Prosim o kontrolu logu - Restart pc a sekání pc.

[scetman]

COMBOFIX LOG ZDE :

ComboFix 10-02-12.01 - user 19.02.2010 18:01:12.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1007.709 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\user\d.exe"
"c:\windows\popcinfot.dat"
"c:\windows\system32\1CF5A1C32F.sys"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\KGyGaAvL.sys"
"c:\windows\system32\magnify.exe.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\d.exe
c:\windows\system32\ezsidmv.dat
.
---- Předchozí spuštění -------
.
c:\documents and settings\user\d.exe
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\Cheat Engine\dbk32.sys
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\popcinfot.dat
c:\windows\system32\1CF5A1C32F.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\magnify.exe.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_Service
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-19 do 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-19 17:10 . 2010-02-19 17:10 19968 ----a-w- c:\documents and settings\user\d.exe
2010-02-18 13:38 . 2007-12-26 16:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-02-18 13:38 . 2007-12-26 16:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-02-18 13:38 . 2010-02-18 14:13 -------- d-----w- c:\program files\Cheat Engine
2010-02-15 20:44 . 2010-02-15 20:45 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-15 20:25 . 2010-02-18 13:52 -------- d-----w- c:\program files\Microsoft Games
2010-02-15 20:09 . 2010-02-15 20:09 -------- d-----w- c:\documents and settings\user\DoctorWeb
2010-02-14 13:24 . 2010-02-14 13:24 -------- d-----w- c:\program files\Trend Micro
2010-02-13 16:46 . 2010-02-13 17:08 -------- d-----w- c:\program files\Rise of Nations
2010-02-12 21:12 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-12 21:12 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-12 21:12 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-12 21:12 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-12 21:12 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-12 21:12 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-12 21:12 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-12 21:11 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-12 21:11 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-12 17:13 . 2010-02-17 21:02 -------- d-----w- c:\program files\Ubisoft
2010-02-12 14:02 . 2010-02-12 14:02 -------- d-----w- c:\program files\City Interactive
2010-02-11 11:03 . 2010-02-11 11:03 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-02-08 20:24 . 2010-02-11 10:16 -------- d-----w- c:\program files\FlashGet
2010-02-08 16:58 . 2010-02-11 13:22 -------- d-----w- c:\program files\Electronic Arts
2010-02-08 14:00 . 2010-02-09 19:56 -------- d-----w- C:\downloads
2010-02-07 21:01 . 2010-02-07 21:01 -------- d-----w- c:\program files\AnvSoft
2010-02-06 16:54 . 2010-02-06 16:54 -------- d-----w- c:\program files\Mindscape
2010-02-06 13:33 . 2010-02-06 13:41 -------- d-----w- c:\program files\NemoKProd
2010-02-05 21:44 . 2010-02-05 21:44 -------- d-----w- c:\program files\VDOWNLOADER
2010-02-05 21:44 . 2010-02-05 21:44 -------- d-----w- c:\program files\Common Files\eBay
2010-02-03 20:06 . 2010-02-03 20:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-03 20:06 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-02-03 20:06 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-02-03 20:06 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-02-03 20:06 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-03 20:06 . 2010-02-03 20:08 -------- d-----w- c:\program files\AVS4YOU
2010-02-02 14:06 . 2010-02-03 17:57 -------- d-----w- c:\program files\WindowsSecurity
2010-02-01 18:48 . 2010-02-17 20:03 -------- d-----w- c:\program files\ICQ7.0
2010-01-31 16:26 . 2008-11-06 16:37 120056 ------w- c:\windows\system32\pxcpyi64.exe
2010-01-31 16:26 . 2008-11-06 16:37 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-01-31 16:19 . 2010-01-31 16:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-22 19:11 . 2010-01-22 19:11 -------- d-----w- c:\program files\Alcohol Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 17:13 . 2010-01-01 23:14 -------- d-----w- c:\program files\Steam
2010-02-19 17:12 . 2010-02-19 17:12 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-18 14:13 . 2010-02-18 13:38 -------- d-----w- c:\program files\Cheat Engine
2010-02-18 14:00 . 2007-07-09 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 20:07 . 2009-10-30 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 16:35 . 2009-12-02 17:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-02-12 21:11 . 2009-10-30 11:05 -------- d-----w- c:\program files\Alwil Software
2010-02-12 17:13 . 2007-07-09 14:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-11 13:18 . 2010-01-06 21:42 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-11 13:06 . 2010-01-06 21:42 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-11 12:04 . 2009-12-01 14:14 -------- d-----w- c:\program files\uTorrent
2010-02-08 20:51 . 2009-12-13 19:16 -------- d-----w- c:\program files\Google
2010-02-06 13:51 . 2010-01-01 20:49 -------- d-----w- c:\program files\EA GAMES
2010-02-03 12:12 . 2007-07-09 14:33 -------- d-----w- c:\program files\Intel
2010-01-31 16:32 . 2007-07-09 12:17 -------- d-----w- c:\program files\DivX
2010-01-30 11:03 . 2010-01-06 21:42 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-24 15:25 . 2009-12-28 11:59 -------- d-----w- c:\program files\TeamViewer
2010-01-20 15:46 . 2010-01-20 15:46 -------- d-----w- c:\program files\Application Updater
2010-01-15 20:40 . 2010-01-15 20:35 -------- d-----w- c:\program files\The KMPlayer
2010-01-10 19:10 . 2010-01-10 19:10 382 --sha-w- c:\windows\system32\ogqzebsm.vbs
2010-01-09 16:23 . 2010-01-04 12:48 -------- d-----w- c:\program files\Akimbo
2010-01-07 15:07 . 2009-10-30 11:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-30 11:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 21:42 . 2010-01-06 21:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-04 18:32 . 2010-01-04 18:32 -------- d-----w- c:\program files\Kwyshell
2010-01-04 17:59 . 2006-03-02 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-01-04 17:59 . 2006-03-02 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 15:08 . 2010-01-03 15:08 -------- d-----w- c:\program files\MSBuild
2010-01-03 15:08 . 2010-01-03 15:08 -------- d-----w- c:\program files\Reference Assemblies
2010-01-01 20:53 . 2010-01-01 20:53 531 ----a-w- c:\windows\eReg.dat
2010-01-01 16:04 . 2010-01-01 16:04 -------- d-----w- c:\program files\AidemMedia
2010-01-01 11:39 . 2010-01-01 11:39 -------- d-----w- c:\program files\Apache Software Foundation
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 02:16 . 2009-12-29 02:16 -------- d-----w- c:\program files\Bonjour
2009-12-29 02:16 . 2008-04-07 06:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-29 02:04 . 2009-12-29 02:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-24 19:31 . 2009-12-24 17:47 -------- d-----w- c:\program files\WinSCP
2009-12-24 17:35 . 2009-12-24 17:35 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-24 17:16 . 2009-12-24 17:16 -------- d-----w- c:\program files\Rockstar Games
2009-12-23 13:48 . 2009-12-23 13:48 -------- d-----w- c:\program files\SHOUTcast Radio Toolbar
2009-12-22 13:55 . 2009-12-22 13:55 -------- d-----w- c:\program files\Creative
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-12-17 07:42 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 15:40 . 2009-12-01 15:11 200104 ----a-w- c:\windows\hpwins19.dat
2009-12-01 15:13 . 2009-12-01 15:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-27 17:14 . 2006-03-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-25 10:19 . 2010-01-11 14:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-11 319280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Steam"="c:\program files\steam\steam.exe" [2010-01-01 1217808]
"Symst"="c:\program files\Intel\taksmgr.exe" [2006-02-03 339968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-08 39408]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 352256]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Symst"="c:\program files\Intel\taksmgr.exe" [2006-02-03 339968]
"Calculator"="c:\windows\system32\calc.exe" [2006-03-02 114688]
"Paint"="c:\windows\system32\mspaint.exe" [2009-12-17 343552]
"COMP32"="c:\windows\system32\osk.exe" [2008-04-14 216064]
"MS-DOS"="c:\windows\system32\magnify.exe" [2008-04-14 72704]
"REC32"="c:\windows\system32\sndrec32.exe" [2008-04-14 131584]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Symst.exe [2010-2-3 339968]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bejeweled deluxe\\WinBej.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.12.2009 16:13 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.2.2010 22:12 162512]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.2.2010 22:12 19024]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [23.12.2009 12:33 17792]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2010 21:51 135664]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [9.10.2009 14:00 3328]
S3 ZD1211BU(AirLive);AirLive WL-5480USB WLAN USB Driver(AirLive);c:\windows\system32\drivers\ZD1211BU.sys [30.10.2009 10:12 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 20:51]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 20:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://nobrain.dk/
uInternet Settings,ProxyOverride = *.local
IE: &SHOUTcast Search - c:\documents and settings\All Users\Data aplikací\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\8dqc0kio.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =966134&p=
FF - component: c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\8dqc0kio.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\8dqc0kio.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 18:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spic.sys >>UNKNOWN [0x86B8B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7528f28
\Driver\ACPI -> ACPI.sys @ 0xf7280cb8
\Driver\atapi -> atapi.sys @ 0xf723bb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7144bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7151a21
SendHandler -> NDIS.sys @ 0xf712f87b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2500)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\documents and settings\user\d.exe
c:\documents and settings\user\d.exe
c:\documents and settings\user\d.exe
c:\documents and settings\user\d.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2010-02-19 18:18:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-19 17:18
ComboFix2.txt 2010-02-14 21:05

Před spuštěním: Volných bajtů: 13 941 882 880
Po spuštění: Volných bajtů: 14 020 468 736

- - End Of File - - 0B6DC003AA9C7CED2050DA0508DCED85

[Reklama]

[jaro3]

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
//////////////////////////////////////////////////////////////////

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.
////////////////////////////////////////////////////////////////////
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
C:\mbr.exe -f
a dej Ok.mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc
//////////////////////////////////////////////////////////////////////////////
Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\documents and settings\user\d.exe
c:\windows\system32\ezsidmv.dat
c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\Symst.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

[scetman]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[scetman]

a OTM napsal toto

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\documents and settings\user\d.exe moved successfully.
c:\windows\system32\ezsidmv.dat moved successfully.
File/Folder c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\Symst.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\dw33nxp.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\m6ulz7.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\m6ulz7.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\hGu8YnFX.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_770.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AT3V283R\adsCAL9A20Y.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AT3V283R\posting[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 02192010_190717

Files moved on Reboot...
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\dw33nxp.exe moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\m6ulz7.dat moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\m6ulz7.exe moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\user\LOCALS~1\Temp\hGu8YnFX.dll
C:\DOCUME~1\user\LOCALS~1\Temp\hGu8YnFX.dll NOT unregistered.
C:\DOCUME~1\user\LOCALS~1\Temp\hGu8YnFX.dll moved successfully.
File C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_770.dat not found!
File C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AT3V283R\adsCAL9A20Y.htm not found!
File C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AT3V283R\posting[1].htm not found!
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

[jaro3]

Napiš , jak se chová PC (restarty+sekání).

[scetman]

restarty už nejsou ale nekdy se tak po hodine sekne pc tak na 2 min potom se furt pri startu pc objevuje samo od sebe malovani, lupa, karkulacka ajin programy..

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.


Vlož ještě nový log z HJT.

Koukni se zda nemáš ty programy po spuštění.

[scetman]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:21, on 19.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\taksmgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\taksmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\user\d.exe
C:\Documents and Settings\user\d.exe
C:\Documents and Settings\user\d.exe
C:\Documents and Settings\user\d.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nobrain.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=80744
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [0,1496088] C:\WINDOWS\system320,1496088.exe
O4 - HKLM\..\Run: [0,4199902] C:\WINDOWS\system320,4199902.exe
O4 - HKLM\..\Run: [Symst] C:\Program Files\Intel\taksmgr.exe
O4 - HKLM\..\Run: [Calculator] C:\WINDOWS\system32\calc.exe
O4 - HKLM\..\Run: [Paint] C:\WINDOWS\system32\mspaint.exe
O4 - HKLM\..\Run: [COMP32] C:\WINDOWS\system32\osk.exe
O4 - HKLM\..\Run: [MS-DOS] C:\WINDOWS\system32\magnify.exe
O4 - HKLM\..\Run: [REC32] C:\WINDOWS\system32\sndrec32.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Symst] C:\Program Files\Intel\taksmgr.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Symst.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Data aplikací\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe

--
End of file - 12742 bytes

[scetman]

Spousteni programu furt trva spousti se klavesnice, lupa, zaznam zvuku, malovaní a karkulacka.....

[jaro3]

Log nevypadá dobře..

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [0,1496088] C:\WINDOWS\system320,1496088.exe
O4 - HKLM\..\Run: [0,4199902] C:\WINDOWS\system320,4199902.exe
O4 - HKLM\..\Run: [Symst] C:\Program Files\Intel\taksmgr.exe
O4 - HKLM\..\Run: [Calculator] C:\WINDOWS\system32\calc.exe
O4 - HKLM\..\Run: [Paint] C:\WINDOWS\system32\mspaint.exe
O4 - HKLM\..\Run: [COMP32] C:\WINDOWS\system32\osk.exe
O4 - HKLM\..\Run: [MS-DOS] C:\WINDOWS\system32\magnify.exe
O4 - HKLM\..\Run: [REC32] C:\WINDOWS\system32\sndrec32.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)


Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

Stáhni si RootRepeal

Rozbal si archív třeba do C:\RootRepeal
Poklepej na RootRepeal.exe ke startu programu ( ve vistě pravým a vybrat spustit jako administrátor).
Klikni v dolní části na Files a potom na Scan .
Objeví se dialog.okno, dej zatržítko na disk, který chceš skenovat( nejčastěji na C:\ , a potom na OK.
Program začne skenovat zatržený disk. Když sken skončí , budou tam vypsané soubory, ale ne všechny musí být legitimní. Klikni na Save Report a ulož si log do dokumentů. Vlož sem prosím celý jeho obsah.

Zítra se podívám.

[scetman]

uz jsem nic vklaadt nebudu uz vše jede jak ma DEKUJI ZA POMOC....

[jaro3]

Nemáš zač , jinak se zase stav.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.