Prosím o kontrolu logu

LifeRoma · Příspěvekod **LifeRoma** » 20 lis 2009 14:30

Ahoj prosím o preventivní kontrolu logu, nějak mám spomalené nabíhání OS...

edit:// zapoměl jsem dodat, že mi pořád něco žere 100% CPU

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:10, on 20.11.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpstd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Office07\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office07\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office07\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office07\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9ed2dc891b016) (gupdate1c9ed2dc891b016) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 7543 bytes

Reklama

Příspěvekod **jaro3** » 20 lis 2009 21:09

Odnstaluj:
ICQToolBar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O20 - AppInit_DLLs:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

LifeRoma · Příspěvekod **LifeRoma** » 22 lis 2009 10:27

vše uděláno posílám log z Malwaru... jak vidím tak je tady jeden baraba!!

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 6.0.6000

22.11.2009 10:26:10
mbam-log-2009-11-22 (10-26-04).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 114350
Uplynulý čas: 5 minute(s), 9 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Log u HjT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:31, on 22.11.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpstd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Office07\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office07\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office07\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office07\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9ed2dc891b016) (gupdate1c9ed2dc891b016) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 7046 bytes

LifeRoma · Příspěvekod **LifeRoma** » 22 lis 2009 10:36

A jen tak pro dodatek... asi řekneš at ted použiji ComboFix že?

Příspěvekod **jaro3** » 22 lis 2009 11:37

Přesně tak :smile:

, napřed:

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u Avastu.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

LifeRoma · Příspěvekod **LifeRoma** » 22 lis 2009 15:05

hotovo.. zde posílám log z MbAM po restartu Pc..

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 6.0.6000

22.11.2009 15:04:08
mbam-log-2009-11-22 (15-04-08).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 115517
Uplynulý čas: 5 minute(s), 24 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

a zde posílám log z Comba

ComboFix 09-11-21.02 - roman 22.11.2009 14:29.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2047.908 [GMT 1:00]
Spuštěný z: c:\users\roman\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091122-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-22 do 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-22 13:37 . 2009-11-22 13:38 -------- d-----w- c:\users\roman\AppData\Local\temp
2009-11-22 13:37 . 2009-11-22 13:37 -------- d-----w- c:\users\Martin\AppData\Local\temp
2009-11-22 13:37 . 2009-11-22 13:37 -------- d-----w- c:\users\Martin.roman-PC\AppData\Local\temp
2009-11-22 13:37 . 2009-11-22 13:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-22 13:37 . 2009-11-22 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-20 16:51 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-11-20 16:51 . 2009-11-20 16:51 -------- d-----w- c:\program files\Outsim
2009-11-16 22:51 . 2002-11-02 08:53 57344 ----a-w- c:\windows\system32\WNASPINT.DLL
2009-11-16 22:34 . 2009-11-16 22:34 -------- d-----w- C:\eJay
2009-11-16 20:31 . 2006-07-05 10:21 638976 ----a-w- c:\windows\system32\mgxoschk.dll
2009-11-15 11:10 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-15 10:40 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-11-15 10:40 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-11-15 10:40 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-11-15 10:39 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-11-15 10:39 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-15 10:39 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-11-15 10:39 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-11-15 10:38 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-15 10:38 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-15 10:38 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-15 10:38 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-15 10:38 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-11-15 10:38 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-11-15 10:38 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-11-15 10:34 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-11-15 10:33 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-15 10:31 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-09 16:08 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-09 16:05 . 2009-11-09 16:05 4096 d-----w- c:\program files\Microsoft Works
2009-11-09 15:53 . 2009-11-09 15:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-09 15:52 . 2009-11-09 16:05 4096 d-----w- c:\program files\Microsoft Office07
2009-11-09 15:51 . 2009-11-09 15:51 -------- d-----r- C:\MSOCache
2009-11-04 18:13 . 2009-11-04 18:13 -------- d-----w- C:\Star Wars Empire at War
2009-11-04 16:39 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-11-04 16:39 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-11-04 16:39 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-11-04 16:39 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-11-04 16:39 . 2008-07-30 05:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-04 16:39 . 2008-07-30 05:20 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-04 16:39 . 2008-07-30 05:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-04 16:39 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-11-04 16:39 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-11-04 16:39 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-11-04 11:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-04 11:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-04 11:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-04 11:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-04 11:38 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-04 11:38 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-04 11:38 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-04 11:38 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-04 11:38 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-23 21:48 . 2009-10-23 21:48 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 22:17 . 2008-07-15 15:48 4096 d-----w- c:\users\roman\AppData\Roaming\Skype
2009-11-21 19:40 . 2008-07-15 15:48 -------- d-----w- c:\users\roman\AppData\Roaming\skypePM
2009-11-18 22:06 . 2008-12-08 13:31 4096 d-----w- c:\programdata\TrackMania
2009-11-17 22:09 . 2009-05-03 20:26 -------- d-----w- c:\program files\MSECache
2009-11-16 23:04 . 2008-07-11 15:16 115944 ----a-w- c:\users\roman\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-16 22:34 . 2008-07-11 15:48 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-16 20:32 . 2009-11-16 20:32 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-11-16 17:33 . 2008-08-21 11:32 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-16 17:33 . 2008-08-21 11:30 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-15 11:22 . 2008-07-12 00:56 86978 ----a-w- c:\windows\system32\perfc005.dat
2009-11-15 11:22 . 2008-07-12 00:56 484926 ----a-w- c:\windows\system32\perfh005.dat
2009-11-15 11:15 . 2009-03-16 17:00 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-15 11:13 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-15 11:09 . 2009-03-18 15:16 16384 d-----w- c:\programdata\Microsoft Help
2009-11-15 01:40 . 2008-07-22 18:52 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-15 01:39 . 2009-02-15 10:58 4096 d-----w- c:\program files\CCleaner
2009-11-15 01:33 . 2009-06-14 20:21 4096 d-----w- c:\program files\Google
2009-11-09 16:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-02 19:42 . 2009-10-03 09:49 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-25 17:45 . 2008-09-20 15:43 4096 d-----w- c:\users\roman\AppData\Roaming\Hamachi
2009-10-12 10:12 . 2008-07-22 18:52 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-12 10:11 . 2009-02-11 20:39 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 10:11 . 2009-02-11 20:39 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-11 17:09 . 2009-10-11 17:09 10134 ----a-r- c:\users\roman\AppData\Roaming\Microsoft\Installer\{1189284F-0556-47E5-8DCD-F8BF3176F4EA}\Internet.exe
2009-10-11 17:09 . 2009-10-11 17:09 4846 ----a-r- c:\users\roman\AppData\Roaming\Microsoft\Installer\{1189284F-0556-47E5-8DCD-F8BF3176F4EA}\HtmlHlp.exe
2009-10-11 17:09 . 2009-10-11 17:09 45056 ----a-r- c:\users\roman\AppData\Roaming\Microsoft\Installer\{1189284F-0556-47E5-8DCD-F8BF3176F4EA}\_8AC4CFE0A020_4B39_BB45_2F41618EF9E4.exe
2009-10-11 17:09 . 2009-10-11 17:08 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-11 17:08 . 2009-10-11 17:08 -------- d-----w- c:\program files\Logitech
2009-10-10 15:13 . 2009-07-18 21:41 4096 d-----w- c:\program files\Teamspeak2_RC22
2009-10-10 15:08 . 2009-02-23 22:05 4096 d-----w- c:\program files\Teamspeak2_RC2
2009-10-01 16:52 . 2009-10-01 16:52 200704 ----a-w- c:\windows\system32\QWPCQNG.dll
2009-10-01 16:52 . 2009-10-01 16:52 724992 ----a-w- c:\windows\iun600.exe
2009-09-15 10:59 . 2009-02-18 22:23 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:55 . 2009-02-18 22:24 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-02-18 22:24 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:55 . 2009-02-18 22:23 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-15 10:54 . 2009-02-18 22:24 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-02-18 22:24 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-02-18 22:24 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-14 09:50 . 2009-11-15 10:35 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:38 . 2009-11-15 10:37 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-02-11 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-02-11 20:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 21:18 . 2009-08-30 13:54 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-08-30 21:18 . 2009-08-30 13:54 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-08-30 21:18 . 2009-08-30 13:54 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-08-27 14:02 . 2009-11-15 10:36 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:57 . 2009-11-15 10:36 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-11-15 10:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-11-15 10:36 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-11-15 10:36 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-11-15 10:36 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2007-05-30 22:37 . 2007-05-30 22:36 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-18 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="c:\program files\Microsoft Office07\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1739646807-1506169463-2443122476-1000]
"EnableNotificationsRef"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [18.2.2009 23:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [18.2.2009 23:24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.2.2009 23:23 53328]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [20.6.2008 12:14 181544]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [16.7.2008 10:41 717296]
S2 gupdate1c9ed2dc891b016;Služba Google Update (gupdate1c9ed2dc891b016);c:\program files\Google\Update\GoogleUpdate.exe [14.6.2009 21:22 133104]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\System32\drivers\MosIrUsb.sys [3.2.2009 16:51 46976]
.
Obsah adresáře 'Naplánované úlohy'

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:21]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:21]

2009-11-22 c:\windows\Tasks\User_Feed_Synchronization-{D83F465F-A004-42C2-924C-E0E0300CFAB2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\windows\system32\wpclsp.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Start WingMan Profiler - (no file)
AddRemove-MotiveReportAgent - c:\program files\TO2SAM\McciBrowser.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 14:37
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-11-22 14:42
ComboFix-quarantined-files.txt 2009-11-22 13:42

Před spuštěním: 3 596 693 504
Po spuštění: 3 517 050 880

- - End Of File - - 2231DCD902756C5B5EA764F57923E909

Příspěvekod **jaro3** » 22 lis 2009 16:44

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\iun600.exe

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Toto otestuj na Virustotal
c:\users\roman\AppData\Roaming\Microsoft\Installer\{1189284F-0556-47E5-8DCD-F8BF3176F4EA}\_8AC4CFE0A020_4B39_BB45_2F41618EF9E4.exe
Vlož sem pak odkaz výsledku.

LifeRoma · Příspěvekod **LifeRoma** » 22 lis 2009 20:04

zatím posílám jen log z comba a HjT. ty dcva programy udělám hneed

ComboFix 09-11-21.02 - roman 22.11.2009 19:46.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2047.970 [GMT 1:00]
Spuštěný z: c:\users\roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\roman\Desktop\CFScript.txt.lnk
AV: avast! antivirus 4.8.1356 [VPS 091122-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-10-22 do 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-22 18:56 . 2009-11-22 18:57 -------- d-----w- c:\users\roman\AppData\Local\temp
2009-11-22 18:56 . 2009-11-22 18:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-22 18:56 . 2009-11-22 18:56 -------- d-----w- c:\users\Martin\AppData\Local\temp
2009-11-22 18:56 . 2009-11-22 18:56 -------- d-----w- c:\users\Martin.roman-PC\AppData\Local\temp
2009-11-22 18:56 . 2009-11-22 18:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-22 18:56 . 2009-11-22 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-20 16:51 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-11-20 16:51 . 2009-11-20 16:51 -------- d-----w- c:\program files\Outsim
2009-11-16 22:51 . 2002-11-02 08:53 57344 ----a-w- c:\windows\system32\WNASPINT.DLL
2009-11-16 22:34 . 2009-11-16 22:34 -------- d-----w- C:\eJay
2009-11-16 20:31 . 2006-07-05 10:21 638976 ----a-w- c:\windows\system32\mgxoschk.dll
2009-11-15 11:10 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-15 10:40 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-11-15 10:40 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-11-15 10:40 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-11-15 10:39 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-11-15 10:39 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-15 10:39 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-11-15 10:39 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-11-15 10:38 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-15 10:38 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-15 10:38 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-15 10:38 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-15 10:38 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-11-15 10:38 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-11-15 10:38 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-11-15 10:34 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-11-15 10:33 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-15 10:31 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-09 16:08 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-09 16:05 . 2009-11-09 16:05 4096 d-----w- c:\program files\Microsoft Works
2009-11-09 15:53 . 2009-11-09 15:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-09 15:52 . 2009-11-09 16:05 4096 d-----w- c:\program files\Microsoft Office07
2009-11-09 15:51 . 2009-11-09 15:51 -------- d-----r- C:\MSOCache
2009-11-04 16:39 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-11-04 16:39 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-11-04 16:39 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-11-04 16:39 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-11-04 16:39 . 2008-07-30 05:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-04 16:39 . 2008-07-30 05:20 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-04 16:39 . 2008-07-30 05:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-04 16:39 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-11-04 16:39 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-11-04 16:39 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-11-04 11:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-04 11:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-04 11:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-04 11:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-04 11:38 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-04 11:38 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-04 11:38 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-04 11:38 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-04 11:38 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-23 21:48 . 2009-11-22 15:41 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 15:00 . 2008-07-12 00:56 86978 ----a-w- c:\windows\system32\perfc005.dat
2009-11-22 15:00 . 2008-07-12 00:56 484926 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 22:17 . 2008-07-15 15:48 4096 d-----w- c:\users\roman\AppData\Roaming\Skype
2009-11-21 19:40 . 2008-07-15 15:48 -------- d-----w- c:\users\roman\AppData\Roaming\skypePM
2009-11-18 22:06 . 2008-12-08 13:31 4096 d-----w- c:\programdata\TrackMania
2009-11-17 22:09 . 2009-05-03 20:26 -------- d-----w- c:\program files\MSECache
2009-11-16 23:04 . 2008-07-11 15:16 115944 ----a-w- c:\users\roman\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-16 22:34 . 2008-07-11 15:48 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-16 20:32 . 2009-11-16 20:32 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-11-16 17:33 . 2008-08-21 11:32 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-16 17:33 . 2008-08-21 11:30 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-15 11:15 . 2009-03-16 17:00 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-15 11:13 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-15 11:09 . 2009-03-18 15:16 16384 d-----w- c:\programdata\Microsoft Help
2009-11-15 01:40 . 2008-07-22 18:52 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-15 01:39 . 2009-02-15 10:58 4096 d-----w- c:\program files\CCleaner
2009-11-15 01:33 . 2009-06-14 20:21 4096 d-----w- c:\program files\Google
2009-11-09 16:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-02 19:42 . 2009-10-03 09:49 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-25 17:45 . 2008-09-20 15:43 4096 d-----w- c:\users\roman\AppData\Roaming\Hamachi
2009-10-12 10:12 . 2008-07-22 18:52 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-12 10:11 . 2009-02-11 20:39 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 10:11 . 2009-02-11 20:39 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-11 17:09 . 2009-10-11 17:09 10134 ----a-r- c:\users\roman\AppData\Roaming\Microsoft\Installer\{1189284F-0556-47E5-8DCD-F8BF3176F4EA}\Internet.exe
2009-10-11 17:09 . 2009-10-11 17:09 4846 ----a-r- c:\users\roman\AppData\Roaming\Microsoft\Installer\{1189284F-0556-47E5-8DCD-F8BF3176F4EA}\HtmlHlp.exe
2009-10-11 17:09 . 2009-10-11 17:09 45056 ----a-r- c:\users\roman\AppData\Roaming\Microsoft\Installer\{1189284F-0556-47E5-8DCD-F8BF3176F4EA}\_8AC4CFE0A020_4B39_BB45_2F41618EF9E4.exe
2009-10-11 17:09 . 2009-10-11 17:08 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-11 17:08 . 2009-10-11 17:08 -------- d-----w- c:\program files\Logitech
2009-10-10 15:13 . 2009-07-18 21:41 4096 d-----w- c:\program files\Teamspeak2_RC22
2009-10-10 15:08 . 2009-02-23 22:05 4096 d-----w- c:\program files\Teamspeak2_RC2
2009-10-01 16:52 . 2009-10-01 16:52 200704 ----a-w- c:\windows\system32\QWPCQNG.dll
2009-10-01 16:52 . 2009-10-01 16:52 724992 ----a-w- c:\windows\iun600.exe
2009-09-15 10:59 . 2009-02-18 22:23 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:55 . 2009-02-18 22:24 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-02-18 22:24 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:55 . 2009-02-18 22:23 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-15 10:54 . 2009-02-18 22:24 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-02-18 22:24 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-02-18 22:24 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-14 09:50 . 2009-11-15 10:35 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:38 . 2009-11-15 10:37 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-02-11 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-02-11 20:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 21:18 . 2009-08-30 13:54 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-08-30 21:18 . 2009-08-30 13:54 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-08-30 21:18 . 2009-08-30 13:54 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-08-27 14:02 . 2009-11-15 10:36 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:57 . 2009-11-15 10:36 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-11-15 10:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-11-15 10:36 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-11-15 10:36 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-11-15 10:36 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2007-05-30 22:37 . 2007-05-30 22:36 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-11-22_13.37.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-12 14:26 . 2009-11-22 18:46 43854 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-22 18:47 69940 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-11 15:16 . 2009-11-22 18:47 11490 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1739646807-1506169463-2443122476-1000_UserData.bin
- 2006-11-02 10:33 . 2009-11-15 11:22 49048 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-22 15:00 49048 c:\windows\System32\perfh009.dat
+ 2009-07-16 11:00 . 2009-07-16 11:00 98304 c:\windows\System32\Macromed\Shockwave 10\SwOnce.dll
+ 2009-07-16 11:00 . 2009-07-16 11:00 86016 c:\windows\System32\Macromed\Shockwave 10\SwMenuX.dll
+ 2009-07-16 11:00 . 2009-07-16 11:00 77824 c:\windows\System32\Macromed\Shockwave 10\SwInit.exe
+ 2009-07-16 11:00 . 2009-07-16 11:00 24576 c:\windows\System32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2009-03-16 08:59 . 2009-03-16 08:59 53248 c:\windows\System32\Macromed\Common\SwSupport.dll
+ 2006-11-02 13:02 . 2009-11-22 18:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-11-22 13:24 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-11-22 13:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-11-22 18:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-11-22 13:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-11-22 18:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-22 13:23 . 2009-11-22 13:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-22 18:43 . 2009-11-22 18:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-22 13:23 . 2009-11-22 13:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-22 18:43 . 2009-11-22 18:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-22 15:00 108260 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-15 11:22 108260 c:\windows\System32\perfc009.dat
+ 2009-07-16 11:00 . 2009-07-16 11:00 180224 c:\windows\System32\Macromed\Shockwave 10\Proj.dll
+ 2009-07-16 11:00 . 2009-07-16 11:00 475136 c:\windows\System32\Macromed\Shockwave 10\PluginPing.dll
+ 2009-07-16 11:00 . 2009-07-16 11:00 339968 c:\windows\System32\Macromed\Shockwave 10\Plugin.dll
+ 2009-07-16 11:00 . 2009-07-16 11:00 606208 c:\windows\System32\Macromed\Shockwave 10\iml32X.dll
+ 2009-07-16 11:00 . 2009-07-16 11:00 581632 c:\windows\System32\Macromed\Shockwave 10\Control.dll
+ 2009-07-16 11:00 . 2009-07-16 11:00 1490944 c:\windows\System32\Macromed\Shockwave 10\dirapiX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-18 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="c:\program files\Microsoft Office07\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1739646807-1506169463-2443122476-1000]
"EnableNotificationsRef"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [18.2.2009 23:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [18.2.2009 23:24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.2.2009 23:23 53328]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [20.6.2008 12:14 181544]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [16.7.2008 10:41 717296]
S2 gupdate1c9ed2dc891b016;Služba Google Update (gupdate1c9ed2dc891b016);c:\program files\Google\Update\GoogleUpdate.exe [14.6.2009 21:22 133104]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\System32\drivers\MosIrUsb.sys [3.2.2009 16:51 46976]
.
Obsah adresáře 'Naplánované úlohy'

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:21]

2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:21]

2009-11-22 c:\windows\Tasks\User_Feed_Synchronization-{D83F465F-A004-42C2-924C-E0E0300CFAB2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 19:56
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-11-22 20:01
ComboFix-quarantined-files.txt 2009-11-22 19:00
ComboFix2.txt 2009-11-22 13:42

Před spuštěním: 2 956 713 984
Po spuštění: 2 874 814 464

- - End Of File - - AE1B6BD9C796A78480F1D849C9C32B90

zde posílám nový log z HjT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:47, on 22.11.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office07\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office07\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office07\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9ed2dc891b016) (gupdate1c9ed2dc891b016) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 6887 bytes

Příspěvekod **jaro3** » 22 lis 2009 20:25

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG.

LifeRoma · Příspěvekod **LifeRoma** » 22 lis 2009 21:49

Ted už čekám na výsledky virustotalu, ještě pořád se mi to neukončilo.. Jen chci ještě podotknout, že mi nejde odinstalovat Combo pomocí rady Start-Spustit a zadej ComboFix[mezera]/u. Napíše mi to, at si vypnu rezidentní ochranu a jak jí vypnu tak mi to vyhodí hlášku(viz. obrázek) dám OK a restartuje se Pc a po restartu, se mi spustí combo a vyhodí mi to log...

LifeRoma · Příspěvekod **LifeRoma** » 22 lis 2009 22:12

zde konečně posílám výsledky z VT

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.22 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.72 2009.11.22 -
Antiy-AVL 2.0.3.7 2009.11.20 -
Authentium 5.2.0.5 2009.11.22 -
Avast 4.8.1351.0 2009.11.22 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.22 -
CAT-QuickHeal 10.00 2009.11.21 -
ClamAV 0.94.1 2009.11.22 -
Comodo 3001 2009.11.22 -
DrWeb 5.0.0.12182 2009.11.22 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7133 2009.11.20 -
F-Prot 4.5.1.85 2009.11.22 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.22 -
GData 19 2009.11.22 -
Ikarus T3.1.1.74.0 2009.11.22 -
Jiangmin 11.0.800 2009.11.22 -
K7AntiVirus 7.10.901 2009.11.20 -
Kaspersky 7.0.0.125 2009.11.22 -
McAfee 5810 2009.11.22 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.22 -
Microsoft 1.5302 2009.11.22 -
NOD32 4628 2009.11.22 -
Norman 6.03.02 2009.11.21 -
nProtect 2009.1.8.0 2009.11.22 -
Panda 10.0.2.2 2009.11.22 -
PCTools 7.0.3.5 2009.11.22 -
Prevx 3.0 2009.11.22 -
Rising 22.22.06.04 2009.11.22 -
Sophos 4.47.0 2009.11.22 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.22 -
TheHacker 6.5.0.2.075 2009.11.20 -
TrendMicro 9.0.0.1003 2009.11.22 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.20.2047 2009.11.20 -
VirusBuster 5.0.21.0 2009.11.22 -
Rozšiřující informace
File size: 45056 bytes
MD5...: 00f7b91715f688f8534b5b4d725b75fa
SHA1..: ed8355c109b058fbde2a826fbea40b3eb4d98003
SHA256: 17c9d15c4bc03460138b6104cc7c1ba3c3fb83b1f32a1500af1d83a05583dfdb
ssdeep: 384:y2otn0a10TlQCxfrwntajXjDWLi9k+7yfnrF6oZdoXl2nlI:In0pTBPJn7Sr
F6oEXl2lI
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1010
timedatestamp.....: 0x3a81ecc2 (Thu Feb 08 00:48:02 2001)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x35be 0x4000 5.96 e6223ffa15a968e21cc6fd77141fb993
.rdata 0x5000 0x7a0 0x1000 3.17 4d6a537e74180548d423653ca7b4cf4c
.data 0x6000 0x29dc 0x3000 0.36 f0547d9d0d02570a9db6aa7cb294c69e
.rsrc 0x9000 0x2000 0x2000 4.28 530eaf779e0880b3043120145fcb095c

( 1 imports )
> KERNEL32.dll: HeapCreate, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, GetModuleHandleA, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

LifeRoma · Příspěvekod **LifeRoma** » 23 lis 2009 10:53

Jen bych se chtěl nenapadně připomenout..:)

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online