User{BDE32343-341E-43E8-862F-862C8C09C899}c:\\users\\jarek\\appdata\\local\\temp\\rar$ex66.216\\crack\\pes2009.exe"= TCP:c:\users\jarek\appdata\local\temp\rar$ex66.216\crack\pes2009.exe:pes2009.exe
"TCP Query User{9216D88D-72F9-4200-8273-807829AC75A0}c:\\users\\jarek\\desktop\\pes2009.exe"= UDP:c:\users\jarek\desktop\pes2009.exe:pes2009.exe
"UDP Query User{2448F05F-B854-4C8E-ADF1-E1E0D0D597FC}c:\\users\\jarek\\desktop\\pes2009.exe"= TCP:c:\users\jarek\desktop\pes2009.exe:pes2009.exe
"TCP Query User{080A3A25-CB87-4A42-9320-31DC1C80279A}d:\\fifa 09\\fifa09.exe"= UDP:d:\fifa 09\fifa09.exe:FIFA09
"UDP Query User{6CD7977C-402C-496A-BFEA-41D1B40C4E58}d:\\fifa 09\\fifa09.exe"= TCP:d:\fifa 09\fifa09.exe:FIFA09
"TCP Query User{0A8E5792-72C7-430B-A8FE-288A4A0F13DA}d:\\nhl 09\\nhl2009 medicina\\nhl2009.exe"= UDP:d:\nhl 09\nhl2009 medicina\nhl2009.exe:nhl2009
"UDP Query User{46F30B22-E78E-42E9-99D5-7507E0B9F75D}d:\\nhl 09\\nhl2009 medicina\\nhl2009.exe"= TCP:d:\nhl 09\nhl2009 medicina\nhl2009.exe:nhl2009
"{841C62A6-C270-4219-BCFA-BCCA9FB546B3}"= UDP:d:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{04F9EB76-2FE3-40A7-B41F-76BD0356134F}"= TCP:d:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{F67903B6-24D4-459A-AAF0-E95C3A87D479}"= UDP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{6FA5B96A-9185-4547-8D12-42D34DB2B5F8}"= TCP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{BED21155-CEA4-4832-92DE-C24EC0164C72}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{ADAC4429-A088-4038-94D9-811B2C159642}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{76ACE8DA-0DF8-4885-9B6B-7A5EC7EDF3B3}"= UDP:d:\program files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{984A4FCB-7017-4616-AF67-FD35851527D1}"= TCP:d:\program files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"TCP Query User{B999B8CC-FBB1-4AC1-807E-A3BA88288B3E}d:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:d:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{EEAECF56-53BB-4D47-85B4-D820997DF745}d:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:d:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{817DB2A1-86FA-4E1E-9BCA-61A6B66A3D52}d:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:d:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{CCCC7EDD-DCEA-4E2A-833D-C45B0E1F9A0E}d:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:d:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"TCP Query User{8F256883-B064-43C5-BF46-AE4D9E49CC1C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{402A6106-6508-4DE6-910A-2D4EFD648DD0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1F948C03-8F21-4A17-9ABF-085348C2EDE3}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{A409CAE0-7C1D-4D69-887D-0D0341233325}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{8D65890E-AF35-496E-A8F1-23BD839787CA}d:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:d:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{FEF5D2A8-D708-4E31-8168-168836D015D7}d:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:d:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"TCP Query User{F9CB0B3F-48C8-43B3-AB82-45198D28ED2E}d:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:d:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{07694A2A-0BD7-40B8-8BCC-9093F2FB9417}d:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:d:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{C642594D-21AE-455C-93AE-6959207020E9}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{FE72E763-78FE-417D-8ACD-46A05D11DC6F}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library

R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2008-12-25 2911848]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-10-19 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-10-19 72192]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-10-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-10-19 51792]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-10-19 80392]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-02-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-01-11 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jarek\AppData\Roaming\Mozilla\Firefox\Profiles\6zteoa29.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 13:38:40
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-03 13:40:33
ComboFix-quarantined-files.txt 2009-03-03 12:40:31

Před spuštěním: Volných bajtů: 24 461 541 376
Po spuštění: Volných bajtů: 25,054,470,144

187 --- E O F --- 2009-02-27 09:54:33

Díky za Tvůj čas!

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

@echo off
sc stop appdrvrem01
sc delete appdrvrem01
exit

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: FixServices.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Poklepej na soubor FixServices.bat . Okno se otevře a zavře, to je normální.
****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\System32\appdrvrem01.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[jarek99]

Zde jsou logy:
ComboFix 09-03-02.03 - jarek 2009-03-03 16:12:36.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.2046.1348 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
Použité ovládací přepínače :: c:\users\jarek\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-02 22:46 . 2009-03-02 22:46 <DIR> d-------- c:\users\jarek\AppData\Roaming\Malwarebytes
2009-03-02 22:46 . 2009-03-02 22:46 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-02 22:46 . 2009-03-02 22:46 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-02 22:46 . 2009-03-02 22:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 22:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-02 22:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:38 . 2009-03-02 18:38 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 17:20 . 2009-03-02 17:20 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-02 13:14 . 2009-03-02 13:14 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-03-02 13:14 . 2009-03-02 13:14 <DIR> d-------- c:\programdata\WindowsSearch
2009-02-24 20:39 . 2009-03-02 01:00 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-24 20:15 . 2008-01-21 03:24 163,840 --a------ c:\windows\System32\T.COM
2009-02-24 20:15 . 2008-01-21 03:24 134,656 --a------ c:\windows\R.COM
2009-02-24 19:50 . 2009-02-23 22:38 626,688 --a------ c:\windows\System32\msvcr80.dll
2009-02-24 19:50 . 2009-02-23 22:38 548,864 --a------ c:\windows\System32\msvcp80.dll
2009-02-24 19:50 . 2009-02-24 19:50 28,672 --a------ c:\windows\System32\eEmpty.exe
2009-02-24 19:50 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2009-02-15 22:37 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-15 22:37 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-15 22:37 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-15 22:37 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-15 22:37 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-15 22:37 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-15 22:37 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-15 22:37 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-15 22:33 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-15 22:33 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-15 22:33 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-15 22:33 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-15 22:33 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-15 10:25 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 10:25 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 10:25 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 10:25 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 10:25 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 10:20 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 10:20 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 14:23 16,608 ----a-w c:\windows\gdrv.sys
2009-03-03 14:14 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-03 14:07 --------- d-----w c:\program files\Common Files\LightScribe
2009-03-02 12:02 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-02 00:01 --------- d-----w c:\programdata\Lavasoft
2009-03-01 14:06 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-24 18:50 --------- d-----w c:\programdata\Kaspersky SDK
2009-02-15 21:54 --------- d-----w c:\program files\Windows Mail
2009-02-14 16:25 --------- d-----w c:\users\jarek\AppData\Roaming\Hamachi
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-02-02 13:30 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-17 20:09 --------- d-----w c:\users\jarek\AppData\Roaming\ICQ
2009-01-05 19:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 19:44 --------- d-----w c:\program files\Electronic Arts
2009-01-05 19:43 2,498 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-05 15:15 --------- d-----w c:\program files\EA SPORTS
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-03-03_13.38.52,11 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-03 12:38:39 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-03 14:24:54 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-03 12:38:34 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-03 14:24:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-03 14:24:48 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-03 12:22:37 114,786 ----a-w c:\windows\System32\perfc005.dat
+ 2009-03-03 15:11:18 114,786 ----a-w c:\windows\System32\perfc005.dat
- 2009-03-03 12:22:37 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-03 15:11:18 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-03 12:22:37 598,594 ----a-w c:\windows\System32\perfh005.dat
+ 2009-03-03 15:11:18 598,594 ----a-w c:\windows\System32\perfh005.dat
- 2009-03-03 12:22:37 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-03 15:11:18 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-03 12:19:51 7,330 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-370977081-628982516-4054219225-1000_UserData.bin
+ 2009-03-03 14:25:13 7,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-370977081-628982516-4054219225-1000_UserData.bin
- 2009-03-03 12:19:51 66,396 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-03 14:25:13 66,618 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-03 12:19:51 35,260 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-03 14:25:13 35,556 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-08-20 2177576]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-20 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-20 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-370977081-628982516-4054219225-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{810FBBB9-C3E0-4C50-AC2C-5B05DED20E8F}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{84C2D467-76AB-40D6-ACFC-BD8DCBBE4757}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{8B0200E6-AD02-449A-BA75-4975F7FE6019}"= UDP:c:\program files\Lavasoft\Ad-Aware\Ad-Aware.exe:Ad-Aware
"{2CB0D1ED-AFFB-47A1-9C64-92FAD7A6997C}"= TCP:c:\program files\Lavasoft\Ad-Aware\Ad-Aware.exe:Ad-Aware
"{29740BB2-1FB5-4E30-BB9C-E482A0A64305}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{0FC8FB34-9CDB-4B47-A323-DF64E49D119F}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"TCP Query User{15671F42-8E71-4DF0-836D-F85B626579DD}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{726CC0D6-8C01-400E-844D-95572420084D}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{12A6D147-3F67-48DD-BF39-E33B42FA062F}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{B6BAEB19-A901-4455-80EC-1D98079592A8}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"TCP Query User{2BF4D3C3-73F1-4967-B14D-A8A50EB6D9C4}d:\\hry\\fifa08.exe"= UDP:d:\hry\fifa08.exe:FIFA08
"UDP Query User{5979E30D-FDDF-4901-8CFF-87DC8B79CA70}d:\\hry\\fifa08.exe"= TCP:d:\hry\fifa08.exe:FIFA08
"TCP Query User{E0175152-12E3-41C4-BFD0-222E9DBAD8D8}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7866E5E6-7C5D-41FB-AA74-059F64DBE2AD}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{07807B50-E624-42C7-9AFC-3F2C133C7E08}"= UDP:d:\hry\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{4EB8CB58-4789-4F41-8D8A-5F28FD2EED92}"= TCP:d:\hry\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{EAAA306A-58B2-4B26-9B6B-FEF6CC5B5C17}d:\\fifa 08\\fifa08.exe"= UDP:d:\fifa 08\fifa08.exe:FIFA08
"UDP Query User{F221E8E8-228D-4072-BBE2-8B748FAFB996}d:\\fifa 08\\fifa08.exe"= TCP:d:\fifa 08\fifa08.exe:FIFA08
"TCP Query User{0020F726-EF27-4BC5-978E-EDC3656CE056}c:\\users\\jarek\\appdata\\local\\temp\\rar$ex66.216\\crack\\pes2009.exe"= UDP:c:\users\jarek\appdata\local\temp\rar$ex66.216\crack\pes2009.exe:pes2009.exe
"UDP Query User{BDE32343-341E-43E8-862F-862C8C09C899}c:\\users\\jarek\\appdata\\local\\temp\\rar$ex66.216\\crack\\pes2009.exe"= TCP:c:\users\jarek\appdata\local\temp\rar$ex66.216\crack\pes2009.exe:pes2009.exe
"TCP Query User{9216D88D-72F9-4200-8273-807829AC75A0}c:\\users\\jarek\\desktop\\pes2009.exe"= UDP:c:\users\jarek\desktop\pes2009.exe:pes2009.exe
"UDP Query User{2448F05F-B854-4C8E-ADF1-E1E0D0D597FC}c:\\users\\jarek\\desktop\\pes2009.exe"= TCP:c:\users\jarek\desktop\pes2009.exe:pes2009.exe
"TCP Query User{080A3A25-CB87-4A42-9320-31DC1C80279A}d:\\fifa 09\\fifa09.exe"= UDP:d:\fifa 09\fifa09.exe:FIFA09
"UDP Query User{6CD7977C-402C-496A-BFEA-41D1B40C4E58}d:\\fifa 09\\fifa09.exe"= TCP:d:\fifa 09\fifa09.exe:FIFA09
"TCP Query User{0A8E5792-72C7-430B-A8FE-288A4A0F13DA}d:\\nhl 09\\nhl2009 medicina\\nhl2009.exe"= UDP:d:\nhl 09\nhl2009 medicina\nhl2009.exe:nhl2009
"UDP Query User{46F30B22-E78E-42E9-99D5-7507E0B9F75D}d:\\nhl 09\\nhl2009 medicina\\nhl2009.exe"= TCP:d:\nhl 09\nhl2009 medicina\nhl2009.exe:nhl2009
"{841C62A6-C270-4219-BCFA-BCCA9FB546B3}"= UDP:d:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{04F9EB76-2FE3-40A7-B41F-76BD0356134F}"= TCP:d:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{F67903B6-24D4-459A-AAF0-E95C3A87D479}"= UDP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{6FA5B96A-9185-4547-8D12-42D34DB2B5F8}"= TCP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{BED21155-CEA4-4832-92DE-C24EC0164C72}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{ADAC4429-A088-4038-94D9-811B2C159642}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{76ACE8DA-0DF8-4885-9B6B-7A5EC7EDF3B3}"= UDP:d:\program files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{984A4FCB-7017-4616-AF67-FD35851527D1}"= TCP:d:\program files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"TCP Query User{B999B8CC-FBB1-4AC1-807E-A3BA88288B3E}d:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:d:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{EEAECF56-53BB-4D47-85B4-D820997DF745}d:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:d:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{817DB2A1-86FA-4E1E-9BCA-61A6B66A3D52}d:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:d:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{CCCC7EDD-DCEA-4E2A-833D-C45B0E1F9A0E}d:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:d:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"TCP Query User{8F256883-B064-43C5-BF46-AE4D9E49CC1C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{402A6106-6508-4DE6-910A-2D4EFD648DD0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1F948C03-8F21-4A17-9ABF-085348C2EDE3}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{A409CAE0-7C1D-4D69-887D-0D0341233325}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{8D65890E-AF35-496E-A8F1-23BD839787CA}d:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:d:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{FEF5D2A8-D708-4E31-8168-168836D015D7}d:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:d:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"TCP Query User{F9CB0B3F-48C8-43B3-AB82-45198D28ED2E}d:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:d:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{07694A2A-0BD7-40B8-8BCC-9093F2FB9417}d:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:d:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"TCP Query User{C642594D-21AE-455C-93AE-6959207020E9}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{FE72E763-78FE-417D-8ACD-46A05D11DC6F}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library

R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2008-12-25 2911848]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-10-19 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-10-19 72192]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-10-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-10-19 51792]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-10-19 80392]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-01-11 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jarek\AppData\Roaming\Mozilla\Firefox\Profiles\6zteoa29.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 16:14:20
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-03 16:16:13
ComboFix-quarantined-files.txt 2009-03-03 15:16:11
ComboFix2.txt 2009-03-03 12:40:34

Před spuštěním: Volných bajtů: 25 406 566 400
Po spuštění: Volných bajtů: 25,061,814,272

200 --- E O F --- 2009-02-27 09:54:33

A Hijackths
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:06, on 2.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\EXPERTool\TBPANEL.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 32 missing)
O13 - Gopher Prefix:
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

--
End of file - 5646 bytes
Díky!

[jaro3]

Nějak to nemaže..
Stahni si Avanger
do něj podle navodu:
zadej prikaz z kodu:

Kód: Vybrat vše

Files to delete:
c:\windows\System32\appdrvrem01.exe

po restartu log z avengeru
***************************************************************************************************************************************
START-spustit-napiš= cmd.exe -dej OK- v dosovém okně vlož myší na blikající kurzor toto(celé modře zbarvené):

sc stop appdrvrem01
sc delete appdrvrem01
exit
Restart PC.
****************************************************************************************************************************************
Pak sem vlož nový log z HJT.Máš staré datun, odinstaluj HJt, smaž, stáhni nový a dej sem nový log.

[jarek99]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\System32\appdrvrem01.exe" not found!
Deletion of file "c:\windows\System32\appdrvrem01.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:06, on 2.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\EXPERTool\TBPANEL.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 32 missing)
O13 - Gopher Prefix:
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

--
End of file - 5646 bytes

Ty potvory se brání zuby nehty!

[jaro3]

Podle mě už tam není, zkus sem dát nový log , tohle je pořád včerejší datum logu, odinstaluj HJT, stáhni nový , udělej nový sken a vlož sem log.

[jarek99]

Nový log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:56, on 3.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 32 missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

--
End of file - 3258 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O10 - Broken Internet access because of LSP chain gap (#2 in chain of 32 missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Vše.