Pomalé odhlašování WIN XP SP3

niessnet · Příspěvekod **niessnet** » 12 dub 2009 22:36

Zdravím,
posledních pár týdnů se mi stává, že při odhlašování dlouho trvá, než se povypínají všechny aplikace a než naběhne modrá obrazovka s nápisem Odhlašování. Zajímavé je, že se to děje jen u jednoho účtu v počítači, u jiného funguje odhlašování rychle.
Utilitu UPHClean používám, ale nepomohla ani její reinstalace.
Pomocí Process exploreru jsem se pokoušel při odhlašování zjistit, který proces zdržuje, ale nepodařilo se.
Počítač jsem zkontroloval několika na sobě nezávislými antiviry, i online scannery. Jinou podivnou činnost nevykazuje.
V Hijacku mě nenapadá nic, co bych mohl fixnout. Log pro jistotu přikládám:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:05, on 12.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Instalace\Bezpecnost\Avast\aswUpdSv.exe
C:\Instalace\Bezpecnost\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Instalace\Bezpecnost\Avast\ashMaiSv.exe
C:\Instalace\Bezpecnost\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\INSTAL~1\BEZPEC~1\Avast\ashDisp.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Instalace\Bezpecnost\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\WINDOWS\vsnpstd3.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Instalace\Sprava\Unlocker\UnlockerAssistant.exe
C:\Instalace\Sit\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\INSTALACE\SPRAVA\PROCESSEXPLORERNT\PROCEXP.EXE
C:\Instalace\Komunikace\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Instalace\Bezpecnost\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\INSTAL~1\BEZPEC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\INSTAL~1\BEZPEC~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Instalace\Bezpecnost\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Instalace\Sprava\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Instalace\Sit\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\INSTAL~1\BEZPEC~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\INSTAL~1\BEZPEC~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\Komunikace\ICQ\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\Komunikace\ICQ\ICQ6.5\ICQ.exe
O15 - Trusted Zone: *.cenzura
O15 - Trusted Zone: *.cenzura
O15 - Trusted Zone: *.cenzura
O15 - Trusted Zone: *.cenzura
O15 - Trusted IP range: 10.43.17.10
O15 - Trusted IP range: 10.43.17.36
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9057445312
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Instalace\Bezpecnost\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8407 bytes

Díky za případnou pomoc.

Reklama

onewinger · Příspěvekod **onewinger** » 12 dub 2009 22:41

Ten log dej do správné sekce nebo poprost nějakého móda ať to tam dá. :wink:

A jinak stím dlouhým odhlašováním mám taky problém, úplně stejné jen u jednoho účtu a PC mám taky čistý, antvir nic nenašel a na fóru mi v logu taky nic nenašli. Je to asi další záhada ze strany windowsu :bigups:

Příspěvekod **Myloš** » 12 dub 2009 22:48

Přesunuto.

niessnet · Příspěvekod **niessnet** » 12 dub 2009 23:05

Pardon, ten log jsem nepovažoval za důležitý, protože jak řikáš - asi mi v něm nikdo nic nenajde. Všechny ty aplikace jsou podle mě čistý, jde asi o nějakou chybu mezi nebem a zemí (nebo klávesnicí a židlí

). Kdyby to bylo u stolního kompu, nemám s tím asi problém. Ovšem u noťasu to trošku zdržuje - pokud nechci použít režim spánku.
Snažil jsem se vyvarovat toho, abych musel založit nový účet a všechno do něj přeházet. Podobně časově náročné je i povypínání služeb a programů po spuštění a jejich postupné zapínání. Teď to asi vypadá, že si budu muset tu hromadu restartů protrpět.

Příspěvekod **jaro3** » 13 dub 2009 07:58

Nedělá Ti problémy : StartupDelayer ?

Odinstaluj:
DAEMON Tools Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O15 - Trusted Zone: *.cenzura
O15 - Trusted IP range: 10.43.17.10
O15 - Trusted IP range: 10.43.17.36
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab

Vypni rez. ochranu u Avastu+deaktivuj ZoneAlarm a Spybot.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

niessnet · Příspěvekod **niessnet** » 15 dub 2009 00:35

Všechno provedeno, problém stále přetrvává. Startup delayer jsem nainstaloval až poté, co se objevily problémy s odhlašováním.
log přikládám:

ComboFix 09-04-15.01 - Tomáš Niessner 15.04.2009 0:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.607 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomáš Niessner\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning disabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\autorun.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

----- BITS: Možné infikované stránky -----

hxxp://banksguard com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-14 do 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-12 23:48 . 2008-04-14 06:52 26112 ----a-w c:\windows\system32\stu2.exe
2009-04-04 16:53 . 2008-04-14 06:51 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-04 16:53 . 2008-04-14 06:51 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-04 16:53 . 2009-04-04 16:54 -------- d-----w c:\documents and settings\Host\Data aplikací\U3
2009-04-03 17:03 . 2009-04-03 17:04 2097152 ----a-w C:\Perf.ETL
2009-04-01 17:47 . 2009-04-01 17:47 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\MailFrontier
2009-04-01 16:27 . 2009-04-01 16:27 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\r2 Studios
2009-04-01 16:27 . 2009-04-01 16:27 -------- d-----w c:\documents and settings\All Users\Data aplikací\r2 Studios
2009-04-01 13:16 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-04-01 13:16 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-04-01 13:16 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-04-01 13:16 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-04-01 13:16 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-01 13:16 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-04-01 13:16 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-01 13:16 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-04-01 13:16 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-04-01 13:15 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-04-01 13:15 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-01 13:15 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-04-01 11:58 . 2009-04-01 11:58 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Mozilla
2009-04-01 11:58 . 2009-04-01 11:58 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Mozilla
2009-04-01 11:58 . 2009-04-01 11:58 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Mozilla
2009-03-28 18:59 . 2009-03-28 18:59 -------- d-sh--w c:\documents and settings\Host\IECompatCache
2009-03-28 18:58 . 2009-03-28 18:58 -------- d-sh--w c:\documents and settings\Host\PrivacIE
2009-03-28 18:56 . 2009-03-28 18:56 -------- d-sh--w c:\documents and settings\Host\IETldCache
2009-03-26 22:15 . 2009-04-01 20:13 1234 ----a-w c:\windows\SiRFdemo.INI
2009-03-25 12:20 . 2009-03-25 12:20 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-03-19 21:43 . 2009-03-19 21:45 -------- dc-h--w c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 22:19 . 2008-10-03 17:53 72939552 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 22:19 . 2008-10-03 17:53 72927264 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 22:18 . 2008-08-18 12:19 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-14 22:15 . 2008-10-03 17:53 855692 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-14 22:07 . 2008-08-18 10:28 -------- d-----w c:\program files\Launch Manager
2009-04-14 21:57 . 2008-08-18 13:09 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-14 19:26 . 2009-02-10 20:16 -------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-12 23:47 . 2004-08-18 18:00 28160 ----a-w c:\windows\system32\userinit.exe
2009-04-09 13:16 . 2008-08-18 12:34 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-09 11:14 . 2009-04-09 11:13 404 ------w C:\Win32.Worm.Downladup.Gen.log
2009-04-07 21:33 . 2008-08-18 12:32 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-06 13:32 . 2009-01-23 12:53 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-23 12:53 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 17:02 . 2005-04-13 10:31 83586 ----a-w c:\windows\system32\perfc005.dat
2009-04-03 17:02 . 2005-04-13 10:31 439390 ----a-w c:\windows\system32\perfh005.dat
2009-04-01 16:20 . 2009-04-01 16:20 -------- d-----w c:\program files\UPHClean
2009-04-01 15:24 . 2009-04-01 15:24 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-01 13:16 . 2009-04-01 13:15 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-31 17:20 . 2008-10-03 17:49 72584 ----a-w c:\windows\zllsputility.exe
2009-03-31 17:20 . 2008-11-03 15:07 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-03-24 10:33 . 2008-11-12 16:50 7880702 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-03-16 23:10 . 2008-08-18 13:20 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\Skype
2009-03-16 23:00 . 2008-08-18 13:21 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\skypePM
2009-03-16 12:18 . 2009-04-03 18:11 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-03 18:11 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-03 18:11 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-03 18:11 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-15 10:16 . 2009-03-15 10:16 -------- d-----w c:\program files\Common Files\Futuremark Shared
2009-03-15 10:16 . 2005-04-13 10:03 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 18:09 . 2009-03-11 18:09 -------- d-----w c:\documents and settings\LocalService\Data aplikací\Softland
2009-03-11 16:58 . 2008-08-18 12:26 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-09 13:27 . 2009-04-03 18:11 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-03 18:11 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-03 18:11 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-08 13:09 . 2004-08-18 18:00 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 13:09 . 2004-08-18 18:00 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 03:41 . 2004-08-18 18:00 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 03:39 . 2008-08-18 19:45 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 03:34 . 2004-08-18 18:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-18 18:00 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 03:34 . 2004-08-18 18:00 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 03:34 . 2004-08-18 18:00 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 03:34 . 2004-08-18 18:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:34 . 2004-08-18 18:00 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 03:34 . 2004-08-18 18:00 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 03:34 . 2004-08-18 18:00 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 03:34 . 2004-08-18 18:00 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 03:33 . 2004-08-18 18:00 759296 ----a-w c:\windows\system32\dllcache\vgx.dll
2009-03-08 03:33 . 2004-08-18 18:00 18944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 03:33 . 2004-08-18 18:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-18 18:00 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 03:33 . 2004-08-18 18:00 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 03:33 . 2004-08-18 18:00 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 03:33 . 2004-08-18 18:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 . 2004-08-18 18:00 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 03:33 . 2004-08-18 18:00 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 03:32 . 2004-08-18 18:00 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 03:32 . 2004-08-18 18:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-18 18:00 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 03:32 . 2004-08-18 18:00 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 03:32 . 2004-08-18 18:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:32 . 2004-08-18 18:00 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 03:32 . 2004-08-18 18:00 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 03:32 . 2004-08-18 18:00 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 03:32 . 2004-08-18 18:00 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 03:32 . 2008-08-18 19:45 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 03:32 . 2008-08-18 19:45 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 03:32 . 2004-08-18 18:00 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 03:24 . 2004-08-18 18:00 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 03:22 . 2004-08-18 18:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 03:22 . 2004-08-18 18:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 03:11 . 2008-08-18 19:45 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-03 10:14 . 2008-08-25 22:21 -------- d-----w c:\program files\Common Files\Adobe
2009-03-03 09:12 . 2009-03-03 09:12 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\WordToPDF
2009-03-03 09:08 . 2009-03-03 09:08 74 ----a-w C:\pdfinfo.ini
2009-03-02 14:13 . 2009-03-11 18:08 20648 ----a-w c:\windows\system32\dopdfmn6.dll
2009-03-02 14:13 . 2009-03-11 18:08 18088 ----a-w c:\windows\system32\dopdfmi6.dll
2009-02-28 04:55 . 2009-02-06 14:18 105984 ----a-w c:\windows\system32\dllcache\iecompat.dll
2009-02-26 10:34 . 2008-08-18 19:46 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 13:10 . 2009-02-25 13:10 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\Thinstall
2009-02-24 11:10 . 2008-09-28 18:42 43264 ----a-w c:\documents and settings\Tomáš Niessner\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-23 14:27 . 2009-02-23 14:27 43264 ----a-w c:\documents and settings\Host\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-23 09:43 . 2009-01-29 21:58 -------- d-----w c:\program files\Microsoft ActiveSync
2009-02-15 00:13 . 2008-08-18 13:20 -------- d-----r c:\program files\Skype
2009-02-15 00:13 . 2008-08-18 13:20 -------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-02-15 00:13 . 2009-02-15 00:13 -------- d-----w c:\program files\Common Files\Skype
2009-02-14 14:33 . 2008-08-21 16:00 43264 ----a-w c:\documents and settings\Host\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-09 14:07 . 2004-08-18 18:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:07 . 2004-08-18 18:00 1846784 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-07 11:11 . 2008-08-18 10:59 43264 ----a-w c:\documents and settings\Tomáš Niessner\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-06 20:07 . 2008-08-18 19:45 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat
2009-02-01 12:23 . 2008-10-09 19:02 5139 ----a-w C:\WirelessDiagLog.csv
2008-08-18 23:06 . 2008-08-18 23:06 134 ----a-w c:\documents and settings\Tomáš Niessner\Local Settings\Data aplikací\fusioncache.dat
.

------- Sigcheck -------

[7] 2004-08-18 18:00 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 06:52 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-04-12 23:47 28160 7BBD5C825E5BE9DCD9BC5A31FBCF12A5 c:\windows\system32\userinit.exe
[7] 2008-04-14 06:52 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\instal~1\BEZPEC~1\Avast\ashDisp.exe" [2009-02-05 81000]
"epm-dm"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"ZoneAlarm Client"="c:\instalace\Bezpecnost\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"StartupDelayer"="c:\instalace\Sprava\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"DU Meter"="c:\instalace\Sit\DU Meter\DUMeter.exe" [2004-10-27 1465344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\instalace\Media\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš Niessner^Nabídka Start^Programy^Po spuštění^tsnpstd3.lnk]
backup=c:\windows\pss\tsnpstd3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08 2512392 ----a-w c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 ----a-w c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"aawservice"=3 (0x3)
"gusvc"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate1c98bbf3f832606"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"PCMService"="c:\program files\Arcade\PCMService.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 cpuz130;cpuz130; [x]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2008-11-21 23600]
R4 gupdate1c98bbf3f832606;Google Update Service (gupdate1c98bbf3f832606);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S1 aswSP;avast! Self Protection; [x]
S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096]
S2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208]
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\instalace\Sprava\TuneUp\SystemOptimizer.exe [2006-12-19 13:13]

2009-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 12:20]

2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: dobrovolny
Trusted Zone: majsner
Trusted Zone: niessner-ntb2
Trusted Zone: niessner1
FF - ProfilePath - c:\documents and settings\Tomáš Niessner\Data aplikací\Mozilla\Firefox\Profiles\eh25qr6n.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\instalace\Media\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\instalace\Media\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 00:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="CDE72D7D4D8ABFC3508A731285DDAAC907377EC57A41D9AF63B3229239981744811AD4EE6FA914E74FD69282422AC01689C89F74EC5E6EEFFCE010432FCAC566A45C2AB290EF0BE30F098C426D96B1171B1CB0B95DB241C2F91B33C4DDCF0A9B0D4F701B538FA9C30BCE73BDDFB8E0447C10B1BCFA54B224FE921617E75DE18C63955FA273802C78115D4B078768E474C08913C5079B58F8067E395C83EE7D44275524E2B97E7FD5436B0DD1E3C10B674FF1BA4558A6F985DA960D5B7EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A2D97226D213B5559DB7CE019D40AA5CDDC20C3815A3E6787BA91D18EC0516BE281C75C026D63D945AB82B848A0E21C6476FBB119D72D44D87219D34CAB193323C93E57E16362C55D7B8F31F67D7FC80E3C4BBA75CD2F844E30B920BB29B48A7463D14FD3C77702C59E5159AE6658B1B67C222DA52E199A948E89A60F5EED4E29837C80BD971A070F5991DE6DADC7EA548A3E86082B1A060AA6EB84CE9497CBACFD130C2B6F0798E07E202C69C57AB3F45D1EBBEF5C89CDDCA0552BC683EA49B4A13D8179CB55B87AC051BD008610A9D5D6DEE523A21BD2E284832F1CE55D9042834354D5BF44AED4A75A56FFA7BB80CD348144ADFA8DAED878808817F09C907D1239E01C5D4EC6B07DE4261D91C7766B26CE6AB7A40EECFF3CAE3D35F4847CBF082CE1DB072103CCD21F23B8D2A2B1D441354CBA4BF951BB9483D2558764A0E72A566E5F75E24304ECCA3607F855B369AADAED979F01329E96CEF07D86A6D1D0997E76EF99BBC2C7B299E8E227CB7CB875E29521A904BE859D7B75D51EEEEDB2B943A24192210270CB01554E6568F8AA5FCDF0B2A51C95B21DF39E1B8C232C293102BC13D5F7CAFFA139A92C54AD7B2CF954D2B53593C979F8CF8A0861A3EDA3F2EE75B50B0806308312801BA072A9AA567D5AD43437348F31A63F9BA9B3DC4F0C804D4BFEDC07836231A2B46AC42AC0C653D64A89CE5AB85F9C4A45562FE34AE6CF7E8005B04B6CC32B16F6A4F0363ABB7AB713966AD937CCFD1275D7BF5EFC2DC1E248737B7F8D6DC11012FF86E52EF3AB1CC2D9788E545F31FDFDAEDB9D3BB8D37EACF316A32A3D542E422A7AF9E097C3EC2C19A581E9174287EDCAC83CD6AA865EFD76DD0644584B2F6D0CA927F6BC0A7F2B74D2349D70FCA0875A5B3E2658CB03F24024229948230664FC709C4CE00A750D281928A4E3C4956B8B5CDA809C983B5B7FEBAACAB9E7136B578A64EB0645A235B7D749675A04A154131764BEFA52F85A1DFDAAD6ADB8CBC1FA826124F4E42091F7A3CBA8C1BD7452C5F7A897F9BE433EC1C6682F2EF80A3AB1A63192FD1C46E6FA67D5218BBE0BB9B7A48B7DAD6BD"
"OODEFRAG10.00.00.01WORKSTATION"="E22062778326BBCB891CF1C4A05A3CBA8BD245F93F656A9B95D5C6794C514F61B0838786A1A19561C1652E6F84F4A80D731638D1E1399537D5BC0B63E7EBC669E39B525469708F4E4EA5B1BD90EC7D22132CC79BE5C187417095F761A38A83B51EAD929759AFED6358FB4282E288063F422D4AECA711B0100B9119ECB727B74BED252AC6A8E24AF8812A355ACBF4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A2D97226D213B55510AD68A17F1FE0A53344AC01F3524DA5E32F56287923C0FA1A02AF9673C9E92937E5599DDA90C3108DFD927EEAC952523A5ED79226469E494D154F089F6A1202C3BA072A254997D4CB1E7BBDA6D11184E1787B6AFB901CF3B4B5D0B5747EA365E3483B0B385AC8CF0212C0DBF21D95BE705A48C5DEF580C789D2854B8BD6C10915AFB5260219F640124D2D96B6A11BE8D0E8B4DAC8ACC674DB61B11B918EC384AB16A603861EF74636457F51E79A154EBF882C84442F9B8E8CD80E994700B5D65023B4D2D947D36A79F1EA129084A79DD0A58FC5723EE38E54B3C8DF834BD661FC03FAE527B4C515BFD29584D1232CEA67AEB24007DCB5D03DF1822B2ED59A6704680532AD4DC0173B681B77DDFA30AEBD145EBC4B515A952618505B45C6A815078558D13D39672176390B5EFAD7F6C163CF4DA69A27D00341AD3BF4D98ADBF67E166782BF65924ACCCEE74E8747F3E4385A300EE42ECB9E96BD3F229051C57DB6D39EA52C82CF8C6EB52883F09AD1BC73B3AA272F77B2D600584F30240F27FE4E005B4212875DC66280B8DD3968ED4E1EDCD549915D9EFA2C10CF0E607C79B4BA60EE01142B33BA7FC476DD798C5907955E3C7039785E409E7E18D2A795E7BB423DA0B0686D760FF41BB6ACDCA1D9348B41DF3EE429753EAD3E77B5EE99D1150162A944588D064EC0A33D13220EE90C8715B1F36991997283EE2E943E0DC9A7E7A039CE4490716639FDC7021C73B52461EC9C7A2F1AB4BC9FB4706FB5B8193B39CE6E0D1C407CAA85CF840CB3409EF7C75E7C5E326C6660D536686C8329BAFE0EC262DAE62AA1D1A5C317E5E2203CE5BC831FCE837901084A9E32D3EE2DDD8250D99E3BBF9E0CF4E68695ECB885D434957D4AA047720C3EF9A0DF92D0D965BB41F51F5353331D13EF4B0B9F59A669087C6CB6CAB450BF74B36DF5B91686698574F958ED66C0E70EB9C57720FAFEA86DEDF80E6899CD0CFE183CEC7DBF50B69AD151AEF84CE436AD1030CBB5EACA7AD33DCB72BBD4E89315204AB2B76397C91F15E47D857180041A15C9F24B060D768F8F9576275B66ABD495572764AB7F5A17CCA712C8D3B882643BD2C36F410DEA56DE87A3B2B44CE03E18A520255470CBEB5E8E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\SynTPFcs.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\instalace\Bezpecnost\Avast\aswUpdSv.exe
c:\instalace\Bezpecnost\Avast\ashServ.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\UPHClean\uphclean.exe
c:\instalace\Bezpecnost\Avast\ashMaiSv.exe
c:\instalace\Bezpecnost\Avast\ashWebSv.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\system32\rundll32.exe
c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
c:\acer\Empowering Technology\eRecovery\Monitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
c:\windows\system32\wbem\unsecapp.exe
c:\acer\Empowering Technology\eRecovery\Monitor.exe
c:\acer\Empowering Technology\admtray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-04-14 0:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-14 22:22

Před spuštěním: Volných bajtů: 16 922 435 584
Po spuštění: Volných bajtů: 16 858 701 824

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

353 --- E O F --- 2009-03-16 10:22

Příspěvekod **jaro3** » 15 dub 2009 08:55

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\stu2.exe
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Máš dva antiviry:
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning disabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
Odinstaluj nejspíše Avast.

Stahoval jsi nějaký program typu:
How to remove the Downadup and Conficker worm
C:\Win32.Worm.Downladup.Gen.log ??

niessnet · Příspěvekod **niessnet** » 15 dub 2009 10:58

Nějaký takový program jsem stahoval - pravděpodobně ze Stahuj.cz nebo ze Slunecnice.cz, přikládám log, který on sám vytvořil, název logu byl Win32.Worm.Downladup.Gen.txt:
Ok Loading BitDefender Engines
State 0
Sleeping 3 seconds...
Found so far : 0x0 files/regs
Searching for Downadup file ....
- System folder
- Temporary folder
tkown -> C:\DOCUME~1\TOMÁ`N~1\LOCALS~1\Temp\~DF7F31.tmp
tkown -> C:\DOCUME~1\TOMÁ`N~1\LOCALS~1\Temp\~DFCF4C.tmp
- Program Files
- Application Data
Found so far : 0x0 files/regs
No Traces of Downadup Worm were found

Pokud se týká dvou antivirů, ZoneAlarm Antivirus nepoužívám - je deaktivován - ale používám jeho firewall. Jako antivirus používám právě Avasta a nikdy nebyl problém. Donedávna jsem měl NOD32 a taky bez problému.

Provedl jsem, to co jsi psal, při spuštění ComboFixu se mě zeptal, zda do chci aktualizovat - dal jsem ano. Po restartu se nic nestalo, naběhla sice plocha (bez ikon a panelu), ale nespustily se žádné programy po spuštění, ani explorer.exe, ani ComboFix. Spustil jsem proto Explorer přes správce úloh a poté naběhla jak plocha s ikonami a programy po spuštění, tak ComboFix, který dokončil log. Přidávám ho níže. Od té chvíle několik minut po přihlášení nenabíhá Explorer.exe, musím ho spouštět ručně - budu asi muset provést Obnovení systému.
Log z combofixu:

ComboFix 09-04-15.08 - Tomáš Niessner 15.04.2009 10:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.519 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomáš Niessner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomáš Niessner\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning disabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx
c:\windows\system32\stu2.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\stu2.exe
c:\windows\system32\drivers\fidbox.dat . . . . nemohl být smazán
c:\windows\system32\drivers\fidbox.idx . . . . nemohl být smazán

----- BITS: Možné infikované stránky -----

hxxp://banksguard com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-15 do 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 08:08 . 2009-04-15 08:29 706592 ----a-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 08:08 . 2009-04-15 08:19 3692 ------w c:\windows\system32\drivers\fidbox.idx
2009-04-04 16:53 . 2008-04-14 06:51 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-04 16:53 . 2008-04-14 06:51 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-04 16:53 . 2009-04-04 16:54 -------- d-----w c:\documents and settings\Host\Data aplikací\U3
2009-04-03 17:03 . 2009-04-03 17:04 2097152 ----a-w C:\Perf.ETL
2009-04-01 17:47 . 2009-04-01 17:47 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\MailFrontier
2009-04-01 16:27 . 2009-04-01 16:27 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\r2 Studios
2009-04-01 16:27 . 2009-04-01 16:27 -------- d-----w c:\documents and settings\All Users\Data aplikací\r2 Studios
2009-04-01 13:16 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-04-01 13:16 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-04-01 13:16 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-04-01 13:16 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-04-01 13:16 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-01 13:16 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-04-01 13:16 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-01 13:16 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-04-01 13:16 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-04-01 13:15 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-04-01 13:15 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-01 13:15 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-04-01 11:58 . 2009-04-01 11:58 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Mozilla
2009-03-28 18:59 . 2009-03-28 18:59 -------- d-sh--w c:\documents and settings\Host\IECompatCache
2009-03-28 18:58 . 2009-03-28 18:58 -------- d-sh--w c:\documents and settings\Host\PrivacIE
2009-03-28 18:56 . 2009-03-28 18:56 -------- d-sh--w c:\documents and settings\Host\IETldCache
2009-03-26 22:15 . 2009-04-01 20:13 1234 ----a-w c:\windows\SiRFdemo.INI
2009-03-25 12:20 . 2009-03-25 12:20 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-03-19 21:43 . 2009-03-19 21:45 -------- dc-h--w c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 08:27 . 2008-08-18 12:19 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-15 08:02 . 2008-08-18 10:28 -------- d-----w c:\program files\Launch Manager
2009-04-14 22:43 . 2009-04-14 22:54 3087360 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-04-14 22:21 . 2005-04-13 10:31 83586 ----a-w c:\windows\system32\perfc005.dat
2009-04-14 22:21 . 2005-04-13 10:31 439390 ----a-w c:\windows\system32\perfh005.dat
2009-04-14 21:57 . 2008-08-18 13:09 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-14 19:26 . 2009-02-10 20:16 -------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-12 23:47 . 2004-08-18 18:00 28160 ----a-w c:\windows\system32\userinit.exe
2009-04-09 13:16 . 2008-08-18 12:34 -------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-09 11:14 . 2009-04-09 11:13 404 ------w C:\Win32.Worm.Downladup.Gen.log
2009-04-07 21:33 . 2008-08-18 12:32 -------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-06 13:32 . 2009-01-23 12:53 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-23 12:53 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 16:20 . 2009-04-01 16:20 -------- d-----w c:\program files\UPHClean
2009-04-01 15:24 . 2009-04-01 15:24 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-01 13:16 . 2009-04-01 13:15 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-31 17:20 . 2008-10-03 17:49 72584 ----a-w c:\windows\zllsputility.exe
2009-03-31 17:20 . 2008-11-03 15:07 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-03-24 10:33 . 2008-11-12 16:50 7880702 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-03-16 23:10 . 2008-08-18 13:20 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\Skype
2009-03-16 23:00 . 2008-08-18 13:21 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\skypePM
2009-03-16 12:18 . 2009-04-03 18:11 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-03 18:11 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-03 18:11 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-03 18:11 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-15 10:16 . 2009-03-15 10:16 -------- d-----w c:\program files\Common Files\Futuremark Shared
2009-03-15 10:16 . 2005-04-13 10:03 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 18:09 . 2009-03-11 18:09 -------- d-----w c:\documents and settings\LocalService\Data aplikací\Softland
2009-03-11 16:58 . 2008-08-18 12:26 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-09 13:27 . 2009-04-03 18:11 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-03 18:11 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-03 18:11 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-08 13:09 . 2004-08-18 18:00 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 13:09 . 2004-08-18 18:00 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 03:41 . 2004-08-18 18:00 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 03:39 . 2008-08-18 19:45 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 03:34 . 2004-08-18 18:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-18 18:00 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 03:34 . 2004-08-18 18:00 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 03:34 . 2004-08-18 18:00 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 03:34 . 2004-08-18 18:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:34 . 2004-08-18 18:00 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 03:34 . 2004-08-18 18:00 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 03:34 . 2004-08-18 18:00 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 03:34 . 2004-08-18 18:00 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 03:33 . 2004-08-18 18:00 759296 ----a-w c:\windows\system32\dllcache\vgx.dll
2009-03-08 03:33 . 2004-08-18 18:00 18944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 03:33 . 2004-08-18 18:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-18 18:00 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 03:33 . 2004-08-18 18:00 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 03:33 . 2004-08-18 18:00 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 03:33 . 2004-08-18 18:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 . 2004-08-18 18:00 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 03:33 . 2004-08-18 18:00 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 03:32 . 2004-08-18 18:00 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 03:32 . 2004-08-18 18:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-18 18:00 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 03:32 . 2004-08-18 18:00 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 03:32 . 2004-08-18 18:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:32 . 2004-08-18 18:00 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 03:32 . 2004-08-18 18:00 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 03:32 . 2004-08-18 18:00 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 03:32 . 2004-08-18 18:00 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 03:32 . 2008-08-18 19:45 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 03:32 . 2008-08-18 19:45 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 03:32 . 2004-08-18 18:00 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 03:24 . 2004-08-18 18:00 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 03:22 . 2004-08-18 18:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 03:22 . 2004-08-18 18:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 03:11 . 2008-08-18 19:45 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-03 10:14 . 2008-08-25 22:21 -------- d-----w c:\program files\Common Files\Adobe
2009-03-03 09:12 . 2009-03-03 09:12 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\WordToPDF
2009-03-03 09:08 . 2009-03-03 09:08 74 ----a-w C:\pdfinfo.ini
2009-03-02 14:13 . 2009-03-11 18:08 20648 ----a-w c:\windows\system32\dopdfmn6.dll
2009-03-02 14:13 . 2009-03-11 18:08 18088 ----a-w c:\windows\system32\dopdfmi6.dll
2009-02-28 04:55 . 2009-02-06 14:18 105984 ----a-w c:\windows\system32\dllcache\iecompat.dll
2009-02-26 10:34 . 2008-08-18 19:46 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 13:10 . 2009-02-25 13:10 -------- d-----w c:\documents and settings\Tomáš Niessner\Data aplikací\Thinstall
2009-02-24 11:10 . 2008-09-28 18:42 43264 ----a-w c:\documents and settings\Tomáš Niessner\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-23 14:27 . 2009-02-23 14:27 43264 ----a-w c:\documents and settings\Host\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-23 09:43 . 2009-01-29 21:58 -------- d-----w c:\program files\Microsoft ActiveSync
2009-02-15 00:13 . 2008-08-18 13:20 -------- d-----r c:\program files\Skype
2009-02-15 00:13 . 2008-08-18 13:20 -------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-02-15 00:13 . 2009-02-15 00:13 -------- d-----w c:\program files\Common Files\Skype
2009-02-14 14:33 . 2008-08-21 16:00 43264 ----a-w c:\documents and settings\Host\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-09 14:07 . 2004-08-18 18:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:07 . 2004-08-18 18:00 1846784 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-07 11:11 . 2008-08-18 10:59 43264 ----a-w c:\documents and settings\Tomáš Niessner\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-02-06 20:07 . 2008-08-18 19:45 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat
2009-02-01 12:23 . 2008-10-09 19:02 5139 ----a-w C:\WirelessDiagLog.csv
2008-08-18 23:06 . 2008-08-18 23:06 134 ----a-w c:\documents and settings\Tomáš Niessner\Local Settings\Data aplikací\fusioncache.dat
.

------- Sigcheck -------

[7] 2004-08-18 18:00 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 06:52 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-04-12 23:47 28160 7BBD5C825E5BE9DCD9BC5A31FBCF12A5 c:\windows\system32\userinit.exe
[7] 2008-04-14 06:52 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-14_22.19.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 22:55 . 2009-04-14 22:55 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
- 2005-04-13 10:31 . 2009-04-03 17:02 72066 c:\windows\system32\perfc009.dat
+ 2005-04-13 10:31 . 2009-04-14 22:21 72066 c:\windows\system32\perfc009.dat
- 2005-04-13 10:31 . 2009-04-03 17:02 83586 c:\windows\system32\perfc005.dat
+ 2005-04-13 10:31 . 2009-04-14 22:21 83586 c:\windows\system32\perfc005.dat
- 2008-08-18 12:19 . 2009-04-14 22:18 4212 c:\windows\system32\zllictbl.dat
+ 2008-08-18 12:19 . 2009-04-15 08:27 4212 c:\windows\system32\zllictbl.dat
+ 2005-04-13 10:31 . 2009-04-14 22:21 442800 c:\windows\system32\perfh009.dat
- 2005-04-13 10:31 . 2009-04-03 17:02 442800 c:\windows\system32\perfh009.dat
- 2005-04-13 10:31 . 2009-04-03 17:02 439390 c:\windows\system32\perfh005.dat
+ 2005-04-13 10:31 . 2009-04-14 22:21 439390 c:\windows\system32\perfh005.dat
+ 2009-04-15 08:08 . 2009-04-15 08:29 722976 c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\instal~1\BEZPEC~1\Avast\ashDisp.exe" [2009-02-05 81000]
"epm-dm"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"ZoneAlarm Client"="c:\instalace\Bezpecnost\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"StartupDelayer"="c:\instalace\Sprava\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"DU Meter"="c:\instalace\Sit\DU Meter\DUMeter.exe" [2004-10-27 1465344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\instalace\Media\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš Niessner^Nabídka Start^Programy^Po spuštění^tsnpstd3.lnk]
backup=c:\windows\pss\tsnpstd3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08 2512392 ----a-w c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 ----a-w c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"aawservice"=3 (0x3)
"gusvc"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate1c98bbf3f832606"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"PCMService"="c:\program files\Arcade\PCMService.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 cpuz130;cpuz130; [x]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2008-11-21 23600]
R4 gupdate1c98bbf3f832606;Google Update Service (gupdate1c98bbf3f832606);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S1 aswSP;avast! Self Protection; [x]
S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096]
S2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208]
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - INT15.SYS
*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\instalace\Sprava\TuneUp\SystemOptimizer.exe [2006-12-19 13:13]

2009-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 12:20]

2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: dobrovolny
Trusted Zone: majsner
Trusted Zone: niessner-ntb2
Trusted Zone: niessner1
FF - ProfilePath - c:\documents and settings\Tomáš Niessner\Data aplikací\Mozilla\Firefox\Profiles\eh25qr6n.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\instalace\Media\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\instalace\Media\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 10:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="CDE72D7D4D8ABFC3508A731285DDAAC907377EC57A41D9AF63B3229239981744811AD4EE6FA914E74FD69282422AC01689C89F74EC5E6EEFFCE010432FCAC566A45C2AB290EF0BE30F098C426D96B1171B1CB0B95DB241C2F91B33C4DDCF0A9B0D4F701B538FA9C30BCE73BDDFB8E0447C10B1BCFA54B224FE921617E75DE18C63955FA273802C78115D4B078768E474C08913C5079B58F8067E395C83EE7D44275524E2B97E7FD5436B0DD1E3C10B674FF1BA4558A6F985DA960D5B7EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A2D97226D213B5559DB7CE019D40AA5CDDC20C3815A3E6787BA91D18EC0516BE281C75C026D63D945AB82B848A0E21C6476FBB119D72D44D87219D34CAB193323C93E57E16362C55D7B8F31F67D7FC80E3C4BBA75CD2F844E30B920BB29B48A7463D14FD3C77702C59E5159AE6658B1B67C222DA52E199A948E89A60F5EED4E29837C80BD971A070F5991DE6DADC7EA548A3E86082B1A060AA6EB84CE9497CBACFD130C2B6F0798E07E202C69C57AB3F45D1EBBEF5C89CDDCA0552BC683EA49B4A13D8179CB55B87AC051BD008610A9D5D6DEE523A21BD2E284832F1CE55D9042834354D5BF44AED4A75A56FFA7BB80CD348144ADFA8DAED878808817F09C907D1239E01C5D4EC6B07DE4261D91C7766B26CE6AB7A40EECFF3CAE3D35F4847CBF082CE1DB072103CCD21F23B8D2A2B1D441354CBA4BF951BB9483D2558764A0E72A566E5F75E24304ECCA3607F855B369AADAED979F01329E96CEF07D86A6D1D0997E76EF99BBC2C7B299E8E227CB7CB875E29521A904BE859D7B75D51EEEEDB2B943A24192210270CB01554E6568F8AA5FCDF0B2A51C95B21DF39E1B8C232C293102BC13D5F7CAFFA139A92C54AD7B2CF954D2B53593C979F8CF8A0861A3EDA3F2EE75B50B0806308312801BA072A9AA567D5AD43437348F31A63F9BA9B3DC4F0C804D4BFEDC07836231A2B46AC42AC0C653D64A89CE5AB85F9C4A45562FE34AE6CF7E8005B04B6CC32B16F6A4F0363ABB7AB713966AD937CCFD1275D7BF5EFC2DC1E248737B7F8D6DC11012FF86E52EF3AB1CC2D9788E545F31FDFDAEDB9D3BB8D37EACF316A32A3D542E422A7AF9E097C3EC2C19A581E9174287EDCAC83CD6AA865EFD76DD0644584B2F6D0CA927F6BC0A7F2B74D2349D70FCA0875A5B3E2658CB03F24024229948230664FC709C4CE00A750D281928A4E3C4956B8B5CDA809C983B5B7FEBAACAB9E7136B578A64EB0645A235B7D749675A04A154131764BEFA52F85A1DFDAAD6ADB8CBC1FA826124F4E42091F7A3CBA8C1BD7452C5F7A897F9BE433EC1C6682F2EF80A3AB1A63192FD1C46E6FA67D5218BBE0BB9B7A48B7DAD6BD"
"OODEFRAG10.00.00.01WORKSTATION"="E22062778326BBCB891CF1C4A05A3CBA8BD245F93F656A9B95D5C6794C514F61B0838786A1A19561C1652E6F84F4A80D731638D1E1399537D5BC0B63E7EBC669E39B525469708F4E4EA5B1BD90EC7D22132CC79BE5C187417095F761A38A83B51EAD929759AFED6358FB4282E288063F422D4AECA711B0100B9119ECB727B74BED252AC6A8E24AF8812A355ACBF4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A2D97226D213B55510AD68A17F1FE0A53344AC01F3524DA5E32F56287923C0FA1A02AF9673C9E92937E5599DDA90C3108DFD927EEAC952523A5ED79226469E494D154F089F6A1202C3BA072A254997D4CB1E7BBDA6D11184E1787B6AFB901CF3B4B5D0B5747EA365E3483B0B385AC8CF0212C0DBF21D95BE705A48C5DEF580C789D2854B8BD6C10915AFB5260219F640124D2D96B6A11BE8D0E8B4DAC8ACC674DB61B11B918EC384AB16A603861EF74636457F51E79A154EBF882C84442F9B8E8CD80E994700B5D65023B4D2D947D36A79F1EA129084A79DD0A58FC5723EE38E54B3C8DF834BD661FC03FAE527B4C515BFD29584D1232CEA67AEB24007DCB5D03DF1822B2ED59A6704680532AD4DC0173B681B77DDFA30AEBD145EBC4B515A952618505B45C6A815078558D13D39672176390B5EFAD7F6C163CF4DA69A27D00341AD3BF4D98ADBF67E166782BF65924ACCCEE74E8747F3E4385A300EE42ECB9E96BD3F229051C57DB6D39EA52C82CF8C6EB52883F09AD1BC73B3AA272F77B2D600584F30240F27FE4E005B4212875DC66280B8DD3968ED4E1EDCD549915D9EFA2C10CF0E607C79B4BA60EE01142B33BA7FC476DD798C5907955E3C7039785E409E7E18D2A795E7BB423DA0B0686D760FF41BB6ACDCA1D9348B41DF3EE429753EAD3E77B5EE99D1150162A944588D064EC0A33D13220EE90C8715B1F36991997283EE2E943E0DC9A7E7A039CE4490716639FDC7021C73B52461EC9C7A2F1AB4BC9FB4706FB5B8193B39CE6E0D1C407CAA85CF840CB3409EF7C75E7C5E326C6660D536686C8329BAFE0EC262DAE62AA1D1A5C317E5E2203CE5BC831FCE837901084A9E32D3EE2DDD8250D99E3BBF9E0CF4E68695ECB885D434957D4AA047720C3EF9A0DF92D0D965BB41F51F5353331D13EF4B0B9F59A669087C6CB6CAB450BF74B36DF5B91686698574F958ED66C0E70EB9C57720FAFEA86DEDF80E6899CD0CFE183CEC7DBF50B69AD151AEF84CE436AD1030CBB5EACA7AD33DCB72BBD4E89315204AB2B76397C91F15E47D857180041A15C9F24B060D768F8F9576275B66ABD495572764AB7F5A17CCA712C8D3B882643BD2C36F410DEA56DE87A3B2B44CE03E18A520255470CBEB5E8E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3636)
c:\windows\system32\SynTPFcs.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\instalace\Bezpecnost\Avast\aswUpdSv.exe
c:\instalace\Bezpecnost\Avast\ashServ.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\UPHClean\uphclean.exe
c:\instalace\Bezpecnost\Avast\ashMaiSv.exe
c:\instalace\Bezpecnost\Avast\ashWebSv.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\system32\rundll32.exe
c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
c:\acer\Empowering Technology\eRecovery\Monitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
c:\acer\Empowering Technology\eRecovery\Monitor.exe
c:\acer\Empowering Technology\admtray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-04-15 10:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-15 08:32
ComboFix2.txt 2009-04-14 22:22

Před spuštěním: Volných bajtů: 16 757 944 320
Po spuštění: Volných bajtů: 16 722 079 744

351 --- E O F --- 2009-03-16 10:22

A ještě log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:53, on 15.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Instalace\Bezpecnost\Avast\aswUpdSv.exe
C:\Instalace\Bezpecnost\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Instalace\Bezpecnost\Avast\ashMaiSv.exe
C:\Instalace\Bezpecnost\Avast\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\INSTAL~1\BEZPEC~1\Avast\ashDisp.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Instalace\Bezpecnost\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\WINDOWS\vsnpstd3.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Instalace\Sprava\Unlocker\UnlockerAssistant.exe
C:\Instalace\Sit\DU Meter\DUMeter.exe
C:\Instalace\Komunikace\QIP\qip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Instalace\Bezpecnost\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [avast!] C:\INSTAL~1\BEZPEC~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Instalace\Bezpecnost\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Instalace\Sprava\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Instalace\Sit\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\Komunikace\ICQ\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\Komunikace\ICQ\ICQ6.5\ICQ.exe
O15 - Trusted Zone: *.dobrovolny
O15 - Trusted Zone: *.majsner
O15 - Trusted Zone: *.niessner-ntb2
O15 - Trusted Zone: *.niessner1
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9057445312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Instalace\Bezpecnost\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7492 bytes

Příspěvekod **jaro3** » 15 dub 2009 11:15

fidbox.dat patří ke Kaspersky..
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
cpuz130

:Reg

:Files
c:\windows\Internet Logs\xDB1.tmp
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx
C:\DOCUME~1\TOMÁ`N~1\LOCALS~1\Temp\~DF7F31.tmp
C:\DOCUME~1\TOMÁ`N~1\LOCALS~1\Temp\~DFCF4C.tmp

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Poté nový log z hJT.

Stáhni si Dial-a-fix
Klikni na kladívko-další možnosti:
SFC scan - Spustí nástroj pro kontrolu systémových souborů (případná potřeba instalačního media Windows).
Klikni na službu a potom na GO.

niessnet · Příspěvekod **niessnet** » 15 dub 2009 12:46

Pokud si vzpomínám, od Kasperskyho jsem použil pouze Online scanner.
Problém s Explorerem při startu je opraven (asi SFC scanem), problém s odhlašováním přetrvává.
Log z OTMoveIt3:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver cpuz130 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
c:\windows\Internet Logs\xDB1.tmp moved successfully.
File move failed. c:\windows\system32\drivers\fidbox.dat scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\fidbox.idx scheduled to be moved on reboot.
File/Folder C:\DOCUME~1\TOMÁ`N~1\LOCALS~1\Temp\~DF7F31.tmp not found.
File/Folder C:\DOCUME~1\TOMÁ`N~1\LOCALS~1\Temp\~DFCF4C.tmp not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\TOMÁŠN~1\LOCALS~1\Temp\in3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tomáš Niessner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04152009_113657

Files moved on Reboot...
File move failed. c:\windows\system32\drivers\fidbox.dat scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\fidbox.idx scheduled to be moved on reboot.
C:\DOCUME~1\TOMÁŠN~1\LOCALS~1\Temp\in3.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat not found!

Mám soubory, které se nepodařilo odstranit (fidbox.dat, fidbox.idx a Webshlock.txt), zkusit smazat ručně? Pomohl bych si Unlockerem, pokud by byly právě používány.

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:08, on 15.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Instalace\Bezpecnost\Avast\aswUpdSv.exe
C:\Instalace\Bezpecnost\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\INSTAL~1\BEZPEC~1\Avast\ashDisp.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Instalace\Bezpecnost\ZoneAlarm\zlclient.exe
C:\Instalace\Bezpecnost\Avast\ashMaiSv.exe
C:\Instalace\Bezpecnost\Avast\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\WINDOWS\vsnpstd3.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Instalace\Sprava\Unlocker\UnlockerAssistant.exe
C:\Instalace\Sit\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Instalace\Sprava\ProcessExplorerNt\procexp.exe
C:\Instalace\Bezpecnost\HJT\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [avast!] C:\INSTAL~1\BEZPEC~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Instalace\Bezpecnost\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Instalace\Sprava\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Instalace\Sit\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\Komunikace\ICQ\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Instalace\Komunikace\ICQ\ICQ6.5\ICQ.exe
O15 - Trusted Zone: *.dobrovolny
O15 - Trusted Zone: *.majsner
O15 - Trusted Zone: *.niessner-ntb2
O15 - Trusted Zone: *.niessner1
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9057445312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Instalace\Bezpecnost\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Instalace\Bezpecnost\Avast\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7340 bytes

Příspěvekod **jaro3** » 15 dub 2009 14:30

Toto vše sis tam dal sám a znáš to:
O15 - Trusted Zone: *.dobrovolny
O15 - Trusted Zone: *.majsner
O15 - Trusted Zone: *.niessner-ntb2
O15 - Trusted Zone: *.niessner1

fidbox.dat, fidbox.idx by se měly smazat při rebootu.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Vše.

niessnet · Příspěvekod **niessnet** » 15 dub 2009 14:37

Ano, ty konkrétní počítače jsem si přidal sám.
Ani jeden fidbox se nesmazal, restartoval jsem několikrát.
Bohužel problém s odhlašováním zůstal.

EDIT: Vše provedeno, odhlašování stále trvá 2-3 minuty, fidboxy po dalším restartu stále zůstávají na svém místě.

Pomalé odhlašování WIN XP SP3 Vyřešeno

Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Re: Pomalé odhlašování WIN XP SP3

Kdo je online