log HJT - prosím o kontrolu Vyřešeno

[xpam]

Mám problém s netem. Rapidně se mi zpomalil. Co se dříve načítalo pár vteřin teď trvá i minuty a někdy to vůbec nenaběhne.

Log HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:55, on 24.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 8.5] "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A2DEB14-44B2-417F-A943-22C29CFC9E96}: NameServer = 89.203.213.5,85.13.126.75
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C38A67-B389-4B42-924A-848F6F4CC6CF}: Domain = comarr.cz
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://www.ocsinventory-ng.org - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe
O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Unknown owner - C:\TEMP\Clt-Inst\vpremote.exe (file missing)

--
End of file - 9957 bytes

[Reklama]

[jaro3]

Odinstaluj:
McAfee Security Scan
Crawler\Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
******************************************************************************************
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[xpam]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4470

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.8.2010 20:51:26
mbam-log-2010-08-24 (20-51-26).txt

Typ skenu: Rychlý sken
Skenované objekty: 183938
Uplynulý čas: 8 minuta(y), 4 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[xpam]

ComboFix 10-08-24.02 - Vendula 24.08.2010 21:36:10.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.287 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vendula\Plocha\ComboFix.exe
AV: Aplikace Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Aplikace Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-24 do 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 18:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 18:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 18:41 . 2010-08-24 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 17:20 . 2010-08-24 17:20 -------- d-----w- c:\program files\Trend Micro
2010-08-23 16:52 . 2010-08-23 16:52 -------- d-----w- c:\program files\CCleaner
2010-08-23 14:36 . 2010-08-23 14:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-23 14:36 . 2010-08-24 18:32 -------- d-----w- c:\program files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 18:05 . 2010-02-19 12:39 -------- d-----w- c:\program files\OCS Inventory Agent
2010-08-12 10:09 . 2004-08-18 12:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 10:09 . 2004-08-18 12:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-18 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-18 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-18 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-12-09 14:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 17:59 . 2010-04-15 08:07 161920 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-03-15 07:14 . 2010-03-15 07:14 608 --sha-w- c:\windows\system32\winzvprt5.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-23 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"Symantec Backup Exec System Recovery 8.5"="c:\program files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" [2010-03-24 2274664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-08-23 2176512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kyocera Mita\\KM-NET VIEWER\\KMNV.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kyocera\\Address Book\\AddrBook.exe"=
"c:\\Program Files\\Kyocera\\DB Assistant\\NsParCom.exe"=
"c:\\Program Files\\Kyocera\\FileUtility\\NsCatCom.exe"=
"\\\\gandalf\\C1\\C1.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\gandalf\\aplikace\\C1\\C1.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:192.168.100.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:192.168.100.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:192.168.100.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:192.168.100.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002
"2967:TCP"= 2967:TCP:SEP
"113:TCP"= 113:TCP:Gandalf_ident

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= 192.168.100.38/255.255.255.255
"Enabled"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.8.2010 16:36 142592]
R2 Backup Exec System Recovery;Backup Exec System Recovery;c:\program files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [2.3.2009 17:37 4691296]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [16.6.2006 14:38 6144]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [28.10.2009 0:37 69632]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [18.8.2004 14:00 5120]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [10.12.2005 13:05 1264320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.5.2010 10:00 102448]
R3 SymSnapService;SymSnapService;c:\program files\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe [12.12.2008 15:51 1562096]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [14.7.2009 12:51 23888]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe [?]
S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\Clt-Inst\vpremote.exe --> c:\temp\Clt-Inst\vpremote.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{71573F25-76E0-499C-BD25-1EA40409DFE0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{E60031FD-1F7B-4E00-84F5-0B70C4A800E6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2A2DEB14-44B2-417F-A943-22C29CFC9E96} = 89.203.213.5,85.13.126.75
FF - ProfilePath - c:\documents and settings\Vendula\Data aplikací\Mozilla\Firefox\Profiles\1u3xblyi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.txt=TXT_File
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-pdfSaver3 - (no file)
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 21:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
Celkový čas: 2010-08-24 21:44:14
ComboFix-quarantined-files.txt 2010-08-24 19:44

Před spuštěním: Volných bajtů: 118 749 204 480
Po spuštění: Volných bajtů: 118 699 413 504

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FAE512ADDBD030B4E69FB5D7F8938C76

[jaro3]

Odinstaluj:
Spyware Terminator

Symantec má vlastní antspywarový štít..


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\winzvprt5.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"113:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto sis nastavoval sám:

Kód: Vybrat vše

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= 192.168.100.38/255.255.255.255
"Enabled"= 1 (0x1)
??

[xpam]

To HKLM neznám.

Log ComboFix:
ComboFix 10-08-24.02 - Vendula 24.08.2010 22:38:28.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.269 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vendula\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vendula\Plocha\CFScript.txt
AV: Aplikace Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Aplikace Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\winzvprt5.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\winzvprt5.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-24 do 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 18:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 18:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 18:41 . 2010-08-24 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 17:20 . 2010-08-24 17:20 -------- d-----w- c:\program files\Trend Micro
2010-08-23 16:52 . 2010-08-23 16:52 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 18:05 . 2010-02-19 12:39 -------- d-----w- c:\program files\OCS Inventory Agent
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-18 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-18 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-18 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:43 . 2004-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 17:59 . 2010-04-15 08:07 161920 ----a-w- c:\windows\system32\drivers\wpshelper.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"Symantec Backup Exec System Recovery 8.5"="c:\program files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" [2010-03-24 2274664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kyocera Mita\\KM-NET VIEWER\\KMNV.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kyocera\\Address Book\\AddrBook.exe"=
"c:\\Program Files\\Kyocera\\DB Assistant\\NsParCom.exe"=
"c:\\Program Files\\Kyocera\\FileUtility\\NsCatCom.exe"=
"\\\\gandalf\\C1\\C1.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\gandalf\\aplikace\\C1\\C1.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:192.168.100.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:192.168.100.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:192.168.100.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:192.168.100.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002
"2967:TCP"= 2967:TCP:SEP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= 192.168.100.38/255.255.255.255
"Enabled"= 1 (0x1)

R2 Backup Exec System Recovery;Backup Exec System Recovery;c:\program files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [2.3.2009 17:37 4691296]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [16.6.2006 14:38 6144]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [28.10.2009 0:37 69632]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [18.8.2004 14:00 5120]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [10.12.2005 13:05 1264320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.5.2010 10:00 102448]
R3 SymSnapService;SymSnapService;c:\program files\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe [12.12.2008 15:51 1562096]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [14.7.2009 12:51 23888]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe [?]
S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\Clt-Inst\vpremote.exe --> c:\temp\Clt-Inst\vpremote.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{71573F25-76E0-499C-BD25-1EA40409DFE0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{E60031FD-1F7B-4E00-84F5-0B70C4A800E6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2A2DEB14-44B2-417F-A943-22C29CFC9E96} = 89.203.213.5,85.13.126.75
FF - ProfilePath - c:\documents and settings\Vendula\Data aplikací\Mozilla\Firefox\Profiles\1u3xblyi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 22:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(716)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\msdtc.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2010-08-24 22:57:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-24 20:57
ComboFix2.txt 2010-08-24 19:44

Před spuštěním: Volných bajtů: 118 698 037 248
Po spuštění: Volných bajtů: 118 679 920 640

- - End Of File - - D89355610F6B79646F3CC6D7F11E7642

[xpam]

HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:59:10, on 24.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 8.5] "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A2DEB14-44B2-417F-A943-22C29CFC9E96}: NameServer = 89.203.213.5,85.13.126.75
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C38A67-B389-4B42-924A-848F6F4CC6CF}: Domain = comarr.cz
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://www.ocsinventory-ng.org - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe
O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Unknown owner - C:\TEMP\Clt-Inst\vpremote.exe (file missing)

--
End of file - 7561 bytes

[jaro3]

Kód: Vybrat vše

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= 192.168.100.38/255.255.255.255
"Enabled"= 1 (0x1)


jedná se o povolení ve firewallu pro vzdálený přístup.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Napiš potom , jak je to s rychlostí PC atd.

[xpam]

Při pokusu stáhnout T-Cleaner mi vyskočilo hlášení dvou Trojanů. Ostatní proběhlo.

Bohužel se internet chová stále stejně. Napadá tě něco dalšího?

Díky

[bledulka]

Než přijde Jaro3
Zkus, jestli Ti to nedělá firewall.

[xpam]

Díky, ale bohužel nepomohlo.

Net se chová divně. Když stahuju soubor, tak je rychlost standartní. Ale načtení stránky je peklo. Často mi FF ukazuje že načítá, ale nakonec to skončí bílou obrazovkou po několika minutách snahy. Několikrát musím dávat F5 a třeba až potom mi to načte, ale jenom částečně. Naskočí to hlavní ze stránky, ale dál to načítá zbývající položky - rekklami, obrázky a tak. Nebo se často stává že nenačte CCS. Obdobné je to i v IE. Večer se zdá že je to o něco lepší.

Když si dám test rychlosti na www.rychlost.cz (pokud se podaří aby doběhnul do konce), tak rychlosti vypadají fajn, i ping. Jenom stabilitu mi to píše 50-60%. To je v pořádku?