VIRY.CZ

Výrazný problém nemám, ale potřeboval bych odstranit scanner Norton security. Díky

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ave Ja at 2010-12-21 17:50:37
Microsoft Windows 7 Ultimate
System drive C: has 94 GB (72%) free of 131 GB
Total RAM: 959 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:39, on 21.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Users\Ave Ja\Desktop\RSIT.exe
C:\Program Files\trend micro\Ave Ja.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7662 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Ave Ja.job
C:\Windows\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-11-02 1252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-11-02 1252304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"DefragTaskBar"=C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe [2008-10-09 173408]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-10-04 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-10-04 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-10-04 81920]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-11-16 2216960]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"=C:\Windows\System32\rstrui.exe [2009-07-14 262656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-11-16 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2010-11-04 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-21 17:46:27 ----D---- C:\Program Files\trend micro
2010-12-21 17:46:26 ----D---- C:\rsit
2010-11-27 15:53:34 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-11-27 15:53:34 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-11-27 15:53:33 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-11-27 15:53:31 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-11-27 15:53:29 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-11-27 15:52:31 ----A---- C:\Windows\system32\aswBoot.exe
2010-11-27 15:52:18 ----D---- C:\ProgramData\Alwil Software
2010-11-27 15:52:18 ----D---- C:\Program Files\Alwil Software

======List of files/folders modified in the last 1 months======

2010-12-21 17:50:38 ----D---- C:\Windows\Temp
2010-12-21 17:50:12 ----D---- C:\Windows\Prefetch
2010-12-21 17:46:27 ----RD---- C:\Program Files
2010-12-21 17:21:34 ----D---- C:\ProgramData\Spyware Terminator
2010-12-21 16:53:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-21 16:31:29 ----D---- C:\Windows
2010-12-21 13:03:15 ----D---- C:\ProgramData\NVIDIA
2010-12-20 20:26:49 ----D---- C:\Users\Ave Ja\AppData\Roaming\Spyware Terminator
2010-12-20 16:43:39 ----D---- C:\Windows\system32\config
2010-12-20 16:32:38 ----SHD---- C:\System Volume Information
2010-12-19 16:16:23 ----D---- C:\Users\Ave Ja\AppData\Roaming\Skype
2010-12-19 16:07:16 ----D---- C:\Users\Ave Ja\AppData\Roaming\skypePM
2010-12-11 18:11:57 ----D---- C:\Windows\system32\Tasks
2010-12-10 19:03:43 ----D---- C:\Program Files\Mozilla Firefox
2010-12-10 06:17:31 ----D---- C:\Windows\System32
2010-12-10 06:17:31 ----D---- C:\Windows\inf
2010-12-10 06:17:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-09 19:43:20 ----D---- C:\Users\Ave Ja\AppData\Roaming\ICQ
2010-12-01 14:37:40 ----D---- C:\Program Files\Spyware Terminator
2010-11-27 15:53:34 ----D---- C:\Windows\system32\drivers
2010-11-27 15:53:21 ----SHD---- C:\Windows\Installer
2010-11-27 15:53:21 ----SHD---- C:\Config.Msi
2010-11-27 15:53:17 ----D---- C:\Windows\winsxs
2010-11-27 15:52:50 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-27 15:52:18 ----HD---- C:\ProgramData
2010-11-26 19:57:49 ----D---- C:\Program Files\Counter-Strike Source
2010-11-26 05:34:20 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2009-08-04 213024]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-11-16 142592]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2009-07-30 287392]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 cpuz132;cpuz132; \??\C:\Users\AVEJA~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AshampooDefragService;Ashampoo Defrag Service; C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe [2008-10-09 750944]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-08-10 387616]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-08-10 178720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 215584]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-11-16 496128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Použijte orig. utilitu od Symantec, SymNrt: http://us.norton.com/support/kb/web_vie ... N&ln=en_US .

Ahoj tak i po použítí uninstalátoru z tvého odkazu se nic nestalo a Norton se mi pořád směje do obličeje

jamet píše:Ahoj tak i po použítí uninstalátoru z tvého odkazu se nic nestalo a Norton se mi pořád směje do obličeje

Měl jste Noroton legálně? Dejte log z ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Pokud tam najdu nějaké zbytky. odstřelíme je touto utilitou.

Ahoj Norton byl pouze nějaká trialová verze, bohužel majitel PC si nevzpomíná k čemu byla (podle mě k ho*nu) tady je log

ComboFix 11-01-14.01 - Ave Ja 14.01.2011 17:56:33.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.959.316 [GMT 1:00]
Spuštěný z: c:\users\Ave Ja\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-14 do 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 17:03 . 2011-01-14 17:03 -------- d-----w- c:\users\pospinka\AppData\Local\temp
2011-01-14 17:03 . 2011-01-14 17:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-14 16:44 . 2011-01-14 16:44 -------- d-----w- c:\users\pospinka\AppData\Roaming\Spyware Terminator
2011-01-11 16:42 . 2011-01-11 16:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-11 16:40 . 2011-01-11 16:40 -------- d-----w- c:\programdata\Symantec
2010-12-25 16:31 . 2010-12-25 16:31 -------- d-----w- c:\programdata\Nokia
2010-12-25 16:28 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-12-25 16:28 . 2010-12-25 16:28 -------- d-----w- c:\program files\PC Connectivity Solution
2010-12-25 16:14 . 2010-12-25 16:17 -------- d-----w- c:\users\Ave Ja\AppData\Roaming\PC Suite
2010-12-25 16:14 . 2010-12-25 16:32 -------- d-----w- c:\programdata\PC Suite
2010-12-25 16:14 . 2010-12-25 16:16 -------- d-----w- c:\users\Ave Ja\AppData\Roaming\Nokia
2010-12-25 16:13 . 2010-12-25 16:28 -------- d-----w- c:\program files\DIFX
2010-12-25 16:12 . 2010-02-26 13:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-12-25 16:12 . 2010-12-31 14:29 -------- d-----w- c:\program files\Nokia
2010-12-25 16:11 . 2010-12-25 16:23 -------- d-----w- c:\programdata\Installations
2010-12-21 16:46 . 2010-12-21 16:50 -------- d-----w- c:\program files\trend micro
2010-12-21 16:46 . 2010-12-21 16:46 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-16 18:00 . 2010-11-16 18:00 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-11-16 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-11-16 2216960]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-11-04 14:14 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S1 aswSP;aswSP; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-11-16 142592]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]

.
Obsah adresáře 'Naplánované úlohy'

2011-01-13 c:\windows\Tasks\Norton Security Scan for Ave Ja.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-15 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Ave Ja\AppData\Roaming\Mozilla\Firefox\Profiles\3wgn1ctc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.searchcanvas.com/web?ot=7&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60347&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\Toolbar\firefox
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-14 18:05:28
ComboFix-quarantined-files.txt 2011-01-14 17:05

Před spuštěním: Volných bajtů: 102 461 718 528
Po spuštění: Volných bajtů: 102 337 527 808

- - End Of File - - 096ADC82C96A2DF61C7DFBC1A6A8497C

Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\programdata\Symantec
c:\program files\Common Files\Symantec Shared

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

hotovo tady, ale bohužel po restartu je Norton pořád

ComboFix 11-01-14.01 - Ave Ja 16.01.2011 11:01:05.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.959.336 [GMT 1:00]
Spuštěný z: c:\users\Ave Ja\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ave Ja\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\programdata\Symantec
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\catalog.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\CCERASER.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\ecmsvr32.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\eeCtrl.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\ERASER.GRD
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\ERASER.SIG
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\ERASER.SPM
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\ERASER.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\ESRDEF.BIN
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\HH
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\naveng.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\naveng32.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\navex15.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\navex32a.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\ncsacert.txt
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\scrauth.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\SYMAVENG.CAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\SYMAVENG.INF
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\SymErase.cat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\SymErase.inf
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\TCDEFS.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\TCSCAN7.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\TCSCAN8.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\TCSCAN9.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\technote.txt
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\TINF.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\tinfidx.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\TINFL.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\TSCAN1.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\tscan1hd.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\V.GRD
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\V.SIG
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN.INF
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN1.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN2.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN3.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN4.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN5.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN6.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN7.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN8.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\VIRSCAN9.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\virscant.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\WHATSNEW.TXT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20110114.009\zdone.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\catalog.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.grd
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sig
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.spm
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\esrdef.bin
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\hh
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\symaveng.cat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\symaveng.inf
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\SymErase.cat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\SymErase.inf
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcdefs.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan7.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan8.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan9.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\technote.txt
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinf.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinfl.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tscan1.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tscan1hd.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\v.grd
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\v.sig
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan.inf
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan1.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan2.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan3.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan4.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan5.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan6.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan7.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan8.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan9.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\whatsnew.txt
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\zdone.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\definfo.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\usage.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-16 do 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 10:08 . 2011-01-16 10:08 -------- d-----w- c:\users\pospinka\AppData\Local\temp
2011-01-16 10:08 . 2011-01-16 10:08 -------- d-----w- c:\users\jen opravdu nutne\AppData\Local\temp
2011-01-16 10:08 . 2011-01-16 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-14 23:44 . 2011-01-14 23:44 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-14 16:44 . 2011-01-14 16:44 -------- d-----w- c:\users\pospinka\AppData\Roaming\Spyware Terminator
2010-12-25 16:31 . 2010-12-25 16:31 -------- d-----w- c:\programdata\Nokia
2010-12-25 16:28 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-12-25 16:28 . 2010-12-25 16:28 -------- d-----w- c:\program files\PC Connectivity Solution
2010-12-25 16:14 . 2010-12-25 16:17 -------- d-----w- c:\users\Ave Ja\AppData\Roaming\PC Suite
2010-12-25 16:14 . 2010-12-25 16:32 -------- d-----w- c:\programdata\PC Suite
2010-12-25 16:14 . 2010-12-25 16:16 -------- d-----w- c:\users\Ave Ja\AppData\Roaming\Nokia
2010-12-25 16:13 . 2010-12-25 16:28 -------- d-----w- c:\program files\DIFX
2010-12-25 16:12 . 2010-02-26 13:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-12-25 16:12 . 2010-12-31 14:29 -------- d-----w- c:\program files\Nokia
2010-12-25 16:11 . 2010-12-25 16:23 -------- d-----w- c:\programdata\Installations
2010-12-21 16:46 . 2010-12-21 16:50 -------- d-----w- c:\program files\trend micro
2010-12-21 16:46 . 2010-12-21 16:46 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-11-27 14:52 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-27 14:52 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-27 14:53 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-27 14:53 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-11-27 14:53 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-27 14:53 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-11-27 14:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-16 18:00 . 2010-11-16 18:00 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-11-16 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-11-16 2216960]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S1 aswSP;aswSP; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-11-16 142592]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]

.
Obsah adresáře 'Naplánované úlohy'

2011-01-15 c:\windows\Tasks\Norton Security Scan for Ave Ja.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-15 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Ave Ja\AppData\Roaming\Mozilla\Firefox\Profiles\3wgn1ctc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.searchcanvas.com/web?ot=7&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60347&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\Toolbar\firefox
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-16 11:09:56
ComboFix-quarantined-files.txt 2011-01-16 10:09
ComboFix2.txt 2011-01-14 17:05

Před spuštěním: Volných bajtů: 102 680 776 704
Po spuštění: Volných bajtů: 102 365 855 744

- - End Of File - - 6B23A5151DA7CD5E034E57B0CDA707D2

Nic dalšího od Norton, či symantec v logu nevidím. Zkuste toto: Startmenu a do řádku napište regedit. Pak podle návodu: http://www.viry.cz/forum/viewtopic.php?f=11&t=2791 vyhledejte všechny řetězce Norton a Symantec a ručně smažte.

díky moc, konečně hotovo

Nemáte zač!

VIRY.CZ

prosím o kontrolu

prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu