PCTuning fórum

Mozna je v nejakom programe????

zkus zhodit program "Nero?"Nero BackItUp Scheduler 3""v spravci uloh alebo v sluzbach ho zastav...?

dalej????
PnkBstrB.exe

pusť na to ComboFix

Možná by stačil na odstranění syfla i AVPTool.

Nasel jsem asi tri removal tooly "primo delane na miru". Samozrejme ani jeden nic. Ale combofix se zda ze si s tim poradil! diky.

//edit tak je to porad se mnou... ani combovix nepomohl. Je mozne ze bych to porad chytal znova, nebo spis myslite ze jsem to porad nevylecil?

Potřeboval bych poradit. Co s toho nepotřebuju? Běží mi 88 procesů.
Logfile of HijackThis v1.99.1
Scan saved at 14:36:02, on 28.10.2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Speeds\Desktop\Software\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: D - {631A9638-C9F6-3E06-98B5-426238CD3187} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: MSASCul.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Update ESET's licence.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Služba Google Update (gupdate1c9a7f1570485e9) (gupdate1c9a7f1570485e9) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hamachi Service (HamachiService) - Unknown owner - C:\Program Files\Hamachi\hamachi.exe" -service (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

přece musíš vědět sám co potřebuješ a co ne, nebo ne?

Většina vůbec nevím na co je.

Zdravím vás
-mohl by mi prosím někdo poradit co mi způsobuje-zhruba po 4-5 hodinách běhu počítače-jeho ůplné "zamrznutí"?
Postupně se zpomaluje-až přestane reagovat uplně. Zmizí (zčerná) obraz a nereaguje vůbec na nic. Pomůže jedině reset.
omlouvám se za laický popis problému..
Za řípadnou radu předem velice děkuji.

Logfile of HijackThis v1.99.1
Scan saved at 14:26:08, on 14.11.2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mirek\Documents\Rapget.RS_Public_v1.0.4.0_cz\RapgetRS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\helppane.exe
C:\Program Files\AVerMedia\AVer MediaCenter\AVer MediaCenter.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mirek\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Amazing%20Adventures%20Around%20the%20World/Images/armhelper.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8064.0206.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8064.0206.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Koukni na http://viry.cz/go.php , tam pomáhají s takovýma problémama na forum.

Zdar mám problém , projel jsem PC tím programem a dalo mě to todle :
Nefungujou mě stránky Microsoftu a antivirove stranky atd.... Prosím rychle to potřebuju odstranit

tohle se mi moc nelíbí, ale možná to je legitimní:
použij ComboFix.

Combo fix jsem zkoušel ale nic mě to neudělalo, nemáš nějakej postup?

Tady mám log z ComboFixu

Ahoj, po procitani fora se musim na vas obratit, doufam ze mi nekdo pomuze.....zanesl jsem si do pc viry a nejak tam radi, spustil jsem neco co jsem si stahnul a neproveril....tady posilam log s ComboFix a jeste Hijack. Jsem takovy kutil co ladi xp....no, co uz....predem diky za kazdou radu

ComboFix 10-01-20.04 - Administrator 21.01.2010 16:36:13.1.1 - x86
Spuštěný z: c:\download\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
c:\windows\system32\vbscript.dll chybí
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dokumenty\cc_20100120_235136.reg
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

Nakažená kopie c:\windows\system32\srsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\srsvc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-22 do 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-22 00:49 . 2008-04-14 06:52 171008 ----a-w- c:\windows\system32\srsvc.dll
2010-01-21 19:59 . 2010-01-21 19:59 -------- d---a-w- c:\windows\rundll16.exe
2010-01-21 19:59 . 2010-01-21 19:59 -------- d---a-w- c:\windows\logo1_.exe
2010-01-21 18:24 . 2010-01-21 18:24 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-21 18:24 . 2010-01-21 18:24 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-21 18:24 . 2010-01-21 18:24 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-21 18:24 . 2010-01-21 18:24 -------- d---a-w- c:\windows\logo_1.exe
2010-01-21 18:22 . 2010-01-21 18:22 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-21 18:22 . 2010-01-21 18:22 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-21 18:22 . 2010-01-21 18:22 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-21 18:22 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-01-21 18:22 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-01-21 18:22 . 2010-01-21 18:22 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-21 02:05 . 2010-01-21 23:40 -------- d-----w- C:\XP_Losos
2010-01-21 01:56 . 2010-01-21 23:42 -------- d-----w- c:\program files\nLite
2010-01-20 21:23 . 2010-01-20 21:23 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-01-20 19:06 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 19:06 . 2010-01-20 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\MalwarebytesPortable
2010-01-20 17:06 . 2010-01-20 17:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-20 17:02 . 2010-01-20 17:02 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-20 17:02 . 2010-01-20 17:02 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-20 17:02 . 2010-01-20 17:02 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-20 17:02 . 2010-01-20 17:02 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-20 16:18 . 2010-01-21 04:39 -------- d-----w- c:\program files\PeerGuardian2
2010-01-20 13:07 . 2010-01-21 09:25 -------- d-----w- c:\program files\TC UP
2010-01-12 23:37 . 2010-01-12 23:37 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2010-01-12 23:37 . 2010-01-16 05:39 -------- d-----w- c:\program files\ScreenshotCaptor
2010-01-09 00:34 . 2010-01-09 01:56 -------- d-----w- c:\program files\Commandos
2010-01-08 22:29 . 1996-01-09 18:38 283648 ----a-w- c:\windows\uninst.exe
2010-01-08 22:27 . 2010-01-08 22:27 -------- d-----w- c:\documents and settings\Administrator\WINDOWS
2010-01-08 09:46 . 2010-01-20 21:07 -------- d-----w- c:\program files\MediaInfo
2010-01-07 06:43 . 2010-01-07 06:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-07 05:25 . 1997-07-06 19:22 756736 ------w- c:\windows\system32\ir41_32.dll
2010-01-07 05:24 . 2010-01-07 05:24 -------- d-----w- c:\program files\Microsoft Games
2010-01-07 03:30 . 2010-01-07 03:30 -------- d-----w- c:\documents and settings\Administrator\Data aplikac?
2010-01-07 03:30 . 2010-01-07 03:30 4096 ----a-w- c:\windows\d3dx.dat
2010-01-07 03:26 . 2010-01-07 03:26 -------- d-----w- c:\program files\Echidna LLC
2009-12-23 03:16 . 2009-12-23 03:16 -------- d-----w- c:\program files\Cinemax

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 19:27 . 2009-11-13 09:53 -------- d-----w- c:\program files\JDownloader 0.8.821
2010-01-21 09:24 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-01-21 05:38 . 2010-01-21 05:38 140288 ----a-w- c:\windows\system32\sfc_os.dll.tmp
2010-01-21 04:46 . 2001-10-25 14:00 78070 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 04:46 . 2001-10-25 14:00 428988 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 13:34 . 2009-11-13 05:49 -------- d-----w- c:\program files\CCleaner
2010-01-08 21:50 . 2009-11-13 03:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 00:07 . 2009-08-03 11:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 06:44 . 2009-11-13 03:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-07 06:43 . 2009-11-13 02:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.12772220
2009-12-22 12:33 . 2009-12-22 12:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-22 12:32 . 2009-12-22 12:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-14 23:00 . 2009-12-14 22:39 -------- d-----w- c:\program files\Tropico
2009-12-14 22:52 . 2009-12-14 22:52 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-10 07:44 . 2009-12-10 07:38 -------- d-----w- c:\program files\JDownloader
2009-12-09 07:16 . 2009-12-03 07:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 07:14 . 2009-12-03 07:14 -------- d-----w- c:\program files\Avira
2009-12-03 04:35 . 2009-12-03 04:35 -------- d-----w- c:\program files\MSBuild
2009-12-03 04:34 . 2009-12-03 04:34 -------- d-----w- c:\program files\Reference Assemblies
2009-12-03 02:15 . 2009-12-02 06:11 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-02 06:00 . 2009-12-02 05:59 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 05:30 . 2009-11-29 05:30 -------- d-----w- c:\program files\Altar Games
2009-11-26 03:04 . 2009-11-13 02:42 -------- d-----r- c:\program files\Skype
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 10:33 . 2009-11-13 10:33 0 ----a-w- c:\windows\PowerReg.dat
2009-11-13 09:58 . 2009-11-13 09:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-13 06:42 . 2009-11-13 01:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-13 06:42 . 2009-11-13 01:09 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-13 06:41 . 2009-11-13 01:09 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-13 03:22 . 2009-11-13 03:22 0 ----a-w- c:\windows\nsreg.dat
2009-11-13 03:16 . 2009-11-13 03:16 315392 ----a-w- c:\windows\HideWin.exe
2009-11-13 02:32 . 2009-11-13 02:33 737280 ----a-w- c:\windows\iun6002.exe
2009-11-13 01:06 . 2009-11-13 01:06 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-03 04:42 . 2009-11-13 03:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:43 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
. ------- Sigcheck -------

[7] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[7] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[7] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[7] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

c:\windows\System32\browser.dll ... chybí !!
c:\windows\System32\wuauclt.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
c:\windows\System32\schedsvc.dll ... chybí !!
c:\windows\System32\ssdpsrv.dll ... chybí !!
c:\windows\System32\termsrv.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TC UP"="c:\program files\TC UP\TC UP.exe" [2009-10-04 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"PeerGuardian"=c:\program files\PeerGuardian2\pg2.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - SECLOGON
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\6xqo9sa7.default\
FF - prefs.js: browser.startup.homepage - war-forum.net
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-termsrv - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 16:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"=""
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2010-01-21 16:54:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-22 00:54

Před spuštěním: Volných bajtů: 62 836 277 248
Po spuštění: Volných bajtů: 63 131 693 056

- - End Of File - - E4277D83E70596799A49C945732D8562

....................................................................................................................................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:00, on 21.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TC UP\totalcmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Download\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TC UP] "C:\Program Files\TC UP\TC UP.exe" /wnd=max
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8082747125
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Správce relací nápovědy ke vzdálené ploše (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 4628 bytes

Ahoj, dej sem ještě log z MBAMu, je tam pěknej bordel.

http://www.viry.cz/forum/viewtopic.php?f=29&t=67229 - Stáhni, nainstaluj, proveď aktualizaci, úplný sken, nic nemaž a výsledek z logu pošly sem.

Ahoj, omlouvam se za spozdeni jelikoz mam 9 hod. (Vancouver) casovej posun a chodim do prace.
Samozrejme jak jsem cekal na odpoved tak jsem to projel eScan a ten to nejak vycistil..... jeste jednou zasilam logy.......dik moc za precteni.
Uz na to nesaham a pockam na instrukce......

.......................................................................................................................................

ComboFix 10-01-20.04 - Administrator 22.01.2010 17:51:46.5.1 - x86
Spuštěný z: c:\download\ComboFix.exe
c:\windows\system32\vbscript.dll chybí
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-23 do 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-22 14:45 . 2010-01-22 14:46 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-01-22 07:27 . 2010-01-23 01:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-22 07:20 . 2010-01-23 01:36 -------- d-----w- c:\program files\COMODO
2010-01-22 06:21 . 2010-01-22 06:21 3904728 ----a-w- c:\windows\REGBK00.ZIP
2010-01-22 05:34 . 2010-01-22 05:34 -------- d-----w- c:\program files\XnView
2010-01-22 04:56 . 2010-01-22 06:16 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-22 04:49 . 2010-01-22 06:52 -------- d-----w- C:\Antivir-Resistance
2010-01-22 04:23 . 2010-01-22 04:23 -------- d---a-w- c:\windows\rundll16.exe
2010-01-22 04:23 . 2010-01-22 04:23 -------- d---a-w- c:\windows\logo1_.exe
2010-01-22 00:49 . 2008-04-14 06:52 171008 ------w- c:\windows\system32\srsvc.dll
2010-01-21 18:24 . 2010-01-21 18:24 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-21 18:24 . 2010-01-21 18:24 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-21 18:24 . 2010-01-21 18:24 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-21 18:24 . 2010-01-21 18:24 -------- d---a-w- c:\windows\logo_1.exe
2010-01-21 18:22 . 2010-01-21 18:22 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-21 18:22 . 2010-01-21 18:22 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-21 18:22 . 2010-01-21 18:22 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-21 18:22 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-01-21 18:22 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-01-21 18:22 . 2010-01-21 18:22 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-21 02:05 . 2010-01-21 23:40 -------- d-----w- C:\XP_Losos
2010-01-21 01:56 . 2010-01-21 23:42 -------- d-----w- c:\program files\nLite
2010-01-20 21:23 . 2010-01-20 21:23 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-01-20 19:06 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 19:06 . 2010-01-20 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\MalwarebytesPortable
2010-01-20 17:06 . 2010-01-20 17:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-20 17:02 . 2010-01-20 17:02 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-20 17:02 . 2010-01-20 17:02 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-20 17:02 . 2010-01-20 17:02 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-20 17:02 . 2010-01-20 17:02 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-20 16:18 . 2010-01-21 04:39 -------- d-----w- c:\program files\PeerGuardian2
2010-01-20 13:07 . 2010-01-21 09:25 -------- d-----w- c:\program files\TC UP
2010-01-12 23:37 . 2010-01-12 23:37 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2010-01-12 23:37 . 2010-01-16 05:39 -------- d-----w- c:\program files\ScreenshotCaptor
2010-01-09 00:34 . 2010-01-09 01:56 -------- d-----w- c:\program files\Commandos
2010-01-08 22:29 . 1996-01-09 18:38 283648 ----a-w- c:\windows\uninst.exe
2010-01-08 22:27 . 2010-01-08 22:27 -------- d-----w- c:\documents and settings\Administrator\WINDOWS
2010-01-08 09:46 . 2010-01-20 21:07 -------- d-----w- c:\program files\MediaInfo
2010-01-07 06:43 . 2010-01-07 06:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-07 05:25 . 1997-07-06 19:22 756736 ------w- c:\windows\system32\ir41_32.dll
2010-01-07 05:24 . 2010-01-07 05:24 -------- d-----w- c:\program files\Microsoft Games
2010-01-07 03:30 . 2010-01-07 03:30 -------- d-----w- c:\documents and settings\Administrator\Data aplikac?
2010-01-07 03:30 . 2010-01-07 03:30 4096 ----a-w- c:\windows\d3dx.dat
2010-01-07 03:26 . 2010-01-07 03:26 -------- d-----w- c:\program files\Echidna LLC

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 19:27 . 2009-11-13 09:53 -------- d-----w- c:\program files\JDownloader 0.8.821
2010-01-21 09:24 . 2008-04-14 06:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-01-21 05:38 . 2010-01-21 05:38 140288 ----a-w- c:\windows\system32\sfc_os.dll.tmp
2010-01-21 04:46 . 2001-10-25 14:00 78070 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 04:46 . 2001-10-25 14:00 428988 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 13:34 . 2009-11-13 05:49 -------- d-----w- c:\program files\CCleaner
2010-01-08 21:50 . 2009-11-13 03:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 00:07 . 2009-08-03 11:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 06:44 . 2009-11-13 03:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-07 06:43 . 2009-11-13 02:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.12772220
2009-12-23 03:16 . 2009-12-23 03:16 -------- d-----w- c:\program files\Cinemax
2009-12-22 12:33 . 2009-12-22 12:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-22 12:32 . 2009-12-22 12:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-14 23:00 . 2009-12-14 22:39 -------- d-----w- c:\program files\Tropico
2009-12-14 22:52 . 2009-12-14 22:52 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-10 07:44 . 2009-12-10 07:38 -------- d-----w- c:\program files\JDownloader
2009-12-09 07:16 . 2009-12-03 07:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 07:14 . 2009-12-03 07:14 -------- d-----w- c:\program files\Avira
2009-12-03 04:35 . 2009-12-03 04:35 -------- d-----w- c:\program files\MSBuild
2009-12-03 04:34 . 2009-12-03 04:34 -------- d-----w- c:\program files\Reference Assemblies
2009-12-03 02:15 . 2009-12-02 06:11 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-02 06:00 . 2009-12-02 05:59 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 05:30 . 2009-11-29 05:30 -------- d-----w- c:\program files\Altar Games
2009-11-26 03:04 . 2009-11-13 02:42 -------- d-----r- c:\program files\Skype
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 10:33 . 2009-11-13 10:33 0 ----a-w- c:\windows\PowerReg.dat
2009-11-13 09:58 . 2009-11-13 09:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-13 06:42 . 2009-11-13 01:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-13 06:42 . 2009-11-13 01:09 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-13 06:41 . 2009-11-13 01:09 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-13 03:22 . 2009-11-13 03:22 0 ----a-w- c:\windows\nsreg.dat
2009-11-13 03:16 . 2009-11-13 03:16 315392 ----a-w- c:\windows\HideWin.exe
2009-11-13 01:06 . 2009-11-13 01:06 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-03 04:42 . 2009-11-13 03:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:43 . 2008-04-14 06:52 916480 ------w- c:\windows\system32\wininet.dll
. ------- Sigcheck -------

[7] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[7] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[7] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[7] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

c:\windows\System32\browser.dll ... chybí !!
c:\windows\System32\wuauclt.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
c:\windows\System32\schedsvc.dll ... chybí !!
c:\windows\System32\ssdpsrv.dll ... chybí !!
c:\windows\System32\termsrv.dll ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2010-01-22_00.51.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 01:36 . 2010-01-23 01:36 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TC UP"="c:\program files\TC UP\TC UP.exe" [2009-10-04 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"PeerGuardian"=c:\program files\PeerGuardian2\pg2.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\6xqo9sa7.default\
FF - prefs.js: browser.startup.homepage - war-forum.net
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 17:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"=""
.
Celkový čas: 2010-01-22 17:55:21
ComboFix-quarantined-files.txt 2010-01-23 01:55
ComboFix2.txt 2010-01-23 01:44
ComboFix3.txt 2010-01-22 03:57
ComboFix4.txt 2010-01-22 00:54

Před spuštěním: Volných bajtů: 63 061 344 256
Po spuštění: Volných bajtů: 63 053 262 848

- - End Of File - - 0E20F8AE4EFC7092C2F06A81880E0CD3
....................................................................................................................................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:22, on 22.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\TC UP\totalcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Download\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TC UP] "C:\Program Files\TC UP\TC UP.exe" /wnd=max
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8082747125
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4447 bytes

V pohodě. Jasně, na log mrknu, ale stejně sem vlož ten log z MBAMu. A pak dál uvidíme, zbytky šmejdů pomažeme přes ComboFix a dočistíme to.

Tady je ten log z MBAM....

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3614
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.1.2010 4:46:15
mbam-log-2010-01-23 (04-46-15).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 157239
Uplynulý čas: 32 minute(s), 19 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Například odtud stáhni soubor http://www.dll-files.com/dllindex/dll-f ... l?vbscript http://www.dlldump.com/download-dll-fil ... nload.html
Rozbal jej na plochu.

Přesuň ComboFix na Plochu. Otevři Poznámkový blok a vlož do něj tento skript (kromě Kód):
Ulož na plochu jako CFScript.txt. Pak jej myší přetáhni nad ikonu ComboFix a pusť. CF se spustí a vykoná příkazy ze skriptu.

Tak jsem vsechno provedl podle pokynu a zda se to v pohode. Jen kdyz jsem to projel eScanem tak to napsalo :

Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Záznam odstraněn.
Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Záznam odstraněn.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Záznam odstraněn.

24 I 2010 11:37:47 - [Testování složky: C:\XP_Losos\I386\WINNTUPG\OEM\EICON]
24 I 2010 11:37:48 - [Testování složky: C:\XP_Losos\I386\WINNTUPG\OEM\EQN]
24 I 2010 11:37:48 - [Testování složky: C:\XP_Losos\I386\WINNTUPG\OEM\SPX]
24 I 2010 11:37:48 - [Testování složky: C:\XP_Losos\I386\WINNTUPG\OEM\SPX\MPS]
24 I 2010 11:37:48 - [Testování složky: C:\XP_Losos\I386\WINNTUPG\OEM\TIGERJET]
24 I 2010 11:37:48 - [Testování složky: C:\XP_Losos\I386\WINNTUPG\PERINF]
24 I 2010 11:37:48 - [Testování složky: C:\XP_Losos\I386\WINNTUPG\SRVINF]
24 I 2010 11:38:00 - [Testování složky: C:\XP_Losos\SUPPORT]
24 I 2010 11:38:00 - [Testování složky: C:\XP_Losos\SUPPORT\TOOLS]
24 I 2010 11:38:12 - [Testování složky: C:\XP_Losos\VALUEADD]
24 I 2010 11:38:12 - [Testování složky: C:\XP_Losos\VALUEADD\3RDPARTY]
24 I 2010 11:38:12 - [Testování složky: C:\XP_Losos\VALUEADD\3RDPARTY\MGMT]
24 I 2010 11:38:12 - [Testování složky: C:\XP_Losos\VALUEADD\3RDPARTY\MGMT\CITRIX]
24 I 2010 11:38:14 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT]
24 I 2010 11:38:14 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\FONTS]
24 I 2010 11:38:14 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\MGMT]
24 I 2010 11:38:14 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\MGMT\CIMV2R5]
24 I 2010 11:38:14 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\MGMT\IAS]
24 I 2010 11:38:15 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\MGMT\MSTSC_HPC]
24 I 2010 11:38:17 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\MGMT\PBA]
24 I 2010 11:38:18 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\MGMT\WBEMODBC]
24 I 2010 11:38:18 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\NET]
24 I 2010 11:38:19 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\NET\NETBEUI]
24 I 2010 11:38:19 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\NET\TOOLS]
24 I 2010 11:38:19 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\USMT]
24 I 2010 11:38:19 - [Testování složky: C:\XP_Losos\VALUEADD\MSFT\USMT\ANSI]
24 I 2010 11:38:21 - ***** Kontrola pro specifické ITW viry *****

24 I 2010 11:38:21 - ***** Test dokončen *****
24 I 2010 11:38:21 - Testovaných objektů: 118513
24 I 2010 11:38:21 - Kritických objektů: 3
24 I 2010 11:38:21 - Celkem vyléčených objektů: 0
24 I 2010 11:38:21 - Celkem přejmenováno: 0
24 I 2010 11:38:21 - Smazaných objektů: 3
24 I 2010 11:38:21 - Celkem chyb: 22
24 I 2010 11:38:21 - Uplynulý čas: 00:27:55
24 I 2010 11:38:21 - Datum vydání databáze: 12 Feb 2009
24 I 2010 11:38:21 - Verze virové databáze: 2640605

24 I 2010 11:38:21 - Test je dokončen

Takze to bude vsechno v pohode kdyz to smazal, kazdopadne dik moc za ochotu a tvuj cas. Notas slape a jeste jednou DIK....