Kontrola logu z HJT - díky!!!

[timtom]

Čau, koukněte na můj log...........snažím se fixnout 04 Startup: Obsah aplikace OneNote.onetoc2 a O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) ale kdykoliv znova udělám sken tak je to tam znova a taky log se liší od toho co vyexpeduje samotný program HJT.......takže to moc nechápu tak tady je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:12, on 28.5.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer- online na síti
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Obsah aplikace OneNote.onetoc2
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6338 bytes


+ dalším x problémů..............jedu pod win vista HP

[Reklama]

[jaro3]

Toto jsi tam dával sám:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer- online na síti
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
??

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[timtom]

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2191
Windows 6.0.6001 Service Pack 1

29.5.2009 20:50:08
mbam-log-2009-05-29 (20-50-08).txt

Typ skenu: Rychlý sken
Objektu skenováno: 71906
Uplynulý cas: 5 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Na něco jsem se ptal..

Vypni rez. ochranu u McAfee.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[timtom]

Tak tohle je pro mě španělská vesnice:


ComboFix 09-05-28.09 - Tomáš 29.05.2009 23:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.1761 [GMT 2:00]
Spuštěný z: c:\users\Tomáš\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Helper
c:\program files\Helper\files.dll
c:\program files\Helper\funkce.dll
c:\program files\Helper\Helper.exe
c:\program files\Helper\characters.dia
c:\program files\Helper\charakters.dll
c:\program files\Helper\lang.czech.dll
c:\program files\Helper\lang.english.dll
c:\program files\Helper\licence-czech.txt
c:\program files\Helper\licence-english.txt
c:\program files\Helper\napovedaH5.chm
c:\program files\Helper\rtl90.bpl
c:\program files\Helper\unins000.dat
c:\program files\Helper\unins000.exe
c:\windows\emMON.exe
c:\windows\system32\net32gdilib.dll
c:\windows\system32\uxtuneup.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-28 do 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-29 03:49 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-29 03:49 . 2009-05-29 03:49 -------- d-----w c:\programdata\Malwarebytes
2009-05-29 03:49 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-29 03:49 . 2009-05-29 03:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-28 21:32 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{38ABFD13-754F-4285-B8E6-CCF9660468A0}\mpengine.dll
2009-05-20 20:05 . 2000-09-13 04:14 155648 ----a-w c:\windows\system32\Sde50.dll
2009-05-20 20:05 . 2000-09-13 03:14 266240 ----a-w c:\windows\system32\SdeNsx50.dll
2009-05-20 20:05 . 2009-05-23 17:01 -------- d-----w c:\program files\Windows Lotto Pro 2000
2009-05-18 22:47 . 2005-06-15 01:00 102400 ----a-w c:\windows\system32\tsccvid.dll
2009-04-29 21:54 . 2009-04-29 21:54 249856 ------w c:\windows\Setup1.exe
2009-04-29 21:54 . 2009-04-29 21:54 73216 ----a-w c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 21:25 . 2008-08-29 21:08 12 ----a-w c:\windows\bthservsdp.dat
2009-05-28 21:58 . 2009-01-17 15:38 -------- d-----w c:\program files\AxBx
2009-05-14 11:09 . 2008-01-21 06:46 598832 ----a-w c:\windows\system32\perfh005.dat
2009-05-14 11:09 . 2008-01-21 06:46 114992 ----a-w c:\windows\system32\perfc005.dat
2009-05-13 23:44 . 2008-05-23 00:10 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 23:41 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-28 23:36 . 2008-05-23 00:12 -------- d-----w c:\program files\Microsoft Works
2009-04-26 23:43 . 2008-12-09 10:31 -------- d-----w c:\program files\PSPad editor
2009-04-26 23:43 . 2008-11-07 16:53 -------- d-----w c:\program files\Common Files\Skype
2009-04-26 23:43 . 2008-10-25 14:04 -------- d-----w c:\program files\Glary Utilities
2009-04-26 23:43 . 2008-05-22 23:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 23:43 . 2008-08-29 19:13 -------- d-----w c:\program files\Acer Arcade Deluxe
2009-04-26 23:14 . 2009-04-26 21:12 -------- d-----w c:\programdata\Cyberlink
2009-04-26 22:47 . 2008-12-09 10:27 -------- d-----w c:\program files\PhotoFiltre
2009-04-21 00:03 . 2009-04-21 00:03 -------- d-----w c:\programdata\TuneUp Software
2009-04-18 07:10 . 2008-05-22 23:38 -------- d-----w c:\program files\McAfee
2009-04-14 17:00 . 2009-04-14 17:00 0 ----a-w c:\windows\system32\cid_store.dat
2009-04-14 14:01 . 2009-04-14 14:01 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-13 22:25 . 2008-12-08 15:30 -------- d-----w c:\program files\Nvu
2009-04-13 22:13 . 2008-11-09 18:59 -------- d-----w c:\program files\Download Express
2009-04-13 17:35 . 2008-10-17 23:13 -------- d-----w c:\program files\Java
2009-04-12 21:22 . 2009-04-12 21:22 53319 ----a-w c:\programdata\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-03-25 09:06 . 2008-05-22 23:39 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2008-05-22 23:39 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2008-05-22 23:39 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2008-05-22 23:39 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2008-05-22 23:39 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-17 03:38 . 2009-04-14 22:27 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 22:27 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 21:38 . 2009-03-16 21:38 514888 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-03-09 03:19 . 2009-03-16 10:22 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-14 22:27 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 22:27 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 22:26 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-14 22:27 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 22:27 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 22:27 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 22:26 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 22:27 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 22:27 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-14 22:27 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 22:27 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 22:27 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-14 22:26 26624 ----a-w c:\windows\system32\ieUnatt.exe
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w c:\windows\system\WININETICMP32.drv
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CLMLServer"=c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
"PlayMovie"=c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
"ArcadeDeluxeAgent"=c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"eAudio"=c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Adobe Reader Speed Launcher"=c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15493902-0C51-44E8-A79C-2BC9691AB388}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{EC27F063-0D1A-438F-8417-199241214037}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{12403BD6-BE87-4C5D-BEF2-9D090E1B7753}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{23166721-7468-4825-9440-4220A9BD7A11}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{826D1C5C-5A8F-4099-B488-B4523DDB6506}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{171DCE68-FD3F-42D2-B9D2-BEF3BAC06F8E}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{F22A0724-3588-4FF5-8D0A-61577CD9CB99}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{D01E26A1-FB1D-4382-8857-B14A15EF7464}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{56DFE564-7E75-4452-8A87-A655349AA8FF}c:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= UDP:c:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:splintercell3
"UDP Query User{86D44923-3877-4CB5-BA67-FE7A91FD845C}c:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= TCP:c:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:splintercell3
"TCP Query User{9A85BAFC-3168-4571-BF5E-BDEF6D6CCA0C}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{3795FF06-07B2-4E7C-82C3-5224B9BA59EA}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{AE406021-7F6A-4DCB-8591-2CBA1D18B611}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{3738A58C-A37E-4F7E-B317-481E00E57C65}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{CFF541CD-3BC0-4472-9CDE-958EF34BA6B3}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{DFA163F9-5F86-4E7E-84D6-AF9ABBA116C5}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"{5166A5AE-BF92-40ED-AE9D-4D02EAE6B4E3}"= c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{21286F4C-751F-4B2C-97C1-B68A04E9B627}"= c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{F9A52A84-5BE2-4FDD-9E56-B8F508516486}"= c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{5B03BC06-B0E7-4F6A-9336-EDA0FB7DECE2}"= c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{B9B9AED6-5BA3-4832-9067-BB9CD0C57CDB}c:\\program files\\windows lotto pro 2000\\proupdt.exe"= UDP:c:\program files\windows lotto pro 2000\proupdt.exe:proupdt
"UDP Query User{1A0771DF-ADD8-4B67-9982-60FFC7A9393C}c:\\program files\\windows lotto pro 2000\\proupdt.exe"= TCP:c:\program files\windows lotto pro 2000\proupdt.exe:proupdt

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [29.8.2008 21:17 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [29.8.2008 21:19 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [23.5.2008 1:37 24576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9.10.2008 20:18 203280]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [29.8.2008 21:19 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [23.5.2008 10:53 210432]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23.5.2008 10:53 54784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [30.8.2008 2:15 22072]
S3 FlyPCI;FlyPCI;c:\windows\System32\drivers\FlyPCI.sys [17.3.2009 16:36 4134]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23.5.2008 1:15 93968]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [1.2.2008 16:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [1.2.2008 16:17 8320]
S3 u3kh;ASUS My Cinema U3000 Hybrid;c:\windows\System32\drivers\u3kh.sys [14.3.2009 18:49 1719808]
S3 u3khrc;ASUS Infrared Receiver;c:\windows\System32\drivers\u3khrc.sys [14.3.2009 18:51 13568]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [30.8.2008 13:55 75776]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-05-29 c:\windows\Tasks\1-Click Maintenance.job
- d:\tuneup utilities 2009\OneClickStarter.exe [2009-04-14 19:36]

2009-05-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-25 15:10]

2009-05-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-06 08:53]

2009-04-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-06 08:53]

2009-05-29 c:\windows\Tasks\User_Feed_Synchronization-{CC1E17FB-0828-49BF-BDED-4C33B9AC7779}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

2009-05-29 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\tuneup utilities 2009\OneClickStarter.exe [2009-04-14 19:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Settings,ProxyServer = socks=127.0.0.1:7070
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
Trusted Zone: microsoft.com\www.update
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 23:27
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1995405219-1073081204-648885692-1000_Classes\CLSID\{3bbe06d4-69fa-4585-909d-f2028e5a735d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002d
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,a0,aa,8a,6d,7d,dc,b3,a8,31,be,31,2f,c6,b5,\

[HKEY_USERS\S-1-5-21-1995405219-1073081204-648885692-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):1f,87,d9,f8,05,3a,95,b0,fe,e4,38,91,e2,aa,99,89,7e,a6,ac,62,58,
c8,ac,4d,11,0d,1f,c6,85,01,6e,f8,f8,8c,76,47,10,01,01,15,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1995405219-1073081204-648885692-1000_Classes\CLSID\{DC57BD01-4146-8919-37F5-FF03A1FFEC06}*]
@Allowed: (Read) (RestrictedCode)
"AppID"="{190030C4-062A-5526-508E-BCFC16989EB6}"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2716)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2009-05-29 23:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-29 21:30

Před spuštěním: Volných bajtů: 80 284 266 496
Po spuštění: Volných bajtů: 80 017 342 464

296 --- E O F --- 2009-05-28 21:32

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\bthservsdp.dat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto jsi tam dával sám:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer- online na síti
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
??

[timtom]

Ahoj, díky že se mi věnuješ.
1) já jsem nic nikam nevkládal - nerozumím ani co to je natož to někam vkládat, takže fakt ne.
2) ten combofix pořád něco maže, mám být nervozní?
3) ten skript s poznámkového bloku jsem uchopil myší a pustil nad combofixem když zmodral
4) tady je ten log

ComboFix 09-05-30.02 - Tomáš 30.05.2009 20:13.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.2067 [GMT 2:00]
Spuštěný z: c:\users\Tomáš\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tomáš\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\bthservsdp.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\bthservsdp.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-28 do 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-29 03:49 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-29 03:49 . 2009-05-29 03:49 -------- d-----w c:\programdata\Malwarebytes
2009-05-29 03:49 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-29 03:49 . 2009-05-29 03:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 20:05 . 2000-09-13 04:14 155648 ----a-w c:\windows\system32\Sde50.dll
2009-05-20 20:05 . 2000-09-13 03:14 266240 ----a-w c:\windows\system32\SdeNsx50.dll
2009-05-20 20:05 . 2009-05-23 17:01 -------- d-----w c:\program files\Windows Lotto Pro 2000
2009-05-18 22:47 . 2005-06-15 01:00 102400 ----a-w c:\windows\system32\tsccvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 21:58 . 2009-01-17 15:38 -------- d-----w c:\program files\AxBx
2009-05-14 11:09 . 2008-01-21 06:46 598832 ----a-w c:\windows\system32\perfh005.dat
2009-05-14 11:09 . 2008-01-21 06:46 114992 ----a-w c:\windows\system32\perfc005.dat
2009-05-13 23:44 . 2008-05-23 00:10 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 23:41 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-29 21:54 . 2009-04-29 21:54 249856 ------w c:\windows\Setup1.exe
2009-04-29 21:54 . 2009-04-29 21:54 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-28 23:36 . 2008-05-23 00:12 -------- d-----w c:\program files\Microsoft Works
2009-04-26 23:43 . 2008-12-09 10:31 -------- d-----w c:\program files\PSPad editor
2009-04-26 23:43 . 2008-11-07 16:53 -------- d-----w c:\program files\Common Files\Skype
2009-04-26 23:43 . 2008-10-25 14:04 -------- d-----w c:\program files\Glary Utilities
2009-04-26 23:43 . 2008-05-22 23:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 23:43 . 2008-08-29 19:13 -------- d-----w c:\program files\Acer Arcade Deluxe
2009-04-26 23:14 . 2009-04-26 21:12 -------- d-----w c:\programdata\Cyberlink
2009-04-26 22:47 . 2008-12-09 10:27 -------- d-----w c:\program files\PhotoFiltre
2009-04-21 00:03 . 2009-04-21 00:03 -------- d-----w c:\programdata\TuneUp Software
2009-04-18 07:10 . 2008-05-22 23:38 -------- d-----w c:\program files\McAfee
2009-04-14 17:00 . 2009-04-14 17:00 0 ----a-w c:\windows\system32\cid_store.dat
2009-04-14 14:01 . 2009-04-14 14:01 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-13 22:25 . 2008-12-08 15:30 -------- d-----w c:\program files\Nvu
2009-04-13 22:13 . 2008-11-09 18:59 -------- d-----w c:\program files\Download Express
2009-04-13 17:35 . 2008-10-17 23:13 -------- d-----w c:\program files\Java
2009-04-12 21:22 . 2009-04-12 21:22 53319 ----a-w c:\programdata\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-03-25 09:06 . 2008-05-22 23:39 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2008-05-22 23:39 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2008-05-22 23:39 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2008-05-22 23:39 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2008-05-22 23:39 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-17 03:38 . 2009-04-14 22:27 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 22:27 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 21:38 . 2009-03-16 21:38 514888 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-03-09 03:19 . 2009-03-16 10:22 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-14 22:27 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 22:27 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 22:26 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-14 22:27 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 22:27 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 22:27 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 22:26 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 22:27 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 22:27 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-14 22:27 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 22:27 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 22:27 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-14 22:26 26624 ----a-w c:\windows\system32\ieUnatt.exe
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w c:\windows\system\WININETICMP32.drv
.

((((((((((((((((((((((((((((( SnapShot@2009-05-29_21.27.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-30 18:03 77358 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-29 18:34 . 2009-05-30 18:03 11922 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1995405219-1073081204-648885692-1000_UserData.bin
- 2008-08-29 18:39 . 2009-05-29 21:22 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-29 18:39 . 2009-05-30 18:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-29 18:39 . 2009-05-29 21:22 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-29 18:39 . 2009-05-30 18:15 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-29 18:39 . 2009-05-30 18:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-29 18:39 . 2009-05-29 21:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:05 . 2009-05-30 18:03 124048 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CLMLServer"=c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
"PlayMovie"=c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
"ArcadeDeluxeAgent"=c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"eAudio"=c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Adobe Reader Speed Launcher"=c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15493902-0C51-44E8-A79C-2BC9691AB388}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{EC27F063-0D1A-438F-8417-199241214037}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{12403BD6-BE87-4C5D-BEF2-9D090E1B7753}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{23166721-7468-4825-9440-4220A9BD7A11}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{826D1C5C-5A8F-4099-B488-B4523DDB6506}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{171DCE68-FD3F-42D2-B9D2-BEF3BAC06F8E}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{F22A0724-3588-4FF5-8D0A-61577CD9CB99}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{D01E26A1-FB1D-4382-8857-B14A15EF7464}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{56DFE564-7E75-4452-8A87-A655349AA8FF}c:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= UDP:c:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:splintercell3
"UDP Query User{86D44923-3877-4CB5-BA67-FE7A91FD845C}c:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= TCP:c:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:splintercell3
"TCP Query User{9A85BAFC-3168-4571-BF5E-BDEF6D6CCA0C}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{3795FF06-07B2-4E7C-82C3-5224B9BA59EA}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{AE406021-7F6A-4DCB-8591-2CBA1D18B611}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{3738A58C-A37E-4F7E-B317-481E00E57C65}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{CFF541CD-3BC0-4472-9CDE-958EF34BA6B3}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{DFA163F9-5F86-4E7E-84D6-AF9ABBA116C5}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"{5166A5AE-BF92-40ED-AE9D-4D02EAE6B4E3}"= c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{21286F4C-751F-4B2C-97C1-B68A04E9B627}"= c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{F9A52A84-5BE2-4FDD-9E56-B8F508516486}"= c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{5B03BC06-B0E7-4F6A-9336-EDA0FB7DECE2}"= c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{B9B9AED6-5BA3-4832-9067-BB9CD0C57CDB}c:\\program files\\windows lotto pro 2000\\proupdt.exe"= UDP:c:\program files\windows lotto pro 2000\proupdt.exe:proupdt
"UDP Query User{1A0771DF-ADD8-4B67-9982-60FFC7A9393C}c:\\program files\\windows lotto pro 2000\\proupdt.exe"= TCP:c:\program files\windows lotto pro 2000\proupdt.exe:proupdt

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [29.8.2008 21:17 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [29.8.2008 21:19 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [23.5.2008 1:37 24576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9.10.2008 20:18 203280]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [29.8.2008 21:19 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [23.5.2008 10:53 210432]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23.5.2008 10:53 54784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [30.8.2008 2:15 22072]
S3 FlyPCI;FlyPCI;c:\windows\System32\drivers\FlyPCI.sys [17.3.2009 16:36 4134]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23.5.2008 1:15 93968]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [1.2.2008 16:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [1.2.2008 16:17 8320]
S3 u3kh;ASUS My Cinema U3000 Hybrid;c:\windows\System32\drivers\u3kh.sys [14.3.2009 18:49 1719808]
S3 u3khrc;ASUS Infrared Receiver;c:\windows\System32\drivers\u3khrc.sys [14.3.2009 18:51 13568]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [30.8.2008 13:55 75776]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-05-30 c:\windows\Tasks\1-Click Maintenance.job
- d:\tuneup utilities 2009\OneClickStarter.exe [2009-04-14 19:36]

2009-05-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-25 15:10]

2009-05-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-06 08:53]

2009-04-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-06 08:53]

2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{CC1E17FB-0828-49BF-BDED-4C33B9AC7779}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

2009-05-29 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\tuneup utilities 2009\OneClickStarter.exe [2009-04-14 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Settings,ProxyServer = socks=127.0.0.1:7070
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
Trusted Zone: microsoft.com\www.update
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 20:19
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1995405219-1073081204-648885692-1000_Classes\CLSID\{3bbe06d4-69fa-4585-909d-f2028e5a735d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002d
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,a0,aa,8a,6d,7d,dc,b3,a8,31,be,31,2f,c6,b5,\

[HKEY_USERS\S-1-5-21-1995405219-1073081204-648885692-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):1f,87,d9,f8,05,3a,95,b0,fe,e4,38,91,e2,aa,99,89,7e,a6,ac,62,58,
c8,ac,4d,11,0d,1f,c6,85,01,6e,f8,f8,8c,76,47,10,01,01,15,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1995405219-1073081204-648885692-1000_Classes\CLSID\{DC57BD01-4146-8919-37F5-FF03A1FFEC06}*]
@Allowed: (Read) (RestrictedCode)
"AppID"="{190030C4-062A-5526-508E-BCFC16989EB6}"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4064)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2009-05-30 20:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-30 18:22
ComboFix2.txt 2009-05-29 21:30

Před spuštěním: Volných bajtů: 78 592 876 544
Po spuštění: Volných bajtů: 78 630 100 992

289 --- E O F --- 2009-05-28 21:32

[timtom]

Tady je ještě ten log s HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:12, on 28.5.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer- online na síti
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Obsah aplikace OneNote.onetoc2
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6338 bytes

[timtom]

tak koukám že tam pořád ty položky jsou........tak fakt nevím

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
návod:
viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer- online na síti
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - Startup: Obsah aplikace OneNote.onetoc2
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Poté restart PC a nový log z HJT.

[timtom]

Čau,tak pomalu jedu ty kroky co jsi vypsal ale u toho HJT mám nějaké problémy:
1) aplikace HJT vypíše 38 řádků ale následný log je 55 řádků takže některé věci co jsi napsal zeleně jsem nemohl vymazat a to tyto:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer- online na síti
O4 - Startup: Obsah aplikace OneNote.onetoc2
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab

Prostě na logu jsou ale v hjt na fixnutí ne. Jsem z toho jelen.

Dobrá tedy zatím pokračuju v dalších krocích.

Zatím.

[timtom]

Takže jsem provedl vše dle tvých instrukcí a tady je vysledný log z HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:35, on 31.5.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4949 bytes