PC-HELP.CZ

Dobrý den! Prosím o pomoc či radu. Ačkoli nestahuji ani nepřidávám žádné programy, stále se mi snižuje kapacita paměti hardisku C. Našla jsem tady již nějaké rady k tomuto tématu, ale nějak se "nechytám". Projela jsem počítač antimalvarem

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.04.12.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Jana :: JANADUNAJSKA [administrátor]

12.4.2012 15:22:17
mbam-log-2012-04-12 (15-22-17).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 189613
Uplynulý čas: 3 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Také jsem pokračovala scanem comboscan

ComboFix 12-04-12.01 - Jana 12.04.2012 16:54:45.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.469 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jana\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Jana\LOCALS~1\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
c:\documents and settings\Jana\Local Settings\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
c:\documents and settings\Jana\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\documents and settings\Jana\WINDOWS
c:\windows\msmqinst.log
c:\windows\system32\SET67.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET73.tmp
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-12 do 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 12:56 . 2012-04-12 12:56 -------- d-----w- c:\documents and settings\Jana\Data aplikací\Malwarebytes
2012-04-12 12:56 . 2012-04-12 12:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-04-12 12:56 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 12:56 . 2012-04-12 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 20:04 . 2012-04-11 08:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Garmin
2012-04-10 19:45 . 2012-04-11 08:43 -------- d-----w- c:\program files\Garmin
2012-04-10 19:41 . 2012-04-10 19:41 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-04-01 21:35 . 2012-04-01 21:35 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2012-03-31 16:40 . 2012-03-31 16:40 -------- d-----w- c:\program files\Common Files\Skype
2012-03-30 20:32 . 2012-03-30 20:32 -------- d-----w- c:\program files\uTorrent
2012-03-30 20:32 . 2012-03-30 22:56 -------- d-----w- c:\documents and settings\Jana\Data aplikací\uTorrent
2012-03-30 11:04 . 2012-04-10 21:12 -------- d-----w- c:\documents and settings\Jana\Local Settings\Data aplikací\Spotify
2012-03-30 11:04 . 2012-04-10 22:32 -------- d-----w- c:\documents and settings\Jana\Data aplikací\Spotify
2012-03-17 19:42 . 2012-03-17 19:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FLEXnet
2012-03-17 19:26 . 2012-03-17 19:26 -------- d-----w- c:\program files\Bonjour
2012-03-17 19:11 . 2012-03-17 19:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-02-26 22:23 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-12-31 17:43 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-02-26 22:24 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2009-12-31 17:43 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-12-31 17:43 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-12-31 17:43 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-12-31 17:43 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2009-12-31 17:43 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2009-12-31 17:43 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2009-12-31 17:43 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-31 17:15 . 2012-02-27 22:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-31 17:15 . 2012-01-31 17:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 17:15 . 2012-01-31 17:15 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-01-31 17:15 . 2012-01-31 17:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 17:15 . 2012-01-31 17:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 17:15 . 2012-01-31 17:15 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-01-31 17:15 . 2012-01-31 17:15 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-01-31 17:15 . 2012-01-31 17:15 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-01-31 17:15 . 2012-01-31 17:15 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-01-31 17:15 . 2012-01-31 17:15 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-01-31 17:15 . 2012-02-27 22:11 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-31 17:15 . 2012-02-27 22:11 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-01-31 17:15 . 2012-02-27 22:11 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-31 17:15 . 2012-01-31 17:15 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-01-31 17:15 . 2012-01-31 17:15 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-01-31 17:15 . 2012-01-31 17:15 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-01-31 17:15 . 2012-01-31 17:15 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-01-31 17:15 . 2012-01-31 17:15 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-01-31 17:15 . 2012-01-31 17:15 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-01-31 17:15 . 2012-01-31 17:15 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-01-31 17:15 . 2012-01-31 17:15 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-01-31 17:15 . 2012-01-31 17:15 14336 ----a-w- c:\windows\system32\avrt.dll
2012-01-31 17:15 . 2012-01-31 17:15 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-03-02 1347496]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2011-07-24 26624]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-27 21416]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Post-it® Software Notes Lite.lnk - c:\program files\3M\PSN2Lite\Psn2Lite.exe [2001-10-22 507904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Documents and Settings\\Jana\\Data aplikací\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 0:24 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.12.2009 19:43 337880]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2.3.2010 12:13 67312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.12.2009 19:43 20696]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14.10.2009 15:30 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14.10.2009 15:30 476528]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [31.12.2009 18:46 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [31.12.2009 18:46 7808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2012 12:10 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [28.2.2012 0:16 30312]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2012 12:10 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.2.2011 1:43 9216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17.8.2004 15:49 14336]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [28.2.2012 0:16 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [28.2.2012 0:16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [28.2.2012 0:16 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [28.2.2012 0:16 114280]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 10:07]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 10:07]
.
2007-09-18 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2007-09-11 08:54]
.
2011-09-09 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2007-09-11 08:56]
.
2011-08-26 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2007-09-11 08:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2801948
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 213.250.192.1 213.250.194.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\bcv37oug.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: ZoneAlarm Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Nektra OEAPI - (no file)
AddRemove-PC Translator - c:\docume~1\Jana\LOCALS~1\Temp\UN32.EXE
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 17:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1168)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(4876)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ATK0100\ATKOSD.exe
c:\progra~1\3M\PSN2Lite\PSNGive.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Celkový čas: 2012-04-12 17:21:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-12 15:21
.
Před spuštěním: 610 992 128
Po spuštění: 3 812 712 448
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A8971D6459B516D703767C4FC6F38219

Dál už je to pro mě Španělská vesnice. Nevím co dál. Můžete mi prosím pomoct, aby mi počítač zase fungoval normálně?

Vítej na fóru PC-HELP.CZ

Aby ti počítač fungoval normálně, tak nepoužívej nástroje virobijců, kterým vůbec nerozumíš :evil:

Dal ti snad někdo pokyn k udělání skenu z Combofixu (ne comboscanu) :twisted:

Máš štěstí, že jsi nenapáchala ještě větší škody...

Dej sem log z programu HijackThis (návod v podpise)

Co takhle Body obnovy - o tom jsi neco nasla?

Já se jen snažila toho co nejvíce zvladnout sama, abych vás neobtěžovala hloupýma dotazama......díky moc za pomoc

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:49, on 12.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jana\Vše ostatní\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2801948
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12911 bytes

Samozřejmě, že v tom můžou být body obnovy, ale první chceme vyloučit viry...

Odinstaluj:
Zone alarm Registar

v logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2801948
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\videopadShakeIcon.job
c:\windows\Tasks\wavepadDowngrade.job
c:\windows\Tasks\wavepadShakeIcon.job

Folder::
c:\program files\SweetIM

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2801948
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

Firefox::
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\bcv37oug.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: ZoneAlarm Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

V ovl. panelech mám k odinstalování ZoneAlarm a ZoneAlarm Toolbar. Mám odinstalovat oba? Co znamená v logu fixni????

Jenom toolbar.

Fixni znamená zaškrtat políčka před položkami ze seznamu výše a dát fix checked v HijackThis (v podpise mám návod)

Odinstalovala jsem ZoneAlarm. Musela jsem dát znovu HijackThis scan, protože se mi bohužel restartoval počítač.

Tyto možnosti už tak nejsou po novém scanu k zakliknutí. Je to v pořádku? Můžu pokračovat i bez toho?

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

Tady je výsledný log.

ComboFix 12-04-12.01 - Jana 12.04.2012 21:01:01.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.300 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jana\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jana\VÜe ostatnÝ\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Jana\LOCALS~1\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
c:\documents and settings\Jana\Local Settings\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-12 do 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 18:25 . 2012-04-12 18:25 -------- d-----w- c:\windows\Internet Logs
2012-04-12 12:56 . 2012-04-12 12:56 -------- d-----w- c:\documents and settings\Jana\Data aplikací\Malwarebytes
2012-04-12 12:56 . 2012-04-12 12:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-04-12 12:56 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 12:56 . 2012-04-12 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 20:04 . 2012-04-11 08:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Garmin
2012-04-10 19:45 . 2012-04-11 08:43 -------- d-----w- c:\program files\Garmin
2012-04-10 19:41 . 2012-04-10 19:41 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-04-01 21:35 . 2012-04-01 21:35 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2012-03-31 16:40 . 2012-03-31 16:40 -------- d-----w- c:\program files\Common Files\Skype
2012-03-30 20:32 . 2012-03-30 20:32 -------- d-----w- c:\program files\uTorrent
2012-03-30 20:32 . 2012-03-30 22:56 -------- d-----w- c:\documents and settings\Jana\Data aplikací\uTorrent
2012-03-30 11:04 . 2012-04-10 21:12 -------- d-----w- c:\documents and settings\Jana\Local Settings\Data aplikací\Spotify
2012-03-30 11:04 . 2012-04-10 22:32 -------- d-----w- c:\documents and settings\Jana\Data aplikací\Spotify
2012-03-17 19:42 . 2012-03-17 19:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FLEXnet
2012-03-17 19:26 . 2012-03-17 19:26 -------- d-----w- c:\program files\Bonjour
2012-03-17 19:11 . 2012-03-17 19:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-02-26 22:23 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2009-12-31 17:43 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-02-26 22:24 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2009-12-31 17:43 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2009-12-31 17:43 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2009-12-31 17:43 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2009-12-31 17:43 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2009-12-31 17:43 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2009-12-31 17:43 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2009-12-31 17:43 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-31 17:15 . 2012-02-27 22:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-31 17:15 . 2012-01-31 17:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 17:15 . 2012-01-31 17:15 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-01-31 17:15 . 2012-01-31 17:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 17:15 . 2012-01-31 17:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 17:15 . 2012-01-31 17:15 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-01-31 17:15 . 2012-01-31 17:15 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-01-31 17:15 . 2012-01-31 17:15 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-01-31 17:15 . 2012-01-31 17:15 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-01-31 17:15 . 2012-01-31 17:15 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-01-31 17:15 . 2012-02-27 22:11 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-31 17:15 . 2012-02-27 22:11 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-01-31 17:15 . 2012-02-27 22:11 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-31 17:15 . 2012-01-31 17:15 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-01-31 17:15 . 2012-01-31 17:15 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-01-31 17:15 . 2012-01-31 17:15 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-01-31 17:15 . 2012-01-31 17:15 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-01-31 17:15 . 2012-01-31 17:15 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-01-31 17:15 . 2012-01-31 17:15 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-01-31 17:15 . 2012-01-31 17:15 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-01-31 17:15 . 2012-01-31 17:15 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-01-31 17:15 . 2012-01-31 17:15 14336 ----a-w- c:\windows\system32\avrt.dll
2012-01-31 17:15 . 2012-01-31 17:15 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-12_15.13.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-12 19:10 . 2012-04-12 19:10 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-03-02 1347496]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2011-07-24 26624]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-27 21416]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Post-it® Software Notes Lite.lnk - c:\program files\3M\PSN2Lite\Psn2Lite.exe [2001-10-22 507904]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Documents and Settings\\Jana\\Data aplikací\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 0:24 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.12.2009 19:43 337880]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2.3.2010 12:13 67312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.12.2009 19:43 20696]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [31.12.2009 18:46 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [31.12.2009 18:46 7808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2012 12:10 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [28.2.2012 0:16 30312]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2012 12:10 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.2.2011 1:43 9216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17.8.2004 15:49 14336]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [28.2.2012 0:16 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [28.2.2012 0:16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [28.2.2012 0:16 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [28.2.2012 0:16 114280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 10:07]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 10:07]
.
2007-09-18 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2007-09-11 08:54]
.
2011-09-09 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2007-09-11 08:56]
.
2011-08-26 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2007-09-11 08:56]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 213.250.192.1 213.250.194.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\bcv37oug.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 21:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3760)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\3M\PSN2Lite\PSNGive.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Celkový čas: 2012-04-12 21:17:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-12 19:17
ComboFix2.txt 2012-04-12 15:21
.
Před spuštěním: 5 749 198 848
Po spuštění: 5 744 828 416
.
- - End Of File - - 5B03C9136DCFBF5960549874C12F6D26

Přesuň Combofix na plochu a skript taky a pak proveď sken s tím skriptem

Dovolím si doplnit kolegu , udělej script s tímto:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\cis-2.4.dll
c:\windows\system32\issacapi_bs-2.3.dll
c:\windows\system32\issacapi_pe-2.3.dll
c:\windows\system32\issacapi_se-2.3.dll
c:\windows\Temp\Perflib_Perfdata_60c.dat
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\videopadShakeIcon.job
c:\windows\Tasks\wavepadDowngrade.job
c:\windows\Tasks\wavepadShakeIcon.job

Driver::
gupdate
gupdatem


Firefox::
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\bcv37oug.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}

PC-HELP.CZ

samovolné snižování paměti počítače

samovolné snižování paměti počítače Vyřešeno

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače

Re: samovolné snižování paměti počítače