generic host process

[rastafarian]

Dobry den, mam problem pravdepodobne s virem v pc. Po nejake dobe od zapnuti pocitace...doba se lisi, nekdy pul hodiny nekdy po deseti minutach se objevi hlaska v aplikaci generic host process doslo k chybe a je treba ji zavrit...odesilat neodesilat. Pc funguje dal, az na to, ze nejdou spustit mp3, filmy, objevi se chybova hlaska a ze je chyba v audio codec. Po restartu je vse zase ok, dokud se neobjevi ta hlaska. Nekde jsem cetl, ze by mohl byt problem v zaplatach windows, ale sp2 mame nainstalovany, preinstaloval jsem ho tedy znovu primo z webu microsoftu a nic vsechno stejne. Nekdo to vyresil reinstalaci windows, ale to se mi moc nechce, kdyby to slo vyresit jinak. Avg ani spybot ani superantispyware zadny problem nehlasi. Pouze avg zmenu v sesti souborech...kernell32.dll, wsock32.dll, user32.dll, shell32.dll, ntoskrnl.exe, hosts. Posilam log z hijackthis i z combofix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:55, on 10.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ABBE8EA-E2DF-44E9-A9C1-6938D021C858}: NameServer = 10.0.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

--
End of file - 3950 bytes



ComboFix 08-05-09.1 - Administrator 2008-05-10 9:02:24.1 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.153 [GMT 2:00]
Running from: C:\Documents and Settings\Beruna\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-09 14:21 . 2004-08-17 15:49 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-05-09 14:21 . 2004-08-17 15:49 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-05-09 14:20 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-05-08 19:28 . 2004-08-17 16:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-07 14:10 . 2008-05-07 14:10 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-06 07:31 . 2008-05-06 07:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-03 11:58 . 2008-05-03 11:58 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-05-03 11:57 . 2008-05-03 11:57 <DIR> d-------- C:\Program Files\ffdshow
2008-05-03 11:57 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-03 11:57 . 2007-05-08 20:23 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-03 11:57 . 2006-12-10 23:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-03 10:24 . 2008-05-03 10:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-03 10:24 . 2008-05-03 10:24 <DIR> d-------- C:\Program Files\Ahead
2008-05-03 10:24 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-03 10:24 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-03 10:24 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-03 10:24 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-03 10:24 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-03 10:24 . 2004-03-02 16:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-05-03 10:24 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-03 10:24 . 2004-03-02 16:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-05-03 10:19 . 2008-05-10 09:02 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\NtUser.dat.LOG
2008-05-02 20:08 . 2008-05-09 13:38 <DIR> d-------- C:\stazeno
2008-05-02 11:22 . 2004-05-20 11:11 172,032 --a------ C:\WINDOWS\system32\nvuaudio.exe
2008-05-02 11:22 . 2004-04-23 02:30 3,787 --a------ C:\WINDOWS\system32\nvaudio.nvu
2008-05-01 12:39 . 2008-05-01 12:41 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-05-01 12:39 . 2008-05-01 12:39 45 ---h----- C:\WINDOWS\dsez6207.dat
2008-05-01 10:02 . 2008-05-01 10:02 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\Media Player Classic
2008-04-30 16:45 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-29 10:31 . 2008-04-29 10:31 <DIR> d-------- C:\Program Files\PSPad editor
2008-04-29 10:31 . 2008-04-29 10:47 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\PSpad
2008-04-28 13:07 . 2008-04-28 13:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2008-04-28 13:06 . 2008-05-03 14:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-28 13:06 . 2008-04-28 13:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 13:06 . 2008-04-28 13:06 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\SUPERAntiSpyware.com
2008-04-28 09:25 . 2008-04-28 09:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-28 09:22 . 2008-04-28 09:37 <DIR> d-------- C:\SDFix
2008-04-28 09:21 . 2008-05-10 09:04 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-04-28 09:21 . 2002-01-01 02:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-04-28 09:21 . 2002-01-01 02:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-04-28 09:21 . 2002-01-01 02:09 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-04-28 09:21 . 2002-01-01 01:21 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-04-28 09:21 . 2002-01-01 02:09 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-04-28 09:21 . 2002-01-01 02:09 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-04-28 09:21 . 2002-01-01 02:09 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-04-28 09:21 . 2008-04-28 09:21 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-28 09:21 . 2008-05-10 09:04 192,512 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-27 19:16 . 2008-05-09 08:01 <DIR> d-------- C:\Documents and Settings\Broucek\Data aplikací\AVG7
2008-04-27 17:14 . 2008-04-27 17:14 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Nabídka Start
2008-04-27 17:03 . 2008-05-09 14:25 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-27 16:57 . 2008-04-27 16:57 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-27 16:52 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002284_.tmp
2008-04-27 16:51 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-27 14:21 . 2008-05-03 10:19 <DIR> d-------- C:\Program Files\Panda Security
2008-04-26 09:56 . 2008-05-09 10:40 <DIR> d-------- C:\Documents and Settings\Kuba\Data aplikací\AVG7
2008-04-26 09:35 . 2008-04-26 09:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 09:35 . 2008-04-26 09:35 <DIR> d---s---- C:\Documents and Settings\Beruna\UserData
2008-04-26 09:35 . 2008-04-26 09:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Kaspersky Lab
2008-04-25 20:47 . 2008-04-25 22:14 <DIR> d-------- C:\Program Files\SafeDelete
2008-04-25 20:47 . 2008-04-25 20:47 67 --a------ C:\ioY.ini
2008-04-25 19:51 . 2008-04-25 19:51 <DIR> d-------- C:\Program Files\Yamicsoft
2008-04-25 16:16 . 2008-05-06 07:31 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\Lavasoft
2008-04-25 09:53 . 2008-04-25 09:53 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-25 09:44 . 2008-05-10 08:00 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\AVG7
2008-04-25 09:43 . 2008-04-25 09:43 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\AVG7
2008-04-25 09:43 . 2008-04-25 09:43 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\AVG7
2008-04-25 09:43 . 2008-04-25 09:43 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\AVG7
2008-04-25 09:43 . 2008-04-25 09:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Grisoft
2008-04-25 09:43 . 2008-04-25 09:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7
2008-04-23 21:39 . 2008-04-23 21:39 <DIR> d-------- C:\Documents and Settings\Kuba\Data aplikací\AdobeUM
2008-04-23 10:37 . 2008-04-23 10:37 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-04-22 11:18 . 2008-05-06 08:53 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\gtk-2.0
2008-04-22 11:17 . 2008-04-22 11:17 <DIR> d-------- C:\Documents and Settings\Beruna\.thumbnails
2008-04-22 11:16 . 2008-05-06 08:53 <DIR> d-------- C:\Documents and Settings\Beruna\.gimp-2.4
2008-04-22 11:15 . 2008-04-22 11:15 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-04-22 11:14 . 2008-04-22 11:14 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-04-21 20:03 . 2008-04-23 19:54 <DIR> d-------- C:\Documents and Settings\Broucek\Data aplikací\VSO_HWE
2008-04-21 19:50 . 2008-04-21 19:50 44,331 --a------ C:\#002FAKTU.CAB
2008-04-21 18:17 . 2008-04-23 20:55 <DIR> d-------- C:\Documents and Settings\Broucek\Data aplikací\Vso
2008-04-21 17:57 . 2008-05-09 10:22 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\VSO_HWE
2008-04-21 15:35 . 2008-05-09 12:57 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\Vso
2008-04-21 15:35 . 2008-04-21 15:35 47,360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2008-04-20 21:31 . 2008-05-05 21:04 <DIR> d-------- C:\Documents and Settings\Broucek\Data aplikací\AdobeUM
2008-04-20 15:42 . 2008-04-20 15:48 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\AdobeUM
2008-04-20 14:18 . 2008-04-20 14:18 49,415 --a------ C:\#002ESOP.CAB
2008-04-20 14:06 . 2008-04-06 11:40 43,393 --------- C:\#001ESOP.CAB
2008-04-19 21:41 . 2008-04-28 13:36 <DIR> d-------- C:\Program Files\The KMPlayer
2008-04-19 21:34 . 2008-05-05 08:53 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-19 21:34 . 2008-04-20 12:33 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\COWON
2008-04-19 18:32 . 2008-04-21 15:35 <DIR> d-------- C:\Program Files\vso
2008-04-19 17:51 . 2008-05-03 11:57 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-19 10:20 . 2008-04-19 10:20 <DIR> d-------- C:\Program Files\uTorrent
2008-04-19 10:20 . 2008-05-10 08:53 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\uTorrent
2008-04-18 17:04 . 2008-05-07 22:37 <DIR> d-------- C:\Hry
2008-04-18 13:58 . 2006-01-30 18:00 442,368 -ra------ C:\WINDOWS\system32\zshp1018.exe
2008-04-18 13:58 . 2006-01-30 18:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe
2008-04-18 13:58 . 2006-01-30 18:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img
2008-04-18 13:58 . 2006-01-30 18:00 106,496 -ra------ C:\WINDOWS\system32\vshp1018.dll
2008-04-18 13:58 . 2006-01-30 18:00 102,400 -ra------ C:\WINDOWS\system32\zlhp1018.dll
2008-04-18 13:58 . 2006-01-30 18:00 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL
2008-04-18 13:58 . 2006-01-30 18:00 28,672 -ra------ C:\WINDOWS\system32\zlm.dll
2008-04-18 13:58 . 2006-01-30 18:00 28,672 -ra------ C:\WINDOWS\system32\IMF32.DLL
2008-04-18 13:58 . 2006-01-30 18:00 24,576 -ra------ C:\WINDOWS\system32\ZTAG32.DLL
2008-04-18 13:58 . 2006-01-30 18:00 7,335 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP
2008-04-17 18:13 . 2004-08-17 15:44 31,744 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2008-04-17 17:55 . 2008-05-03 14:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2008-04-17 15:38 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-17 15:36 . 1998-10-09 17:04 327,168 --a------ C:\WINDOWS\IsUn0405.exe
2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\WINDOWS\Cache
2008-04-16 16:05 . 2008-04-16 16:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
2008-04-16 13:48 . 2008-04-30 11:44 390 --a------ C:\WINDOWS\ODBC.INI
2008-04-16 13:46 . 2008-04-16 13:46 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-16 13:45 . 2008-04-16 13:45 <DIR> d-------- C:\Documents and Settings\Beruna\Data aplikací\Microsoft Web Folders
2008-04-16 13:37 . 2004-01-29 03:22 159,744 --a------ C:\WINDOWS\system32\nvuenet.exe
2008-04-16 13:37 . 2004-01-12 22:08 1,556 --a------ C:\WINDOWS\system32\nvenet.nvu
2008-04-16 13:35 . 2008-04-16 13:35 <DIR> d-------- C:\WUTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 18:30 --------- d-----w C:\Program Files\Optimik
2008-05-03 12:44 --------- d-----w C:\Program Files\Opera
2008-04-30 14:45 --------- d-----w C:\Program Files\Java
2008-04-25 22:27 --------- d-----w C:\Program Files\SpeedFan
2008-04-25 20:14 --------- d-----w C:\Program Files\Prime95
2008-04-23 08:37 --------- d-----w C:\Program Files\Winamp
2008-04-20 10:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 11:58 --------- d--h--w C:\Program Files\Zenographics
2008-04-18 11:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-18 07:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-17 15:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-17 13:36 --------- d-----w C:\Program Files\CCleaner
2008-04-16 11:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-15 11:32 --------- d-----w C:\Program Files\QIP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 18:00 98304]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-25 09:48 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-25 09:43 219136]

C:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-18 09:32:21 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WINDOWS\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Networking Monitoring]
C:\WINDOWS\System32\mdm.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2007-08-29 03:04]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 09:04:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-10 9:07:04
ComboFix-quarantined-files.txt 2008-05-10 07:06:01

Adresářů: 16, Volných bajtů: 750,325,760
Adresářů: 20, Volných bajtů: 778,063,872

189

[Reklama]

[memphisto]

Vítej na fóru PC-HELP.CZ

log z HJT je OK.na combofix mrkne někdo jiný.na vir bych to moc neviděl.spíš bych to tipoval na ty aktualizace.zkus sem hodit screen té hlášky se zobrazenými podrobnostmi

[rastafarian]

dobre...ale aktualizaci jsem stahl vcera primo z webu microsoftu...musim teda restartovat pc a pockat az hlaska zase naskoci...nevim, co ji vzdy spusti...je to nejake divne...tak momentik, nez to naskoci...

[rastafarian]

tak nejak nechce tabulka vyskocit, provedl jsem zatim test mwav a neco to naslo...jen nevim, jak se toho zbavit...

Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Object "regsort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "backdoor (ircbot) trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "combo Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\KMPlayer.kpl" refers to invalid object "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Action Taken: No Action Taken.
Entry "HKCR\KMPlayer.ksf" refers to invalid object "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gpf". Action Taken: No Action Taken.

[memphisto]

to jsou jenom pozůstatky předchozích infekcí a ty poslední 3 položky jsou chyby v registrech