Kontrola logu. Předem díky. Vyřešeno

[Roztog]

Ok napred v cem je problem. Zaprve se mi casto hrozne pomalu nacitaj webovy stranky, jako bych byl na dial-upu, pritom download i upload bezi normalne na 16 Mbitech, kdyz to kontroluju treba na www.dsl.cz.

A taky kdyz vyplnuju ve Firefoxu nejaky kolonky (Nejcastejs hesla) obcas se mi samo od sebe oznaci, co uz jsem napsal. A neni to preklep na home, muzu psat klidne stejnou klavesu ale po 1-2 vetrinach se to stane stejne.
Posilam logy z HJT i MbAM.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:56, on 18.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programy\Avast4\aswUpdSv.exe
C:\Programy\Ad-Aware\AAWService.exe
C:\Programy\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programy\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programy\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programy\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Programy\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programy\Xfire\xfire.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programy\Avast4\ashMaiSv.exe
C:\Programy\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programy\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programy\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programy\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Programy\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programy\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: &Clean Traces - C:\Programy\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programy\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programy\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programy\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7171 bytes


MbAM log :
Malwarebytes' Anti-Malware 1.33
Verze databáze: 1682
Windows 5.1.2600 Service Pack 3

18.3.2009 19:58:35
mbam-log-2009-03-18 (19-58-35).txt

Typ skenu: Rychlý sken
Objektu skenováno: 59270
Uplynulý cas: 4 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Reklama]

[jaro3]

Vypni rez. ochranu u Avastu+ deaktivuj Spybot+Kerio

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Zítra.

[Roztog]

ComboFix 09-03-15.01 - Mozek 2009-03-18 22:12:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.3070.2462 [GMT 1:00]
Spuštěný z: c:\programy\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090317-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-18 do 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-17 18:26 . 2009-03-17 18:26 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\DAEMON Tools
2009-03-17 18:25 . 2009-03-17 18:26 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\DAEMON Tools Lite
2009-03-17 18:25 . 2009-03-17 18:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-17 18:22 . 2009-03-17 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2009-03-17 18:18 . 2009-03-17 18:26 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\DAEMON Tools Pro
2009-03-17 17:49 . 2009-03-17 17:49 <DIR> dr-h----- c:\documents and settings\Mozek\Data aplikací\SecuROM
2009-03-16 15:54 . 2009-03-16 15:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Fallout3
2009-03-16 15:52 . 2009-03-16 15:52 <DIR> d-------- c:\windows\system32\xlive
2009-03-14 20:20 . 2009-03-14 20:20 <DIR> d-------- c:\program files\Apple Software Update
2009-03-14 20:20 . 2009-03-14 20:20 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple
2009-03-12 08:48 . 2009-03-12 08:48 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\MixMeister Technology
2009-03-02 00:01 . 2009-03-02 07:50 <DIR> d-------- c:\windows\NV27162988.TMP
2009-02-26 19:46 . 2009-02-26 19:46 42,320 --a------ c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 21:15 --------- d-----w c:\documents and settings\Mozek\Data aplikací\uTorrent
2009-03-18 20:44 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-03-17 17:18 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-17 17:06 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Xfire
2009-03-16 14:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 19:21 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-03-09 21:05 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-09 16:37 --------- d-----w c:\documents and settings\Mozek\Data aplikací\gtk-2.0
2009-03-09 10:18 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-01 23:04 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-01 23:03 --------- d-----w c:\program files\AGEIA Technologies
2009-02-26 06:46 1,829,255 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-02-14 16:44 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Spore
2009-02-05 09:54 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-31 13:42 27,352 ----a-w c:\documents and settings\Mozek\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-25 23:03 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-01-25 23:02 --------- dc-h--w c:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-25 23:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-01-25 13:18 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Moyea
2009-01-23 17:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-23 13:27 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Malwarebytes
2009-01-23 13:26 --------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-22 14:28 --------- d-----w c:\program files\Sierra On-Line
2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2009-01-08 18:26 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-19 15:15 4,338,246 ----a-w c:\windows\system32\libavcodec.dll
2008-04-23 16:06 22,328 ----a-w c:\documents and settings\Mozek\Data aplikací\PnkBstrK.sys
2003-12-18 10:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 06:46 10,960 ----a-w c:\program files\EULA.txt
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-08-14 267056]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ICQ"="c:\programy\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"avast!"="c:\programy\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\programy\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"Ad-Watch"="c:\programy\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"QuickTime Task"="c:\programy\QuickTime\QTTask.exe" [2009-01-05 413696]
"DAEMON Tools"="c:\programy\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Mozek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - c:\programy\Xfire\xfire.exe [2009-02-26 3017040]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\programy\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-01-09 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.XFR1"= xfcodec.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\Xfire\\xfire.exe"=
"c:\\Programy\\DAP\\DAP.exe"=
"c:\\ZZZ\\Akce\\Half-Life 2\\hl2.exe"=
"c:\\Programy\\Azureus\\Azureus.exe"=
"c:\\ZZZ\\World of Warcraft\\Repair.exe"=
"c:\\ZZZ\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\ZZZ\\Akce\\Crysis\\Bin32\\Crysis.exe"=
"c:\\ZZZ\\Akce\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\ZZZ\\RPG\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\ZZZ\\Simulace\\NFS - Underground 2\\speed2.exe"=
"c:\\Programy\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Programy\\Tortun\\gui.exe"=
"c:\\ZZZ\\Strategie\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\ZZZ\\Akce\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Programy\\ICQ6.5\\ICQ.exe"=
"c:\\ZZZ\\RPG\\Hellgate London\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28600:TCP"= 28600:TCP:uTorrent
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-14 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-14 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programy\Ad-Aware\AAWService.exe [2009-01-18 951632]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-02-28 16512]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2007-12-20 7808]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2008-07-23 23600]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c251abee-1318-11de-be3f-001d7d95e426}]
\Shell\AutoRun\command - F:\Setup.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-03-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programy\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:02]

2009-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-29 16:47]

2009-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-606747145-839522115-1004.job
- c:\documents and settings\Mozek\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: &Clean Traces - c:\programy\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programy\DAP\dapextie.htm
IE: Download &all with DAP - c:\programy\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mozek\Data aplikací\Mozilla\Firefox\Profiles\jhfql297.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\programy\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\programy\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 22:15:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1644491937-606747145-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2009-03-18 22:17:45
ComboFix-quarantined-files.txt 2009-03-18 21:17:36

Před spuštěním: Volných bajtů: 73 387 282 432
Po spuštění: Volných bajtů: 73,789,313,024

187 --- E O F --- 2009-02-09 06:58:24

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Roztog]

ComboFix 09-03-15.01 - Mozek 2009-03-19 8:06:27.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.3070.2443 [GMT 1:00]
Spuštěný z: c:\programy\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mozek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090318-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-19 do 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-18 22:18 . 2009-03-18 22:18 <DIR> d-------- c:\program files\AskBardis
2009-03-17 18:26 . 2009-03-17 18:26 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\DAEMON Tools
2009-03-17 18:25 . 2009-03-17 18:26 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\DAEMON Tools Lite
2009-03-17 18:25 . 2009-03-17 18:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-17 18:22 . 2009-03-17 18:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2009-03-17 18:18 . 2009-03-17 18:26 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\DAEMON Tools Pro
2009-03-17 17:49 . 2009-03-17 17:49 <DIR> dr-h----- c:\documents and settings\Mozek\Data aplikací\SecuROM
2009-03-16 15:54 . 2009-03-16 15:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Fallout3
2009-03-16 15:52 . 2009-03-16 15:52 <DIR> d-------- c:\windows\system32\xlive
2009-03-14 20:20 . 2009-03-14 20:20 <DIR> d-------- c:\program files\Apple Software Update
2009-03-14 20:20 . 2009-03-14 20:20 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Apple
2009-03-12 08:48 . 2009-03-12 08:48 <DIR> d-------- c:\documents and settings\Mozek\Data aplikací\MixMeister Technology
2009-03-02 00:01 . 2009-03-02 07:50 <DIR> d-------- c:\windows\NV27162988.TMP
2009-02-26 19:46 . 2009-02-26 19:46 42,320 --a------ c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 07:05 --------- d-----w c:\documents and settings\Mozek\Data aplikací\uTorrent
2009-03-18 21:31 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-18 20:44 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-03-17 17:18 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-17 17:06 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Xfire
2009-03-16 14:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 19:21 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-03-09 21:05 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-09 16:37 --------- d-----w c:\documents and settings\Mozek\Data aplikací\gtk-2.0
2009-03-09 10:18 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-01 23:04 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-01 23:03 --------- d-----w c:\program files\AGEIA Technologies
2009-02-26 06:46 1,829,255 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-02-14 16:44 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Spore
2009-02-05 09:54 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-31 13:42 27,352 ----a-w c:\documents and settings\Mozek\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-25 23:03 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-01-25 23:02 --------- dc-h--w c:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-25 23:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-01-25 13:18 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Moyea
2009-01-23 17:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-23 13:27 --------- d-----w c:\documents and settings\Mozek\Data aplikací\Malwarebytes
2009-01-23 13:26 --------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-22 14:28 --------- d-----w c:\program files\Sierra On-Line
2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2009-01-08 18:26 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-19 15:15 4,338,246 ----a-w c:\windows\system32\libavcodec.dll
2008-04-23 16:06 22,328 ----a-w c:\documents and settings\Mozek\Data aplikací\PnkBstrK.sys
2003-12-18 10:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 06:46 10,960 ----a-w c:\program files\EULA.txt
.

((((((((((((((((((((((((((((( SnapShot@2009-03-18_22.16.12,50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 06:43:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7b4.dat
+ 2009-03-19 06:42:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7f4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-08-14 267056]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ICQ"="c:\programy\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"avast!"="c:\programy\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\programy\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"Ad-Watch"="c:\programy\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"QuickTime Task"="c:\programy\QuickTime\QTTask.exe" [2009-01-05 413696]
"DAEMON Tools"="c:\programy\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Mozek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - c:\programy\Xfire\xfire.exe [2009-02-26 3017040]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\programy\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-01-09 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.XFR1"= xfcodec.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\Xfire\\xfire.exe"=
"c:\\Programy\\DAP\\DAP.exe"=
"c:\\ZZZ\\Akce\\Half-Life 2\\hl2.exe"=
"c:\\Programy\\Azureus\\Azureus.exe"=
"c:\\ZZZ\\World of Warcraft\\Repair.exe"=
"c:\\ZZZ\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\ZZZ\\Akce\\Crysis\\Bin32\\Crysis.exe"=
"c:\\ZZZ\\Akce\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\ZZZ\\RPG\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\ZZZ\\Simulace\\NFS - Underground 2\\speed2.exe"=
"c:\\Programy\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Programy\\Tortun\\gui.exe"=
"c:\\ZZZ\\Strategie\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\ZZZ\\Akce\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Programy\\ICQ6.5\\ICQ.exe"=
"c:\\ZZZ\\RPG\\Hellgate London\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28600:TCP"= 28600:TCP:uTorrent
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-14 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-14 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programy\Ad-Aware\AAWService.exe [2009-01-18 951632]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-02-28 16512]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2007-12-20 7808]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2008-07-23 23600]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c251abee-1318-11de-be3f-001d7d95e426}]
\Shell\AutoRun\command - F:\Setup.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-03-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programy\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:02]

2009-03-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-29 16:47]

2009-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-606747145-839522115-1004.job
- c:\documents and settings\Mozek\Local Settings\Data aplikac []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: &Clean Traces - c:\programy\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programy\DAP\dapextie.htm
IE: Download &all with DAP - c:\programy\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mozek\Data aplikací\Mozilla\Firefox\Profiles\jhfql297.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\programy\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\programy\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin7.dll

---- NASTAVENÍ FIREFOXU ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 08:08:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1644491937-606747145-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2009-03-19 8:10:39
ComboFix-quarantined-files.txt 2009-03-19 07:10:36
ComboFix2.txt 2009-03-18 21:17:47

Před spuštěním: Volných bajtů: 73 727 672 320
Po spuštění: Volných bajtů: 73,711,550,464

194 --- E O F --- 2009-02-09 06:58:24


_________________________________________________________________________________________________
_________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:17, on 19.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programy\Avast4\aswUpdSv.exe
C:\Programy\Ad-Aware\AAWService.exe
C:\Programy\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programy\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programy\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programy\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Programy\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programy\Xfire\xfire.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programy\Avast4\ashMaiSv.exe
C:\Programy\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programy\Firefox\firefox.exe
C:\Programy\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programy\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programy\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mozek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Programy\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programy\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: &Clean Traces - C:\Programy\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programy\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programy\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programy\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7197 bytes

[jaro3]

Najdi a smaž tuto složku: c:\program files\AskBardis

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\QTTask.exe" -atboottime

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pokud nejsou problémy , je to vše.

[Roztog]

Fajn. Díky za pomoc.