Prosím o kontrolu logu - pomalé pc Vyřešeno

[Forhill]

Zdravím, potřebuji obnovit PC, který nebyl poslední dobou moc používán a je "zadělaný" zbytečnými programy. Sestava není špatná a výkon snad bude o dost lepší, až počítač vyčistím od zbytečných programů,zbytků z her,virů a pod. Prosím s tím tedy o pomoc kontrolou logu.

ZDE JE LOG z HJT:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:54:32, on 16.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: My-Tool Toolbar - {0E6D7A5D-B560-4D1C-9713-18DD1ADE6011} - C:\Program Files (x86)\My-Tool\tbMy-0.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files (x86)\My-Tool\tbMy-0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~2\Flash2X\FLASHP~1\FLASHP~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files (x86)\My-Tool\tbMy-0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files (x86)\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11287 bytes

[Reklama]

[memphisto]

Kde ty toolbary pořád bereš?

Odinstaluj:
TorrentMan Toolbar
Yahoo! Toolbar
My-Tool Toolbar
Ask Toolbar
Deamon Tools Toolbar
Pandora TV
BS Player Toolbar

v logu fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: My-Tool Toolbar - {0E6D7A5D-B560-4D1C-9713-18DD1ADE6011} - C:\Program Files (x86)\My-Tool\tbMy-0.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files (x86)\My-Tool\tbMy-0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My-Tool Toolbar - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - C:\Program Files (x86)\My-Tool\tbMy-0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Forhill]

Ten počítač nebyl hrozně dlouho přeinstalován a všechno se to tady nahromadilo. Už jsou pryč

No a nešlo mi fixnout: O1 - Hosts: ::1 localhost
(chyba je v příloze) a když dám OK vyskočí tahle stránka)

Vše ostatní ok, Dr. Web CureIt nenašel nic. Malwarebytes' Anti-Malware ale ano !

Zde je z něj log:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5533

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

16.1.2011 22:14:57
mbam-log-2011-01-16 (22-14-51).txt

Typ kontroly: Rychlý test
Testované objekty: 159569
Uplynulý čas: 4 minut, 1 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 41
Infikované hodnoty v registru: 4
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files (x86)\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.

[memphisto]

K tomu HJT: Musíš jej spouštět jako správce

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Forhill]

K tomu HJT: jako správce jsem to samozřejmě pustil. I tak to nejde fixnout.

Tady je log z ComboFixu:
(ještě dodám log z Malwarebytesu)

ComboFix 11-01-16.02 - PC 16.01.2011 22:39:58.1.1 - x64
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2047.942 [GMT 1:00]
Spuštěný z: c:\users\PC\Downloads\ComboFix.exe
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\ICQ6.5\ICQLRun.exe
c:\programdata\hpe9665.dll
c:\users\PC\AppData\Roaming\Desktopicon
c:\users\PC\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\PC\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-16 do 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 21:52 . 2011-01-16 21:52 -------- d-----w- c:\users\PC\AppData\Local\temp
2011-01-16 21:52 . 2011-01-16 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-16 21:02 . 2011-01-16 21:02 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2011-01-16 21:01 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-16 21:01 . 2011-01-16 21:01 -------- d-----w- c:\programdata\Malwarebytes
2011-01-16 21:01 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-16 21:01 . 2011-01-16 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-16 19:54 . 2011-01-16 19:54 -------- d-----w- c:\users\PC\DoctorWeb
2011-01-16 18:53 . 2011-01-16 18:53 388096 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-16 18:53 . 2011-01-16 18:53 -------- d-----w- c:\program files (x86)\HJT
2011-01-14 13:27 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07D900C1-D2BE-4DF1-815F-CABD3D047A54}\mpengine.dll
2011-01-09 11:59 . 2011-01-09 11:59 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-01-09 11:26 . 2011-01-09 11:26 -------- d-----w- c:\program files (x86)\KONAMI
2011-01-09 11:26 . 2011-01-09 11:26 -------- d-----w- c:\programdata\KONAMI
2010-12-20 16:41 . 2010-12-20 16:41 -------- d-----w- c:\users\PC\AppData\Local\Activision
2010-12-19 21:35 . 2010-12-19 21:35 -------- d-----w- c:\program files (x86)\PapíííClock
2010-12-19 14:49 . 2010-10-12 15:19 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-19 14:49 . 2010-10-12 15:19 68096 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-19 14:49 . 2010-10-12 13:41 515584 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-19 14:49 . 2010-10-12 17:43 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-19 14:49 . 2010-10-12 15:53 33280 ----a-w- c:\program files (x86)\Windows Mail\wabfind.dll
2010-12-19 14:49 . 2010-10-12 13:41 66048 ----a-w- c:\program files (x86)\Windows Mail\wabmig.exe
2010-12-19 14:49 . 2010-10-28 13:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-19 14:49 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-19 14:48 . 2010-11-06 11:18 855040 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-19 14:48 . 2010-11-06 11:18 500224 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-19 14:48 . 2010-11-06 11:18 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-12-19 14:48 . 2010-11-04 18:55 352768 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-19 14:48 . 2010-11-06 11:18 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-19 14:48 . 2010-11-04 23:58 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-12-19 14:48 . 2010-11-04 18:55 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-19 14:48 . 2010-11-04 16:34 171520 ----a-w- c:\windows\SysWow64\taskeng.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 11:18 . 2010-12-19 14:48 855040 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-19 09:41 . 2009-10-03 18:36 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-05-26 15:18 . 2009-05-26 15:18 779568 ----a-w- c:\program files (x86)\QTPlugin.ocx
2009-05-26 15:18 . 2009-05-26 15:18 7697712 ----a-w- c:\program files (x86)\QuickTimePlayer.exe
2009-05-26 15:18 . 2009-05-26 15:18 352256 ----a-w- c:\program files (x86)\QTUIPanelControl.dll
2009-05-26 15:18 . 2009-05-26 15:18 880640 ----a-w- c:\program files (x86)\QTOControl.dll
2009-05-26 15:18 . 2009-05-26 15:18 806912 ----a-w- c:\program files (x86)\QTOLibrary.dll
2009-05-26 15:18 . 2009-05-26 15:18 782336 ----a-w- c:\program files (x86)\QTInfo.exe
2009-05-26 15:18 . 2009-05-26 15:18 413696 ----a-w- c:\program files (x86)\QTTask.exe
2009-05-26 15:18 . 2009-05-26 15:18 548864 ----a-w- c:\program files (x86)\PictureViewer.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedItUpEX"="c:\program files (x86)\Speeditup Free\SpeedItUp.exe" [2008-09-10 2274816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 ALSysIO;ALSysIO;c:\users\PC\AppData\Local\Temp\ALSysIO64.sys [x]
R3 netr7364;TL-WN321G Wireless USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2007-05-11 412672]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2009-10-06 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2009-10-06 18944]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2006-09-29 1368960]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 116264]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 159784]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 138792]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 137768]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 153128]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-11 868848]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 22096]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 65616]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]

.
Obsah adresáře 'Naplánované úlohy'

2011-01-16 c:\windows\Tasks\Norton Security Scan for PC.job
- c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-13 09:04]

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{F19FB31A-265A-4DF0-A5E1-99932AE4A04F}.job
- c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"CmPCIaudio"="c:\windows\Syswow64\cmicnfg3.cpl" [2007-04-27 6103040]
"NvSvc"="c:\windows\system32\nvsvc64.dll" [2007-06-28 88064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 10683392]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=15187&l=dis
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
Wow6432Node-HKCU-Run-DLD.EXE - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE
AddRemove-BSPlayerf - f:\bsp\BSplayer\uninstall.exe
AddRemove-PartyPoker - c:\programs\PartyGaming\PartyPoker\Uninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-01-16 22:56:30
ComboFix-quarantined-files.txt 2011-01-16 21:56

Před spuštěním: Volných bajtů: 198 469 406 720
Po spuštění: Volných bajtů: 197 878 030 336

- - End Of File - - E8AFD15BEBEC142E4C88EEF40023223D

[Forhill]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5533

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

16.1.2011 23:04:27
mbam-log-2011-01-16 (23-04-27).txt

Typ kontroly: Rychlý test
Testované objekty: 164311
Uplynulý čas: 4 minut, 13 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[memphisto]

Odinstaluj ten SpeedItUpPC. Nečetl jsem na ně nic hezkého a web mají také podivný

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\Norton Security Scan for PC.job

Folder::
c:\program files (x86)\Norton Security Scan\Norton Security Scan

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=15187&l=dis
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SYSTEM32\blank.htm

Firefox::
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Forhill]

ComboFix 11-01-16.02 - PC 16.01.2011 23:32:26.2.1 - x64
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2047.924 [GMT 1:00]
Spuštěný z: c:\users\PC\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\PC\Desktop\CFScript.txt
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\Norton Security Scan for PC.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Norton Security Scan\Norton Security Scan
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\{407D1C08-B366-4aca-92FB-E04E97F6681D}.dat
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\BilBDRes.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\ccL80U.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\ccScanw.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\ccVrTrst.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\dec_abi.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\DefLoad.exe
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\DefUtDCD.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\diLueCbk.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\ecmldr32.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\HeartBt.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\help.htm
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\InstWrap.exe
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Microsoft.VC80.CRT.manifest
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\msl.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\msvcp80.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\msvcr80.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\patch25d.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\PrdDtRes.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\ReputationCacheDB.db
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\RevList.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\RptCdRes.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\SAUpdt.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\ScanCore.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\ScanRes.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\ScanText.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\SKUCfg.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\SKURes.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\symbos.exe
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\SymCCIS.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\SymCCISE.exe
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\SymHTML.dll
c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\SymInstallStub.exe
c:\program files (x86)\Norton Security Scan\Norton Security Scan\isolate.ini
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar\components\IToolbarhomewmp.xpt
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar\chrome.manifest
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar\chrome\radiobar.jar
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar\install.rdf
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar\META-INF\manifest.mf
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar\META-INF\PvkTmp.rsa
c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\extensions\radiobar@toolbar\META-INF\PvkTmp.sf
c:\windows\Tasks\Norton Security Scan for PC.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-16 do 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 22:43 . 2011-01-16 22:45 -------- d-----w- c:\users\PC\AppData\Local\temp
2011-01-16 22:43 . 2011-01-16 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-16 22:18 . 2011-01-16 22:18 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-01-16 22:18 . 2011-01-16 22:19 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-16 21:02 . 2011-01-16 21:02 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2011-01-16 21:01 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-16 21:01 . 2011-01-16 21:01 -------- d-----w- c:\programdata\Malwarebytes
2011-01-16 21:01 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-16 21:01 . 2011-01-16 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-16 19:54 . 2011-01-16 19:54 -------- d-----w- c:\users\PC\DoctorWeb
2011-01-16 18:53 . 2011-01-16 18:53 388096 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-16 18:53 . 2011-01-16 18:53 -------- d-----w- c:\program files (x86)\HJT
2011-01-14 13:27 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07D900C1-D2BE-4DF1-815F-CABD3D047A54}\mpengine.dll
2011-01-09 11:59 . 2011-01-09 11:59 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-01-09 11:26 . 2011-01-09 11:26 -------- d-----w- c:\program files (x86)\KONAMI
2011-01-09 11:26 . 2011-01-09 11:26 -------- d-----w- c:\programdata\KONAMI
2010-12-20 16:41 . 2010-12-20 16:41 -------- d-----w- c:\users\PC\AppData\Local\Activision
2010-12-19 21:35 . 2010-12-19 21:35 -------- d-----w- c:\program files (x86)\PapíííClock
2010-12-19 14:49 . 2010-10-12 15:19 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-19 14:49 . 2010-10-12 15:19 68096 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-19 14:49 . 2010-10-12 13:41 515584 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-19 14:49 . 2010-10-12 17:43 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-19 14:49 . 2010-10-12 15:53 33280 ----a-w- c:\program files (x86)\Windows Mail\wabfind.dll
2010-12-19 14:49 . 2010-10-12 13:41 66048 ----a-w- c:\program files (x86)\Windows Mail\wabmig.exe
2010-12-19 14:49 . 2010-10-28 13:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-19 14:49 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-19 14:48 . 2010-11-06 11:18 855040 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-19 14:48 . 2010-11-06 11:18 500224 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-19 14:48 . 2010-11-06 11:18 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-12-19 14:48 . 2010-11-04 18:55 352768 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-19 14:48 . 2010-11-06 11:18 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-19 14:48 . 2010-11-04 23:58 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-12-19 14:48 . 2010-11-04 18:55 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-19 14:48 . 2010-11-04 16:34 171520 ----a-w- c:\windows\SysWow64\taskeng.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 11:18 . 2010-12-19 14:48 855040 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-19 09:41 . 2009-10-03 18:36 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-05-26 15:18 . 2009-05-26 15:18 779568 ----a-w- c:\program files (x86)\QTPlugin.ocx
2009-05-26 15:18 . 2009-05-26 15:18 7697712 ----a-w- c:\program files (x86)\QuickTimePlayer.exe
2009-05-26 15:18 . 2009-05-26 15:18 352256 ----a-w- c:\program files (x86)\QTUIPanelControl.dll
2009-05-26 15:18 . 2009-05-26 15:18 880640 ----a-w- c:\program files (x86)\QTOControl.dll
2009-05-26 15:18 . 2009-05-26 15:18 806912 ----a-w- c:\program files (x86)\QTOLibrary.dll
2009-05-26 15:18 . 2009-05-26 15:18 782336 ----a-w- c:\program files (x86)\QTInfo.exe
2009-05-26 15:18 . 2009-05-26 15:18 413696 ----a-w- c:\program files (x86)\QTTask.exe
2009-05-26 15:18 . 2009-05-26 15:18 548864 ----a-w- c:\program files (x86)\PictureViewer.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-16_21.52.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-10 04:38 . 2010-07-10 04:38 56936 c:\windows\SysWOW64\OpenCL.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 65128 c:\windows\system32\OpenCL.dll
+ 2010-07-09 15:27 . 2010-07-09 15:27 61032 c:\windows\system32\nvshext.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 65128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\OpenCL64.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 56936 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\OpenCL.dll
+ 2008-10-28 15:51 . 2011-01-16 22:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-28 15:51 . 2011-01-16 21:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-28 15:51 . 2011-01-16 22:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-28 15:51 . 2011-01-16 21:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-16 22:19 . 2011-01-16 22:19 10134 c:\windows\Installer\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}\ARPPRODUCTICON.exe
+ 2006-11-02 12:40 . 2011-01-16 22:18 51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2011-01-02 19:19 51200 c:\windows\inf\infpub.dat
- 2011-01-16 21:28 . 2011-01-16 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-16 22:44 . 2011-01-16 22:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-16 22:44 . 2011-01-16 22:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-16 21:28 . 2011-01-16 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2011-01-16 22:28 631438 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-01-16 21:35 631438 c:\windows\system32\perfh009.dat
+ 2008-01-21 09:24 . 2011-01-16 22:28 641878 c:\windows\system32\perfh005.dat
- 2008-01-21 09:24 . 2011-01-16 21:35 641878 c:\windows\system32\perfh005.dat
+ 2006-11-02 12:46 . 2011-01-16 22:28 118064 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-01-16 21:35 118064 c:\windows\system32\perfc009.dat
+ 2008-01-21 09:24 . 2011-01-16 22:28 135584 c:\windows\system32\perfc005.dat
- 2008-01-21 09:24 . 2011-01-16 21:35 135584 c:\windows\system32\perfc005.dat
+ 2010-07-09 15:27 . 2010-07-09 15:27 159336 c:\windows\system32\nvvsvc.exe
+ 2008-09-06 10:17 . 2010-07-10 04:38 660072 c:\windows\system32\nvuninst.exe
+ 2008-09-06 10:17 . 2010-07-10 04:38 660072 c:\windows\system32\nvudisp.exe
+ 2010-07-09 15:27 . 2010-07-09 15:27 116328 c:\windows\system32\nvmctray.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 260712 c:\windows\system32\nvcod1922.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 260712 c:\windows\system32\nvcod.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 660072 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvudisp.exe
+ 2010-07-10 04:38 . 2010-07-10 04:38 261268 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvdrsdb.bin
+ 2010-07-10 04:38 . 2010-07-10 04:38 314984 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvdecodemft32.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 382568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvdecodemft.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 260712 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcod.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 930272 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\dpinst.exe
+ 2010-07-10 04:38 . 2010-07-10 04:38 189032 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\dbInstaller.exe
+ 2010-07-10 04:38 . 2010-07-10 04:38 930272 c:\windows\system32\dpinst.exe
+ 2011-01-16 22:19 . 2011-01-16 22:19 577536 c:\windows\Installer\2f0448.msi
+ 2006-11-02 12:40 . 2011-01-16 22:18 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-01-02 19:19 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-01-02 19:19 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-01-16 22:18 143360 c:\windows\inf\infstor.dat
+ 2008-10-31 09:51 . 2008-10-31 09:51 1314816 c:\windows\SysWOW64\PVSonyDll.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 5107816 c:\windows\SysWOW64\nvwgf2um.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 9818728 c:\windows\SysWOW64\nvd3dum.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 2892904 c:\windows\SysWOW64\nvcuvid.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 2506344 c:\windows\SysWOW64\nvcuvenc.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 4553832 c:\windows\SysWOW64\nvcuda.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 1625192 c:\windows\SysWOW64\nvapi.dll
+ 2008-10-31 09:51 . 2008-10-31 09:51 1319424 c:\windows\system32\PVSonyDll.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 7002216 c:\windows\system32\nvwgf2umx.dll
+ 2010-07-09 15:27 . 2010-07-09 15:27 1585256 c:\windows\system32\nvsvc64.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 3089512 c:\windows\system32\nvcuvid.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 2761832 c:\windows\system32\nvcuvenc.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 6116968 c:\windows\system32\nvcuda.dll
+ 2007-06-28 16:43 . 2010-07-10 04:38 2037864 c:\windows\system32\nvapi64.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 7002216 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvwgf2umx.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 5107816 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvwgf2um.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 9818728 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvd3dum.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 2892904 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcuvid32.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 3089512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcuvid.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 2761832 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcuvenc64.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 2506344 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcuvenc.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 4553832 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcuda32.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 6116968 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcuda.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 2037864 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvapi64.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 1625192 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvapi.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 14092904 c:\windows\SysWOW64\nvoglv32.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 10267240 c:\windows\SysWOW64\nvcompiler.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 19114088 c:\windows\system32\nvoglv64.dll
+ 2007-06-28 16:43 . 2010-07-10 04:38 12471400 c:\windows\system32\nvd3dumx.dll
+ 2010-07-09 15:27 . 2010-07-09 15:27 15314024 c:\windows\system32\nvcpl.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 14513768 c:\windows\system32\nvcompiler.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 19114088 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvoglv64.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 14092904 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvoglv32.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 13187176 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvlddmkm.sys
+ 2010-07-10 04:38 . 2010-07-10 04:38 12471400 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvd3dumx.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 51549944 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\NvCplSetupInt.exe
+ 2010-07-10 04:38 . 2010-07-10 04:38 10267240 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcompiler32.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 14513768 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_741711fa\nvcompiler.dll
+ 2010-07-10 04:38 . 2010-07-10 04:38 13187176 c:\windows\system32\drivers\nvlddmkm.sys
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\PC\AppData\Local\Temp\ALSysIO64.sys [x]
R3 netr7364;TL-WN321G Wireless USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2007-05-11 412672]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2009-10-06 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2009-10-06 18944]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2006-09-29 1368960]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 116264]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 159784]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 138792]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 137768]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 153128]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-11 868848]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 22096]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 65616]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]

.
Obsah adresáře 'Naplánované úlohy'

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{F19FB31A-265A-4DF0-A5E1-99932AE4A04F}.job
- c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"CmPCIaudio"="c:\windows\Syswow64\cmicnfg3.cpl" [2007-04-27 6103040]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\zj00cikx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\InstWrap.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-01-16 23:53:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-16 22:53
ComboFix2.txt 2011-01-16 21:56

Před spuštěním: Volných bajtů: 197 897 166 848
Po spuštění: Volných bajtů: 197 651 267 584

- - End Of File - - B80C2A8D60DFA8F144FEC8972C7D0D9C

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+HJT

Jak se chová PC?

[Forhill]

Použil jsem CCleaner i T-Cleaner.

Zde je Log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:28:32, on 17.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~2\Flash2X\FLASHP~1\FLASHP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7933 bytes

[memphisto]

fix:
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0e6d7a5d-b560-4d1c-9713-18dd1ade6011} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

Při fixování zavři prohlížeč a ideálně se odpoj od netu a mělby jít fixnout i ten Host

[Forhill]

Odpojil jsem internet a zavřel jsem všechna okna a aplikace. Všechno v přádku, jen ten Host pořád fixnout nejde a vyskakuje stejná chyba.