Prosím o kontrolu logu.

[Korzarek]

Dobrý den,
v poslední době mi nějak špatně startuje PC. Někdy během startu zrestartuje a naběhne až napodruhé či napotřetí. Někdy se během staru zastaví a nabízí spuštění v nouzovém režimu. Pustím ho ale s poslední funkční konfigurací a naběhne ok. Někdy vyžaduje chdsk.
Před pár dny mi k tomu začal haprovat Acrobat Professional. Po pár vteřinách se sám zavře. Přeinstalace nepomohla.
AVG, CCleaner i Spyware Terminator nenašel nic.

Přikládám log a předem moc děkuju za tip, co s tím.
Díky moc

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:42:21, on 25.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NetLimiter\NetLimiter.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\javaw.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevx.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX-emul.Java.her\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX-emul.Java.her\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\MidpX-emul.Java.her\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4590129203
O16 - DPF: {C0F0B627-5D8A-4487-B773-EB33BF1BB43F} (EMSIP Class) - https://portal.viphone.cz/break/SIPEyePPhone.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1887356-E0C9-4034-9D4D-229A27ECC4E9}: NameServer = 10.107.4.100,10.107.4.129
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper Lite.lnk (Diskeeper) - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10053 bytes

[Reklama]

[jaro3]

Vypni rez. ochranu AVG a štít ST.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Korzarek]

Tak jsem to projel a prikládám výsledek. Díky moc

ComboFix 09-01-21.04 - korzarek 2009-01-26 22:06:00.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2039.1539 [GMT 1:00]
Spuštěný z: e:\_rapid\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\llnnmp.ini
c:\windows\system32\windows

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-26 do 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-25 21:42 . 2009-01-25 21:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-01-25 21:31 . 2009-01-25 21:41 <DIR> d-------- c:\documents and settings\korzarek\Data aplikací\Adobe(3)
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> d-------- c:\documents and settings\Administrator.KORZAREK\Plocha
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> d--h----- c:\documents and settings\Administrator.KORZAREK\Okolní tiskárny
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> d--h----- c:\documents and settings\Administrator.KORZAREK\Okolní síť
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> d-------- c:\documents and settings\Administrator.KORZAREK\Oblíbené položky
2009-01-14 13:53 . 2004-12-06 19:13 <DIR> d--h----- c:\documents and settings\Administrator.KORZAREK\Šablony
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> dr------- c:\documents and settings\Administrator.KORZAREK\Nabídka Start
2009-01-14 13:53 . 2006-09-25 18:20 <DIR> d-------- c:\documents and settings\Administrator.KORZAREK\Dokumenty
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> dr-h----- c:\documents and settings\Administrator.KORZAREK\Data aplikací
2009-01-14 13:53 . 2009-01-25 21:42 <DIR> d-------- c:\documents and settings\Administrator.KORZAREK
2009-01-11 17:21 . 2009-01-11 17:21 411 --a------ c:\windows\barcode.ini
2009-01-04 16:08 . 2009-01-04 16:11 <DIR> d-------- c:\documents and settings\korzarek\Data aplikací\Acronis
2009-01-04 16:05 . 2009-01-04 16:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Acronis
2009-01-04 16:01 . 2009-01-04 16:01 971,232 --a------ c:\windows\system32\drivers\tdrpm147.sys
2009-01-04 16:01 . 2009-01-04 16:01 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2009-01-04 16:01 . 2009-01-04 16:01 134,272 --a------ c:\windows\system32\drivers\snman380.sys
2009-01-04 16:01 . 2009-01-04 16:01 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-01-04 16:00 . 2009-01-04 16:00 <DIR> d-------- c:\program files\Common Files\Acronis
2009-01-04 16:00 . 2009-01-04 16:00 <DIR> d-------- c:\program files\Acronis
2009-01-01 18:35 . 2009-01-01 18:35 <DIR> d-------- c:\program files\Belarc
2009-01-01 18:35 . 2005-04-07 17:18 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
2009-01-01 15:51 . 2009-01-01 15:51 <DIR> d-------- c:\program files\esmska-0.12.2
2009-01-01 14:56 . 2009-01-01 14:56 <DIR> d-------- c:\program files\MidpX-emul.Java.her
2008-12-31 22:27 . 2008-12-31 22:27 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-31 18:25 . 2007-01-13 09:49 176,128 --a------ c:\windows\system32\igfxres.dll
2008-12-31 17:43 . 2008-12-31 17:43 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-29 23:29 . 2008-12-29 23:29 <DIR> d-------- c:\temp\Infikované

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 21:02 --------- d-----w c:\documents and settings\korzarek\Data aplikací\Orbit
2009-01-26 21:01 --------- d-----w c:\documents and settings\korzarek\Data aplikací\esmska
2009-01-26 20:32 --------- d-----w c:\documents and settings\korzarek\Data aplikací\AVG7
2009-01-25 20:42 --------- d-----w c:\program files\Spyware Terminator
2009-01-25 19:50 --------- d-----w c:\documents and settings\korzarek\Data aplikací\Skype
2009-01-25 19:41 --------- d-----w c:\program files\HiJackThis_v2
2009-01-25 19:08 --------- d-----w c:\documents and settings\korzarek\Data aplikací\Spyware Terminator
2009-01-19 18:46 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2008-12-31 21:27 --------- d-----w c:\program files\Google
2008-12-25 19:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-25 19:42 --------- d-----w c:\program files\Common Files\Adobe
2008-12-17 17:36 --------- d-----w c:\program files\Lavasoft
2008-12-17 17:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-17 17:20 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2008-12-17 16:45 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-12 21:47 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-06 21:53 --------- d-----w c:\program files\Mv2Player
2008-12-01 18:20 --------- d-----w c:\documents and settings\All Users\Data aplikací\Grisoft
2007-04-05 17:29 87,608 ----a-w c:\documents and settings\korzarek\Data aplikací\ezpinst.exe
2007-04-05 17:29 47,360 ----a-w c:\documents and settings\korzarek\Data aplikací\pcouffin.sys
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,961,984 2005-07-14 20:35:42 c:\program files\Ahead\Nero BackItUp\bak\NBJ.exe

----a-w 81,920 2004-06-16 04:03:04 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
----a-w 81,920 2004-06-16 04:03:04 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

----a-w 221,184 2004-06-16 04:03:26 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 221,184 2004-06-16 04:03:26 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

----a-w 32,768 2004-11-02 19:24:46 c:\program files\CyberLink\PowerDVD\bak\PDVDServ.exe

----a-w 1,226,752 2004-06-11 15:04:32 c:\program files\Intel\IDU\bak\iptray.exe

----a-w 36,975 2005-11-10 11:03:52 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe

----a-w 282,624 2006-09-11 15:48:43 c:\program files\QuickTime\bak\qttask.exe

----a-w 81,920 2006-12-10 16:26:38 c:\windows\bak\ALCFDRTM.EXE
----a-w 81,920 2007-04-05 18:33:09 c:\windows\ALCFDRTM.EXE

----a-w 118,784 2004-06-06 03:41:34 c:\windows\system32\bak\hkcmd.exe
----a-w 163,840 2007-01-13 08:47:04 c:\windows\system32\hkcmd.exe

----a-w 155,648 2004-06-06 03:45:36 c:\windows\system32\bak\igfxtray.exe
----a-w 131,072 2007-01-13 08:47:04 c:\windows\system32\igfxtray.exe

----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\bak\NeroCheck.exe

.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter\NetLimiter.exe" [2007-09-30 823296]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-20 590848]
"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2007-04-05 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-10 4366848]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-10 962112]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-10 165144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [N/A]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-16 219136]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-01-25 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32"= ir32.dll
"vidc.hfyu"= huffyuv.dll
"vidc.IV45"= Ir41_qc.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-10-21 23:41 57344 c:\program files\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]
--a------ 2002-11-02 07:33 45056 c:\program files\CloneDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
c:\program files\ICQLite\ICQLite.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-17 15:58 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 12:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"IDriverT"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Strong_DC++\\StrongDC.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Games\\Midtown 2\\Midtown2.exe"=
"c:\\Program Files\\MediaCoder\\mediacoder.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-01-04 134272]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [2009-01-04 971232]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2007-12-25 11776]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-17 142592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2004-06-01 10386]
S1 MUsbFltr;WayTechUSBFilterDriver; [x]
S1 UsbFltr;WayTechUSBFilterDriver; [x]
.
Obsah adresáře 'Naplánované úlohy'

2008-12-31 c:\windows\Tasks\zzzzz.job
- c:\windows\system32\ntbackup.exe [2004-08-17 14:49]
.
.
------- Doplňkový sken -------
.
uLocal Page = hxxp://www.prevx.com
uStart Page = hxxp://www.google.cz/ig?hl=cs
mLocal Page = hxxp://www.prevx.com
mStart Page = hxxp://www.prevx.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Link to &MidpX - c:\program files\MidpX-emul.Java.her\JadInvoker\Extent\jad_wrap.htm
LSP: c:\program files\NetLimiter\nl_lsp.dll
TCP: {B1887356-E0C9-4034-9D4D-229A27ECC4E9} = 10.107.4.100,10.107.4.129
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {C0F0B627-5D8A-4487-B773-EB33BF1BB43F} - hxxps://portal.viphone.cz/break/SIPEyePPhone.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 22:07:04
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-854245398-2147150499-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-854245398-2147150499-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-854245398-2147150499-839522115-1003)
@Allowed: (Read) (S-1-5-21-854245398-2147150499-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1196)
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll
.
Celkový čas: 2009-01-26 22:09:28
ComboFix-quarantined-files.txt 2009-01-26 21:09:26

Před spuštěním: 2 507 087 872
Po spuštění: 2,504,187,904

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

247

[jaro3]

Stáhni si FindAWF

a ulož si ho na plochu.Poklepej na něj, otevře se , požádá Tě o stisknutí kterékoliv klávesy k pokračování..Dostaneš se na menu, zvol 1 a potom enter. AWF začne skenování.Může to trvat několik minut. Když skončí sken automaticky se objeví text.soubor AWF.txt, ten sem prosím zkopíruj.

EDIT: Toto si sám vytvořil: c:\temp\Infikované ??

[Korzarek]

Ahoj.
Ano, ten C:\Temp\Infikovane jsem vytvoril sam. Mam tam "schovane" soubory s Keygeny k jednomu hudebnimu programu. Kdysi mi je jakysi sken oznacil jako potencialne nebezpecne. Nechtel jsem je mazat, tak jsem si je schoval tam :-). A jsou v klidu.

Udelal jsem ten scan AWF. Tady ho prikladam.
Diky

Výpis adresáře C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

16.06.2004 05:03 81 920 issch.exe
16.06.2004 05:03 221 184 ISUSPM.exe
2 souborů, 303 104 bajtů
Adresářů: 2, Volných bajtů: 2 530 025 472
Svazek v jednotce C je System.
Sériové číslo svazku je 10FB-A2D0.

Výpis adresáře C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

10.11.2005 12:03 36 975 jusched.exe
1 souborů, 36 975 bajtů
Adresářů: 2, Volných bajtů: 2 530 025 472


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

81920 5 Apr 2007 "C:\WINDOWS\ALCFDRTM.EXE"
81920 10 Dec 2006 "C:\WINDOWS\bak\ALCFDRTM.EXE"
282624 11 Sep 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
163840 13 Jan 2007 "C:\WINDOWS\system32\hkcmd.exe"
118784 6 Jun 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
163840 13 Jan 2007 "C:\WINDOWS\system32\DRVSTORE\igxp32_757949EFDD70357EE37252D828ACA09CDF5C75B7\hkcmd.exe"
118784 6 Jun 2004 "C:\WINDOWS\Drivers\Intel\Graphics\win2000\hkcmd.exe"
131072 13 Jan 2007 "C:\WINDOWS\system32\igfxtray.exe"
155648 6 Jun 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
131072 13 Jan 2007 "C:\WINDOWS\system32\DRVSTORE\igxp32_757949EFDD70357EE37252D828ACA09CDF5C75B7\igfxtray.exe"
155648 6 Jun 2004 "C:\WINDOWS\Drivers\Intel\Graphics\win2000\igfxtray.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
1961984 14 Jul 2005 "C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe"
32768 2 Nov 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
1226752 11 Jun 2004 "C:\Program Files\Intel\IDU\bak\iptray.exe"
81920 16 Jun 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 16 Jun 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 16 Jun 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 16 Jun 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
132496 25 Sep 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
144784 22 Feb 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
36975 10 Nov 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"

end of report

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

@echo off
move /Y "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime"

move /Y "c:\windows\bak\ALCFDRTM.EXE" "c:\windows\ALCFDRTM.EXE "

move /Y "c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe " "c:\programfiles\Java"

move /Y "c:\program files\Ahead\Nero BackItUp\bak\NBJ.exe " "c:\program files\Ahead\Nero BackItUp"

move /Y "c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
 " "c:\program files\Common Files\InstallShield\UpdateService\issch.exe "

move /Y "c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
" "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe "

move /Y "c:\program files\CyberLink\PowerDVD\bak\PDVDServ.exe
 " "c:\program files\CyberLink\PowerDVD"

move /Y "c:\windows\system32\bak\hkcmd.exe " "c:\windows\system32\hkcmd.exe"

move /Y "c:\windows\system32\bak\igfxtray.exe" "c:\windows\system32\igfxtray.exe"

move /Y "c:\windows\system32\bak\NeroCheck.exe" "c:\windows\system32\NeroCheck.exe"

move /Y "c:\program files\Intel\IDU\bak\iptray.exe" "c:\program files\Intel\IDU"


Ulož si ho na plochu, název dej : Replace.bat , typ souboru dej : Všechny soubory .
Po uložení najdi na ploše tento soubor a poklepej na něj. Otevře se okno a zase se zavře.Restartuj PC.
************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\program files\QuickTime\bak
c:\windows\bak
c:\program files\Java\jre1.5.0_06\bin\bak
c:\program files\Ahead\Nero BackItUp\bak
c:\program files\Common Files\InstallShield\UpdateService\bak
c:\program files\CyberLink\PowerDVD\bak
c:\windows\system32\bak

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:0000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Korzarek]

Ahoj,
tak tady to je:

ComboFix 09-01-21.04 - korzarek 2009-01-28 19:24:21.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2039.1583 [GMT 1:00]
Spuštěný z: c:\documents and settings\korzarek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\korzarek\Plocha\CFScript.txt
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ahead\Nero BackItUp\bak
c:\program files\Common Files\InstallShield\UpdateService\bak
c:\program files\CyberLink\PowerDVD\bak
c:\program files\Java\jre1.5.0_06\bin\bak
c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe
c:\program files\QuickTime\bak
c:\windows\bak
c:\windows\bak\ALCFDRTM.EXE
c:\windows\system32\bak
c:\windows\system32\bak\hkcmd.exe
c:\windows\system32\bak\igfxtray.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-28 do 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-25 21:42 . 2009-01-25 21:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-01-25 21:31 . 2009-01-25 21:41 <DIR> d-------- c:\documents and settings\korzarek\Data aplikací\Adobe(3)
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> d-------- c:\documents and settings\Administrator.KORZAREK\Plocha
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> d--h----- c:\documents and settings\Administrator.KORZAREK\Okolní tiskárny
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> d--h----- c:\documents and settings\Administrator.KORZAREK\Okolní síť
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> d-------- c:\documents and settings\Administrator.KORZAREK\Oblíbené položky
2009-01-14 13:53 . 2004-12-06 19:13 <DIR> d--h----- c:\documents and settings\Administrator.KORZAREK\Šablony
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> dr------- c:\documents and settings\Administrator.KORZAREK\Nabídka Start
2009-01-14 13:53 . 2006-09-25 18:20 <DIR> d-------- c:\documents and settings\Administrator.KORZAREK\Dokumenty
2009-01-14 13:53 . 2004-12-06 20:07 <DIR> dr-h----- c:\documents and settings\Administrator.KORZAREK\Data aplikací
2009-01-14 13:53 . 2009-01-25 21:42 <DIR> d-------- c:\documents and settings\Administrator.KORZAREK
2009-01-11 17:21 . 2009-01-11 17:21 411 --a------ c:\windows\barcode.ini
2009-01-04 16:08 . 2009-01-04 16:11 <DIR> d-------- c:\documents and settings\korzarek\Data aplikací\Acronis
2009-01-04 16:05 . 2009-01-04 16:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Acronis
2009-01-04 16:01 . 2009-01-04 16:01 971,232 --a------ c:\windows\system32\drivers\tdrpm147.sys
2009-01-04 16:01 . 2009-01-04 16:01 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2009-01-04 16:01 . 2009-01-04 16:01 134,272 --a------ c:\windows\system32\drivers\snman380.sys
2009-01-04 16:01 . 2009-01-04 16:01 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-01-04 16:00 . 2009-01-04 16:00 <DIR> d-------- c:\program files\Common Files\Acronis
2009-01-04 16:00 . 2009-01-04 16:00 <DIR> d-------- c:\program files\Acronis
2009-01-01 18:35 . 2009-01-01 18:35 <DIR> d-------- c:\program files\Belarc
2009-01-01 18:35 . 2005-04-07 17:18 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
2009-01-01 15:51 . 2009-01-01 15:51 <DIR> d-------- c:\program files\esmska-0.12.2
2009-01-01 14:56 . 2009-01-01 14:56 <DIR> d-------- c:\program files\MidpX-emul.Java.her
2008-12-31 22:27 . 2008-12-31 22:27 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-31 18:25 . 2007-01-13 09:49 176,128 --a------ c:\windows\system32\igfxres.dll
2008-12-31 17:43 . 2008-12-31 17:43 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-29 23:29 . 2008-12-29 23:29 <DIR> d-------- c:\temp\Infikované

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 18:24 --------- d-----w c:\program files\QuickTime
2009-01-27 19:56 --------- d-----w c:\documents and settings\korzarek\Data aplikací\Orbit
2009-01-26 21:01 --------- d-----w c:\documents and settings\korzarek\Data aplikací\esmska
2009-01-26 20:32 --------- d-----w c:\documents and settings\korzarek\Data aplikací\AVG7
2009-01-25 20:42 --------- d-----w c:\program files\Spyware Terminator
2009-01-25 19:50 --------- d-----w c:\documents and settings\korzarek\Data aplikací\Skype
2009-01-25 19:41 --------- d-----w c:\program files\HiJackThis_v2
2009-01-25 19:08 --------- d-----w c:\documents and settings\korzarek\Data aplikací\Spyware Terminator
2009-01-19 18:46 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2008-12-31 21:27 --------- d-----w c:\program files\Google
2008-12-25 19:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-25 19:42 --------- d-----w c:\program files\Common Files\Adobe
2008-12-17 17:36 --------- d-----w c:\program files\Lavasoft
2008-12-17 17:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-17 17:20 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2008-12-17 16:45 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-12 21:47 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-06 21:53 --------- d-----w c:\program files\Mv2Player
2008-12-01 18:20 --------- d-----w c:\documents and settings\All Users\Data aplikací\Grisoft
2007-04-05 17:29 87,608 ----a-w c:\documents and settings\korzarek\Data aplikací\ezpinst.exe
2007-04-05 17:29 47,360 ----a-w c:\documents and settings\korzarek\Data aplikací\pcouffin.sys
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-26_22.07.38,17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-09 10:50:42 155,648 ----a-w c:\windows\system32\NeroCheck.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter\NetLimiter.exe" [2007-09-30 823296]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-20 590848]
"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2007-04-05 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-10 4366848]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-10 962112]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-10 165144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-16 219136]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-01-25 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32"= ir32.dll
"vidc.hfyu"= huffyuv.dll
"vidc.IV45"= Ir41_qc.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-10-21 23:41 57344 c:\program files\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]
--a------ 2002-11-02 07:33 45056 c:\program files\CloneDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 23:00 128920 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-17 15:58 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 12:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"IDriverT"=3 (0x3)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Strong_DC++\\StrongDC.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Games\\Midtown 2\\Midtown2.exe"=
"c:\\Program Files\\MediaCoder\\mediacoder.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-01-04 134272]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [2009-01-04 971232]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2007-12-25 11776]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-17 142592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2004-06-01 10386]
S1 MUsbFltr;WayTechUSBFilterDriver; [x]
S1 UsbFltr;WayTechUSBFilterDriver; [x]
.
Obsah adresáře 'Naplánované úlohy'

2008-12-31 c:\windows\Tasks\zzzzz.job
- c:\windows\system32\ntbackup.exe [2004-08-17 14:49]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Acrobat Assistant 8.0 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe


.
------- Doplňkový sken -------
.
uLocal Page = hxxp://www.prevx.com
uStart Page = hxxp://www.google.cz/ig?hl=cs
mLocal Page = hxxp://www.prevx.com
mStart Page = hxxp://www.prevx.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Link to &MidpX - c:\program files\MidpX-emul.Java.her\JadInvoker\Extent\jad_wrap.htm
LSP: c:\program files\NetLimiter\nl_lsp.dll
TCP: {B1887356-E0C9-4034-9D4D-229A27ECC4E9} = 10.107.4.100,10.107.4.129
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {C0F0B627-5D8A-4487-B773-EB33BF1BB43F} - hxxps://portal.viphone.cz/break/SIPEyePPhone.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 19:25:44
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-854245398-2147150499-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-854245398-2147150499-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-854245398-2147150499-839522115-1003)
@Allowed: (Read) (S-1-5-21-854245398-2147150499-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1188)
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll
.
Celkový čas: 2009-01-28 19:26:56
ComboFix-quarantined-files.txt 2009-01-28 18:26:54
ComboFix2.txt 2009-01-26 21:09:29

Před spuštěním: 2 493 509 632
Po spuštění: 2,484,330,496

230


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:29:56, on 28.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis_v2\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevx.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX-emul.Java.her\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\MidpX-emul.Java.her\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\MidpX-emul.Java.her\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4590129203
O16 - DPF: {C0F0B627-5D8A-4487-B773-EB33BF1BB43F} (EMSIP Class) - https://portal.viphone.cz/break/SIPEyePPhone.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1887356-E0C9-4034-9D4D-229A27ECC4E9}: NameServer = 10.107.4.100,10.107.4.129
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper Lite.lnk (Diskeeper) - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9817 bytes

/odstraněna barva textu. splývalo to.memphisto

[jaro3]

Díky memphisto..
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše.

[Korzarek]

Ahoj,

tak jsem vše provedl přesně podle instrukcí. Všechno proběhlo OK, pouze ten T-Cleaner se mi po stáhnutí (ani opakovaném) nepovedlo spustit. Zahlásí to "Chyba při vykonávání programu"...

Dále jsme při našem laborování vypnuli aktualizace Windows. Asi bych je měl zapnout, ne?

Ale hlavně:
Te Acrobat Professional v.8 mi padá dál. Prostě po pár vteřinách zhasne bez jediné hlášky. Pozoroval jsem to ve Spravci programů, rozbehl se Acrobat.exe a kdyz se na pozadi zavre to okno Acrobatu, zmizi i tento proces ve spravci.

V kazdem pripade jsem rad ze mi tak nezistne pomahas, ale zatim to nejak nedokazu docenit, protoze zatim zadnou změnu nepozoruju.

Tu druhou zavadu (nekolikanásobný rester při startu PC) zatim nedokazu posoudit. Tento tyden se dostavam k PC jen na chvili vzdy vecer a nemam tedy moc prilezitosti to pozorovat.

Co jsme to tedy vlastne odstranili a co tomu bylo?

Díky za všechny odpovědi na mé zvídavé otázky

Korzarek

[jaro3]

Aktualizace si rozhodně zapni. Přeinstaloval jsi zavirovaný PC , to se většinou nepodaří..Nyní by měl být PC bez nákazy,( pokus sis zase něco nestáhnul), ale možná je systém poškozený a bude třeba ho opravit. Napiš co vše nefunguje, znovu reinstaluj Adobe Acrobat.Když budeš používat v menu start s poslední známou konfigurací , nákaza se Ti samozřejmě vrátí.
S tím Startem-Otestuj HDD utilitou od výrobce a RAM Memtestem ( nejméně 2 hodiny). Zkus defragmentovat HDD.Můžeš mít poškozený disk, čemuž nasvědčuje jak píšeš -někdy vyžaduje chdsk.
Pokud nemáš zkušenosti s otestováním HDD utilitou od výrobce -zadej téma do sekce problémy s HW.