HJT - problém se systémem Vyřešeno

[Proxus]

Prosím o kontrolu HJT... nejde mi nic installovat(uninstallovat), nemůžu provést žádné testy (antivir, antimalware), protože se hned při kontrole první položky seknou a neodpovídají, neodpovída wmp -> nelze přehrávat hudbu v počítači (zvuk jde), bod obnovy neodpovídá, a bůh ví co ještě. Aspoň HJT funguje ještě

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:15:25, on 29.6.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\MagicDisc\muninst.exe
C:\PROGRA~1\MAGICD~1\muninst.exe
C:\Users\Marek\Desktop\pičoviny\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4162 bytes

[Reklama]

[jaro3]

Odinstaluj:
ICQToolBar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[Proxus]

Tak HJT jsem fixnul, ale MbAM nescanuje ani v nouzovem rezimu Dam rychly sken a program se sekne.

[jaro3]

Naplánuj si kontrolu disku s opravou.

Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[Proxus]

RShit nejde viz http://img820.imageshack.us/i/vstiek.png/

No mbam jsem nakonec spustil v nabidce mistniho disku:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.6.2010 17:16:53
mbam-log-2010-06-29 (17-16-53).txt

Typ skenu: Rychlý sken
Skenované objekty: 52752
Uplynulý čas: 9 minuta(y), 59 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[Proxus]

ComboFix 10-06-28.01 - Marek 29.06.2010 18:18:42.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1213 [GMT 2:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-28 do 2010-06-29 )))))))))))))))))))))))))))))))
.

2010-06-29 16:02 . 2010-06-29 16:19 -------- d-----w- c:\users\Marek\AppData\Roaming\AIMP
2010-06-29 16:02 . 2010-06-29 16:02 -------- d-----w- c:\program files\AIMP2
2010-06-29 15:21 . 2010-06-29 15:21 3296 ------w- C:\bootsqm.dat
2010-06-29 14:58 . 2010-06-29 14:58 -------- d-----w- c:\program files\trend micro
2010-06-29 14:58 . 2010-06-29 14:58 -------- d-----w- C:\rsit
2010-06-29 11:25 . 2010-06-29 11:25 -------- d-----w- c:\program files\MagicDisc
2010-06-29 11:25 . 2007-09-04 23:46 92544 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-06-29 11:14 . 2010-06-29 11:14 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-06-29 11:13 . 2010-06-29 11:13 -------- d-----w- c:\program files\MagicISO
2010-06-29 10:02 . 2010-06-29 10:02 -------- d-----w- c:\program files\WinPcap
2010-06-29 10:02 . 2010-06-29 10:02 -------- d-----w- c:\program files\DsNET Corp
2010-06-29 09:54 . 2010-06-29 09:54 -------- d-----w- c:\users\Marek\AppData\Roaming\Malwarebytes
2010-06-29 09:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 09:54 . 2010-06-29 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 09:54 . 2010-06-29 09:54 -------- d-----w- c:\programdata\Malwarebytes
2010-06-29 09:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 09:51 . 2010-06-29 09:51 -------- d-----w- c:\program files\CCleaner
2010-06-29 09:49 . 2010-06-29 09:49 -------- d-----w- c:\program files\uTorrent
2010-06-29 09:49 . 2010-06-29 11:52 -------- d-----w- c:\users\Marek\AppData\Roaming\uTorrent
2010-06-29 09:35 . 2010-06-29 09:35 -------- d-----w- c:\users\Marek\AppData\Local\GHISLER
2010-06-29 09:28 . 2009-12-21 15:30 43520 ----a-w- c:\windows\system32\drivers\RtTeam60.sys
2010-06-29 09:28 . 2009-07-20 02:26 27648 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2010-06-29 09:28 . 2007-12-03 02:19 19968 ----a-w- c:\windows\system32\drivers\RtVlan60.sys
2010-06-29 09:28 . 2010-06-29 09:28 -------- d-----w- c:\program files\Realtek
2010-06-29 09:23 . 2010-06-29 09:23 -------- d-----w- c:\program files\Intel
2010-06-29 09:23 . 2010-03-02 08:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-06-29 09:23 . 2010-06-29 09:23 -------- d-----w- C:\Intel
2010-06-29 09:20 . 2010-06-29 08:27 -------- d-----w- c:\windows\Panther
2010-06-29 09:16 . 2010-06-29 09:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-29 09:13 . 2010-04-09 11:16 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-06-29 09:13 . 2010-04-09 11:16 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-06-29 09:13 . 2010-04-09 11:16 11104 ------w- c:\windows\system32\pwdspio.sys
2010-06-29 09:13 . 2010-06-29 09:13 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-06-29 09:09 . 2010-06-29 09:09 -------- d-----w- C:\totalcmd
2010-06-29 09:09 . 2010-06-29 09:09 -------- d-----w- c:\users\Marek\AppData\Roaming\GHISLER
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\UC.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\ARJ.PIF
2010-06-29 09:05 . 2010-06-29 14:05 -------- d-----w- c:\users\Marek\AppData\Roaming\skypePM
2010-06-29 09:04 . 2010-06-29 15:56 -------- d-----w- c:\users\Marek\AppData\Roaming\Skype
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\program files\Common Files\Skype
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----r- c:\program files\Skype
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\programdata\Skype
2010-06-29 09:03 . 2010-06-29 09:03 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-29 09:03 . 2010-06-29 09:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 09:03 . 2010-06-29 09:03 -------- d-----w- c:\programdata\ICQ
2010-06-29 09:03 . 2010-06-29 09:24 -------- d-----w- c:\users\Marek\AppData\Roaming\ICQ
2010-06-29 09:03 . 2010-06-29 09:03 -------- d-----w- c:\users\Marek\AppData\Local\AOL
2010-06-29 09:02 . 2010-06-29 09:03 -------- d-----w- c:\program files\ICQ7.2
2010-06-29 09:00 . 2010-06-29 09:00 -------- d-----w- c:\users\Marek\AppData\Local\ElevatedDiagnostics
2010-06-29 08:58 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-29 08:43 . 2010-06-29 08:43 57560 ----a-w- c:\users\Marek\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-29 08:39 . 2010-01-28 14:25 68200 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-29 08:39 . 2010-01-28 14:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-29 08:39 . 2010-01-27 04:07 219752 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-29 08:39 . 2010-06-29 15:22 -------- d-----w- c:\programdata\NVIDIA
2010-06-29 08:38 . 2010-06-29 08:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-06-29 08:38 . 2010-06-29 08:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-29 08:35 . 2010-06-29 08:35 -------- d-----w- c:\windows\system32\Macromed
2010-06-29 08:34 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-29 08:34 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-29 08:34 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-29 08:34 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-29 08:34 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-29 08:33 . 2010-06-29 09:04 -------- d-sh--w- c:\windows\Installer
2010-06-29 08:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-29 08:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-29 08:33 . 2010-06-29 08:34 -------- d-----w- c:\program files\Avast5
2010-06-29 08:33 . 2010-06-29 08:33 -------- d-----w- c:\programdata\Alwil Software
2010-06-29 08:32 . 2010-06-29 15:26 -------- d-----w- c:\windows\system32\wbem\Performance
2010-06-29 08:32 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-29 08:32 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-29 08:31 . 2010-06-29 08:31 -------- d-----w- c:\users\Marek\AppData\Local\Mozilla
2010-06-29 08:28 . 2010-06-29 08:28 -------- d-sh--we c:\users\Marek\Soubory cookie
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\users\Default\Soubory cookie
2010-06-07 15:47 . 2010-06-07 15:47 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 15:47 . 2010-06-07 15:47 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 15:47 . 2010-06-07 15:47 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 15:47 . 2010-06-07 15:47 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 15:47 . 2010-06-07 15:47 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 15:47 . 2010-06-07 15:47 110696 ----a-w- c:\windows\system32\nvmctray.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 15:26 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-06-29 15:26 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-06-29 09:35 . 2010-06-29 09:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Plocha
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Oblíbené položky
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Šablony
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Nabídka Start
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Dokumenty
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Data aplikací
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-29 133368]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-6-29 557568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
.
------- Doplňkový sken -------
.
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\b4uoos6x.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-06-29 18:23:30
ComboFix-quarantined-files.txt 2010-06-29 16:23

Před spuštěním: Volných bajtů: 18 783 621 120
Po spuštění: Volných bajtů: 18 739 970 048

- - End Of File - - 3CE95D32AB72553C9AC2278138C09111

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\ezsidmv.dat

Folder::
c:\program files\ICQ6Toolbar

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Proxus]

ComboFix 10-06-28.01 - Marek 29.06.2010 19:33:36.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1333 [GMT 2:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marek\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-28 do 2010-06-29 )))))))))))))))))))))))))))))))
.

2010-06-29 17:37 . 2010-06-29 17:37 -------- d-----w- c:\users\Marek\AppData\Local\temp
2010-06-29 17:37 . 2010-06-29 17:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-29 17:37 . 2010-06-29 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-29 17:26 . 2010-06-29 17:29 -------- d-----w- c:\program files\VPlayer CZ
2010-06-29 16:02 . 2010-06-29 17:02 -------- d-----w- c:\users\Marek\AppData\Roaming\AIMP
2010-06-29 16:02 . 2010-06-29 16:02 -------- d-----w- c:\program files\AIMP2
2010-06-29 15:21 . 2010-06-29 15:21 3296 ------w- C:\bootsqm.dat
2010-06-29 14:58 . 2010-06-29 14:58 -------- d-----w- c:\program files\trend micro
2010-06-29 14:58 . 2010-06-29 14:58 -------- d-----w- C:\rsit
2010-06-29 11:25 . 2010-06-29 11:25 -------- d-----w- c:\program files\MagicDisc
2010-06-29 11:25 . 2007-09-04 23:46 92544 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-06-29 11:14 . 2010-06-29 11:14 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-06-29 11:13 . 2010-06-29 11:13 -------- d-----w- c:\program files\MagicISO
2010-06-29 10:02 . 2010-06-29 10:02 -------- d-----w- c:\program files\WinPcap
2010-06-29 10:02 . 2010-06-29 10:02 -------- d-----w- c:\program files\DsNET Corp
2010-06-29 09:54 . 2010-06-29 09:54 -------- d-----w- c:\users\Marek\AppData\Roaming\Malwarebytes
2010-06-29 09:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 09:54 . 2010-06-29 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 09:54 . 2010-06-29 09:54 -------- d-----w- c:\programdata\Malwarebytes
2010-06-29 09:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 09:51 . 2010-06-29 09:51 -------- d-----w- c:\program files\CCleaner
2010-06-29 09:49 . 2010-06-29 09:49 -------- d-----w- c:\program files\uTorrent
2010-06-29 09:49 . 2010-06-29 11:52 -------- d-----w- c:\users\Marek\AppData\Roaming\uTorrent
2010-06-29 09:35 . 2010-06-29 09:35 -------- d-----w- c:\users\Marek\AppData\Local\GHISLER
2010-06-29 09:28 . 2009-12-21 15:30 43520 ----a-w- c:\windows\system32\drivers\RtTeam60.sys
2010-06-29 09:28 . 2009-07-20 02:26 27648 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2010-06-29 09:28 . 2007-12-03 02:19 19968 ----a-w- c:\windows\system32\drivers\RtVlan60.sys
2010-06-29 09:28 . 2010-06-29 09:28 -------- d-----w- c:\program files\Realtek
2010-06-29 09:23 . 2010-06-29 09:23 -------- d-----w- c:\program files\Intel
2010-06-29 09:23 . 2010-03-02 08:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-06-29 09:23 . 2010-06-29 09:23 -------- d-----w- C:\Intel
2010-06-29 09:20 . 2010-06-29 08:27 -------- d-----w- c:\windows\Panther
2010-06-29 09:13 . 2010-04-09 11:16 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-06-29 09:13 . 2010-04-09 11:16 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-06-29 09:13 . 2010-04-09 11:16 11104 ------w- c:\windows\system32\pwdspio.sys
2010-06-29 09:13 . 2010-06-29 09:13 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-06-29 09:09 . 2010-06-29 09:09 -------- d-----w- C:\totalcmd
2010-06-29 09:09 . 2010-06-29 09:09 -------- d-----w- c:\users\Marek\AppData\Roaming\GHISLER
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\UC.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-06-29 09:09 . 2010-06-17 05:55 545 ----a-w- c:\windows\ARJ.PIF
2010-06-29 09:05 . 2010-06-29 14:05 -------- d-----w- c:\users\Marek\AppData\Roaming\skypePM
2010-06-29 09:04 . 2010-06-29 17:37 -------- d-----w- c:\users\Marek\AppData\Roaming\Skype
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\program files\Common Files\Skype
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----r- c:\program files\Skype
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\programdata\Skype
2010-06-29 09:03 . 2010-06-29 09:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 09:03 . 2010-06-29 09:03 -------- d-----w- c:\programdata\ICQ
2010-06-29 09:03 . 2010-06-29 09:24 -------- d-----w- c:\users\Marek\AppData\Roaming\ICQ
2010-06-29 09:03 . 2010-06-29 09:03 -------- d-----w- c:\users\Marek\AppData\Local\AOL
2010-06-29 09:02 . 2010-06-29 09:03 -------- d-----w- c:\program files\ICQ7.2
2010-06-29 09:00 . 2010-06-29 09:00 -------- d-----w- c:\users\Marek\AppData\Local\ElevatedDiagnostics
2010-06-29 08:58 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-29 08:43 . 2010-06-29 08:43 57560 ----a-w- c:\users\Marek\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-29 08:39 . 2010-01-28 14:25 68200 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-29 08:39 . 2010-01-28 14:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-29 08:39 . 2010-01-27 04:07 219752 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-29 08:39 . 2010-06-29 17:27 -------- d-----w- c:\programdata\NVIDIA
2010-06-29 08:38 . 2010-06-29 08:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-06-29 08:38 . 2010-06-29 08:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-29 08:35 . 2010-06-29 08:35 -------- d-----w- c:\windows\system32\Macromed
2010-06-29 08:34 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-29 08:34 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-29 08:34 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-29 08:34 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-29 08:34 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-29 08:33 . 2010-06-29 09:04 -------- d-sh--w- c:\windows\Installer
2010-06-29 08:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-29 08:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-29 08:33 . 2010-06-29 08:34 -------- d-----w- c:\program files\Avast5
2010-06-29 08:33 . 2010-06-29 08:33 -------- d-----w- c:\programdata\Alwil Software
2010-06-29 08:32 . 2010-06-29 17:32 -------- d-----w- c:\windows\system32\wbem\Performance
2010-06-29 08:32 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-29 08:32 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-29 08:31 . 2010-06-29 08:31 -------- d-----w- c:\users\Marek\AppData\Local\Mozilla
2010-06-29 08:28 . 2010-06-29 08:28 -------- d-sh--we c:\users\Marek\Soubory cookie
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\users\Default\Soubory cookie
2010-06-07 15:47 . 2010-06-07 15:47 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 15:47 . 2010-06-07 15:47 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 15:47 . 2010-06-07 15:47 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 15:47 . 2010-06-07 15:47 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 15:47 . 2010-06-07 15:47 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 15:47 . 2010-06-07 15:47 110696 ----a-w- c:\windows\system32\nvmctray.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 17:32 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-06-29 17:32 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-06-29 09:35 . 2010-06-29 09:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Plocha
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Oblíbené položky
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Šablony
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Nabídka Start
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Dokumenty
2010-06-29 08:27 . 2010-06-29 08:27 -------- d-sh--we c:\programdata\Data aplikací
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-29 133368]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-6-29 557568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
.
------- Doplňkový sken -------
.
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\b4uoos6x.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
Celkový čas: 2010-06-29 19:39:55
ComboFix-quarantined-files.txt 2010-06-29 17:39
ComboFix2.txt 2010-06-29 16:23

Před spuštěním: Volných bajtů: 17 952 419 840
Po spuštění: Volných bajtů: 17 904 984 064

- - End Of File - - 01D7F56600882CD1AC55FC07048864DB

[Proxus]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:41:41, on 29.6.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Marek\Desktop\pičoviny\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 3071 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.


Vypni rez.ochrany a firewall.

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[Proxus]

http://img64.imageshack.us/i/vstiekf.png/

takto je to uz dobrych 10 minut... 99% je tam od asi 20 000. zkontrolovaneho souboru
mám jeste pockat?