hodne instanci iexplorer + zravy lsass.exe

ExecutorQ3 · Příspěvekod **ExecutorQ3** » 03 srp 2009 19:26

Zdar...

Mam podobny problem jako je popisovanej v tomto topicu. Problem je v tom, kdyz zavru celej ie najednou. Dejmetomu ze mam v okne 5 zalozek a dam zavrit vsechno - zavrou se 4, pata zamrzne na plose a spolu s tim vytuhne i pc. Zaroven lsass.exe zacne zrat kolem 50-65% CPU a zbytek zere posledni instance iexplorer a explorer (iexplorer nelze ukoncit). Jediny reseni v tomto pripade, jak ulozit rozdelanou praci a ne rovnou rest pc, je natvrdo pres tray vypnout explorer, cimz lsass.exe da pokoj (opet 0% cpu) a opet explorer pres tray opet zapnout. Pak se da vse bez problemu dodelat a v klidu restartovat pc... Koukal jsem se na 3 zname wormy, co pracuji s lsass.exe, ale ani jednoho tu nemam...

Jeste bych rad rekl, ze pc je relativne po cerstve instalaci a j relativne dobre udrzovane (max 2 mesice stara instalace).

Postuju log z HJThis a Malwarebytes' Anti-Malware. Ani v jednom nevidim nic podezreleho, nicmene rozhodne nejsem profik (timto se fakt moc nezabyvam) a momentalne uz uvitam jakoukoliv radu, lebo uz jsem fakt bezradny.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:23, on 3.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.30.100.10:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6036503609
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55808E03-2973-4FAE-8881-40341DA347BE}: NameServer = 213.46.172.37,213.46.172.36,192.168.1.254
O22 - SharedTaskScheduler: RobotryoFpm - {EE0F732F-177D-4284-A192-9D247476BA51} - C:\WINDOWS\system32\robotryo.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Služba F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 12221 bytes

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2550
Windows 5.1.2600 Service Pack 3

3.8.2009 19:07:39
mbam-log-2009-08-03 (19-07-39).txt

Typ skenu: Rychlý sken
Objektu skenováno: 107615
Uplynulý cas: 4 minute(s), 43 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

P.S. Nevim jestli to neni paranoia, ale mam pocit, ze se tento fenomen zacal hojne objevovat po instalaciposledniho ms ie8 patche.

Jeste jednou predem diky.

Reklama

Damned · Příspěvekod **Damned** » 03 srp 2009 19:32

Odinstaluj si DAEMON Tools Toolbar.

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ExecutorQ3 · Příspěvekod **ExecutorQ3** » 03 srp 2009 20:29

Mg, prisaham, ze jsem pri instalaci deamona daval, ze ten pode... toolbar NEchci...
Dik :)

ComboFix 09-08-02.04 - Eliska 03.08.2009 20:21.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2030.1266 [GMT 2:00]
Spuštěný z: c:\documents and settings\Eliska\Plocha\ComboFix.exe
AV: F-Secure Client Security 7.11 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\193fb19.msi
c:\windows\system32\mdm.exe
c:\windows\system32\tmp84.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-03 do 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 17:02 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:02 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 17:02 . 2009-08-03 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 16:58 . 2009-08-03 16:58 -------- d-----w- c:\program files\Trend Micro
2009-07-31 15:11 . 2009-07-31 15:13 -------- d-----w- c:\program files\AoA Audio Extractor
2009-07-29 14:29 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 14:29 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 14:17 . 2009-07-28 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-27 18:37 . 2009-07-27 18:37 -------- d-----w- C:\Games
2009-07-21 11:53 . 2009-07-21 11:53 -------- d-----w- c:\program files\ClocX
2009-07-18 17:52 . 2009-07-18 17:51 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 17:51 . 2009-07-18 17:51 -------- d-----w- c:\program files\Java
2009-07-16 20:04 . 2009-07-16 20:04 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-16 20:03 . 2009-07-18 07:22 -------- d-----w- c:\program files\Sony
2009-07-16 20:02 . 2009-07-16 20:02 -------- d-----w- c:\program files\Sony Setup
2009-07-14 14:05 . 2009-07-27 16:43 -------- d-----w- c:\program files\Total Video Converter
2009-07-11 11:44 . 2009-07-11 11:44 -------- d-----w- c:\program files\Install Creator Pro
2009-07-11 06:49 . 2009-07-11 06:56 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-06 07:20 . 2009-07-06 07:20 -------- d-----w- c:\program files\WinPcap
2009-07-06 06:53 . 2009-07-06 06:53 -------- d-----w- c:\program files\7-Zip
2009-07-05 17:38 . 2009-07-05 17:37 974848 ----a-w- c:\windows\system32\mfc70.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 21:13 . 2009-06-29 13:52 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2009-07-30 16:22 . 2009-06-29 13:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 13:35 . 2009-06-26 16:04 -------- d-----w- c:\program files\Intel
2009-07-19 19:39 . 2009-06-29 16:13 -------- d-----w- c:\program files\Hry
2009-07-18 08:37 . 2009-06-26 16:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 07:17 . 2009-07-18 07:17 5870 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-07-18 07:17 . 2008-04-14 12:00 489358 ----a-w- c:\windows\system32\perfh005.dat
2009-07-18 07:17 . 2008-04-14 12:00 104094 ----a-w- c:\windows\system32\perfc005.dat
2009-07-13 21:18 . 2009-06-29 21:11 -------- d-----w- c:\program files\CyberLink
2009-07-10 10:57 . 2009-06-28 20:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-06 11:36 . 2009-06-29 13:30 -------- d-----w- c:\program files\IEPro
2009-07-04 06:39 . 2009-07-04 06:39 249856 ------w- c:\windows\Setup1.exe
2009-07-04 06:39 . 2009-07-04 06:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-03 17:50 . 2009-07-03 17:38 39176 ----a-w- c:\windows\DIIUnin.dat
2009-07-03 17:38 . 2009-07-03 17:38 94208 ----a-w- c:\windows\DIIUnin.exe
2009-07-03 17:38 . 2009-07-03 17:38 2829 ----a-w- c:\windows\DIIUnin.pif
2009-07-03 16:59 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 20:36 . 2009-07-02 20:36 -------- d-----w- c:\program files\directx
2009-07-02 19:54 . 2009-07-02 19:54 -------- d-----w- c:\program files\Subtitles modifier
2009-07-01 17:01 . 2009-07-01 17:01 -------- d-----w- c:\program files\Commercial Service
2009-06-30 20:53 . 2009-06-30 20:53 -------- d-----w- c:\program files\MSECache
2009-06-30 19:58 . 2009-06-30 19:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-30 19:57 . 2009-06-30 19:57 -------- d-----w- c:\program files\Common Files\Control Panels
2009-06-30 19:32 . 2009-06-30 19:32 -------- d-----w- c:\program files\Bonjour
2009-06-30 19:27 . 2009-06-30 19:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-30 19:11 . 2009-06-29 15:23 -------- d-----w- c:\program files\Mv2Player
2009-06-30 19:03 . 2009-06-29 05:12 -------- d-----w- c:\program files\Creative
2009-06-30 19:02 . 2009-06-29 05:18 -------- d--h--w- c:\program files\Creative Installation Information
2009-06-30 18:48 . 2009-06-30 18:48 -------- d-----w- c:\program files\APC
2009-06-30 18:24 . 2009-06-30 18:19 140420 ----a-w- c:\windows\hpgins24.dat
2009-06-30 18:24 . 2009-06-30 18:24 -------- d-----w- c:\program files\Common Files\HP
2009-06-30 18:22 . 2009-06-30 18:22 -------- d-----w- c:\program files\HP
2009-06-30 18:22 . 2009-06-30 18:22 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-29 21:11 . 2009-06-26 16:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-29 20:59 . 2009-06-29 20:55 -------- d-----w- c:\program files\Audiograbber
2009-06-29 20:54 . 2009-06-29 20:54 -------- d-----w- c:\program files\Restoration
2009-06-29 20:11 . 2009-06-29 20:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-29 19:57 . 2009-06-29 19:56 -------- d-----w- c:\program files\IrfanView
2009-06-29 19:52 . 2009-06-29 19:45 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-29 19:45 . 2009-06-29 19:45 -------- d-----w- c:\program files\Nero
2009-06-29 19:05 . 2009-06-29 17:32 81613 ----a-w- c:\windows\War3Unin.dat
2009-06-29 18:57 . 2009-06-29 17:32 2829 ----a-w- c:\windows\War3Unin.pif
2009-06-29 18:57 . 2009-06-29 17:32 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-29 17:03 . 2009-06-29 17:02 -------- d---a-w- c:\program files\WhereIsIt
2009-06-29 16:30 . 2009-06-29 16:30 -------- d-----w- c:\program files\uTorrent
2009-06-29 16:07 . 2009-06-29 16:07 -------- d-----w- c:\program files\DVD Shrink
2009-06-29 16:03 . 2009-06-29 16:03 -------- d-----w- c:\program files\Elaborate Bytes
2009-06-29 15:39 . 2009-06-29 15:39 -------- d-----w- c:\program files\Miranda IM
2009-06-29 15:39 . 2009-06-29 15:38 -------- d-----w- c:\program files\QuickTime
2009-06-29 15:38 . 2009-06-29 15:38 -------- d-----w- c:\program files\Apple Software Update
2009-06-29 15:37 . 2009-06-29 15:34 -------- d-----w- c:\program files\Google
2009-06-29 15:34 . 2009-06-29 15:34 -------- d-----w- c:\program files\DivX
2009-06-29 15:34 . 2009-06-29 15:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 15:31 . 2009-06-29 15:31 209641 ----a-w- c:\windows\IPUI_DivXG400.exe
2009-06-29 15:20 . 2009-06-29 15:20 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-29 15:03 . 2009-06-29 15:03 -------- d-----w- c:\program files\Winamp
2009-06-29 14:12 . 2009-06-29 14:12 -------- d-----w- c:\program files\D-Tools
2009-06-29 14:00 . 2009-06-29 14:00 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-29 13:51 . 2009-06-29 13:51 -------- d-----w- c:\program files\DVD Region+CSS Free
2009-06-29 13:48 . 2009-06-29 13:48 -------- d-----w- c:\program files\Essentials Codec Pack
2009-06-29 13:09 . 2009-06-29 13:08 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-06-29 05:18 . 2009-06-29 05:18 -------- d-----w- c:\program files\Common Files\Creative
2009-06-29 05:16 . 2009-06-28 20:58 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-29 05:16 . 2009-06-28 20:58 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-28 21:13 . 2009-06-26 16:34 -------- d-----w- c:\program files\Intel Audio Studio
2009-06-28 20:56 . 2009-06-28 20:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-28 20:52 . 2009-06-28 20:50 -------- d-----w- c:\program files\Total Commander
2009-06-28 18:42 . 2009-06-28 18:24 -------- d-----w- c:\program files\Microsoft Works
2009-06-28 18:24 . 2009-06-28 18:24 -------- d-----w- c:\program files\Microsoft.NET
2009-06-28 17:58 . 2009-06-26 15:21 -------- d-----w- c:\program files\microsoft frontpage
2009-06-28 17:32 . 2009-06-28 17:31 -------- d-----w- c:\program files\F-Secure
2009-06-28 14:35 . 2009-06-28 14:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-28 14:25 . 2009-06-28 13:33 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-28 14:15 . 2009-06-28 14:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-28 14:15 . 2009-06-28 14:05 -------- d-----w- c:\program files\AutoCAD Architecture 2008
2009-06-28 14:04 . 2009-06-28 14:04 -------- d-----w- c:\program files\Autodesk
2009-06-28 13:35 . 2009-06-28 13:35 -------- d-----w- c:\program files\MSBuild
2009-06-28 13:35 . 2009-06-28 13:35 -------- d-----w- c:\program files\Reference Assemblies
2009-06-28 13:32 . 2009-06-28 13:32 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-28 13:17 . 2009-06-26 15:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-28 13:17 . 2009-06-26 15:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-28 13:16 . 2009-06-26 15:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-06-26 16:03 . 2009-06-26 16:03 -------- d-----w- c:\program files\MSXML 4.0
2009-06-26 15:18 . 2009-06-26 15:18 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 13:15 . 2009-06-15 13:15 524288 ----a-w- c:\windows\opuc.dll
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-28 15:01 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-03-27 22:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2009-03-27 22:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2009-03-27 22:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-02-15 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-02-15 895584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"DVD43"="c:\progra~1\DVDREG~1\DVDRegionFree.exe" [2005-02-18 262656]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"SPIRun"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-11-29 8704]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-6-30 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-6-30 209016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EE0F732F-177D-4284-A192-9D247476BA51}"= "c:\windows\system32\robotryo.dll" [2007-03-31 319488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-299502267-1801674531-500\Scripts\Logon\0\0]
"Script"=\\egp.cz\sysvol\egp.cz\scripts\w-nastaveni.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTCheck"=c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hry\\Garena\\Garena.exe"=
"c:\\Program Files\\Hry\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Hry\\RapGet\\RapgetRS.exe"=
"c:\\Program Files\\Hry\\Warcraft III\\euroloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Hry\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Hry\\Dungeon Siege 2\\DungeonSiege2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Dota1t
"6112:UDP"= 6112:UDP:Dota1U
"6119:TCP"= 6119:TCP:Dota2t
"6119:UDP"= 6119:UDP:Dota2U
"5190:TCP"= 5190:TCP:mirandaT
"5190:UDP"= 5190:UDP:mirandaU
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"59125:TCP"= 59125:TCP:utorrentT
"59125:UDP"= 59125:UDP:utorrentU
"3784:TCP"= 3784:TCP:ventriloT
"3784:UDP"= 3784:UDP:ventriloU
"8383:TCP"= 8383:TCP:GarenaT
"8383:UDP"= 8383:UDP:GarenaU
"1513:TCP"= 1513:TCP:GarenaT2
"1513:UDP"= 1513:UDP:GarenaU2

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [28.6.2009 19:32 60256]
R3 Dvd43;Dvd43;c:\windows\system32\drivers\Dvd43.sys [29.6.2009 15:52 35296]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [28.6.2009 19:32 62048]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [28.6.2009 22:58 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [28.6.2009 22:58 1656960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [28.6.2009 19:32 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [28.6.2009 19:32 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-03 c:\windows\Tasks\BlackBoxTaskUserS-1-5-21-790525478-329068152-1801674531-1003.job
- c:\windows\system32\Blackdav.exe [2009-06-29 13:49]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray.exe
HKLM-Run-NWEReboot - (no file)

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 172.30.100.10:80
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: {55808E03-2973-4FAE-8881-40341DA347BE} = 213.46.172.37,213.46.172.36,192.168.1.254
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 20:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(840)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
Celkový čas: 2009-08-03 20:25
ComboFix-quarantined-files.txt 2009-08-03 18:24

Před spuštěním: Volných bajtů: 227 661 447 168
Po spuštění: Volných bajtů: 227 637 153 792

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

280

Damned · Příspěvekod **Damned** » 03 srp 2009 20:55

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\windows\system32\Blackdav.exe
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\nvModes.dat
c:\windows\system32\PerfStringBackup.TMP
c:\windows\system32\d3d9caps.dat
c:\windows\hpgins24.dat
c:\windows\system32\emptyregdb.dat

Folder::
c:\windows\system32\PerfStringBackup.TMP
C:\Program Files\DAEMON Tools Toolbar

Registry::
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SPIRun"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

ExecutorQ3 · Příspěvekod **ExecutorQ3** » 03 srp 2009 21:26

Chovani pocitace budu muset chvili testovat. Nicmene (nerad bych to zakriknul, mam na to fakt stesti

) to zatim vypada dobre. Budu dal zkouset a dam vedet...
Zatim poslu ten link na report a logy.

Odkaz na report testu:
http://www.virustotal.com/cs/analisis/6 ... 1249326751

(buckup, kdyby z nejakeho duvodu ten generovanej link expiroval)

Log po spusteni skriptu:

ComboFix 09-08-03.02 - Eliska 03.08.2009 21:18.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2030.1235 [GMT 2:00]
Spuštěný z: c:\documents and settings\Eliska\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Eliska\Plocha\CFScript.txt
AV: F-Secure Client Security 7.11 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FILE ::
"c:\windows\hpgins24.dat"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\emptyregdb.dat"
"c:\windows\system32\nvModes.dat"
"c:\windows\system32\PerfStringBackup.TMP"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\hpgins24.dat
c:\windows\system32\d3d9caps.dat
c:\windows\system32\emptyregdb.dat
c:\windows\system32\nvModes.dat
c:\windows\system32\PerfStringBackup.TMP

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-03 do 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 17:02 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:02 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 17:02 . 2009-08-03 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 16:58 . 2009-08-03 16:58 -------- d-----w- c:\program files\Trend Micro
2009-07-31 15:11 . 2009-07-31 15:13 -------- d-----w- c:\program files\AoA Audio Extractor
2009-07-29 14:29 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 14:29 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 14:17 . 2009-07-28 14:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-21 11:53 . 2009-07-21 11:53 -------- d-----w- c:\program files\ClocX
2009-07-18 17:52 . 2009-07-18 17:51 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 17:51 . 2009-07-18 17:51 -------- d-----w- c:\program files\Java
2009-07-16 20:04 . 2009-07-16 20:04 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-16 20:03 . 2009-07-18 07:22 -------- d-----w- c:\program files\Sony
2009-07-16 20:02 . 2009-07-16 20:02 -------- d-----w- c:\program files\Sony Setup
2009-07-14 14:05 . 2009-07-27 16:43 -------- d-----w- c:\program files\Total Video Converter
2009-07-11 11:44 . 2009-07-11 11:44 -------- d-----w- c:\program files\Install Creator Pro
2009-07-06 07:20 . 2009-07-06 07:20 -------- d-----w- c:\program files\WinPcap
2009-07-06 06:53 . 2009-07-06 06:53 -------- d-----w- c:\program files\7-Zip
2009-07-05 17:38 . 2009-07-05 17:37 974848 ----a-w- c:\windows\system32\mfc70.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 21:13 . 2009-06-29 13:52 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2009-07-30 16:22 . 2009-06-29 13:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 13:35 . 2009-06-26 16:04 -------- d-----w- c:\program files\Intel
2009-07-19 19:39 . 2009-06-29 16:13 -------- d-----w- c:\program files\Hry
2009-07-18 08:37 . 2009-06-26 16:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 07:17 . 2008-04-14 12:00 489358 ----a-w- c:\windows\system32\perfh005.dat
2009-07-18 07:17 . 2008-04-14 12:00 104094 ----a-w- c:\windows\system32\perfc005.dat
2009-07-13 21:18 . 2009-06-29 21:11 -------- d-----w- c:\program files\CyberLink
2009-07-10 10:57 . 2009-06-28 20:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-06 11:36 . 2009-06-29 13:30 -------- d-----w- c:\program files\IEPro
2009-07-04 06:39 . 2009-07-04 06:39 249856 ------w- c:\windows\Setup1.exe
2009-07-04 06:39 . 2009-07-04 06:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-03 17:50 . 2009-07-03 17:38 39176 ----a-w- c:\windows\DIIUnin.dat
2009-07-03 17:38 . 2009-07-03 17:38 94208 ----a-w- c:\windows\DIIUnin.exe
2009-07-03 17:38 . 2009-07-03 17:38 2829 ----a-w- c:\windows\DIIUnin.pif
2009-07-03 16:59 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 20:36 . 2009-07-02 20:36 -------- d-----w- c:\program files\directx
2009-07-02 19:54 . 2009-07-02 19:54 -------- d-----w- c:\program files\Subtitles modifier
2009-07-01 17:01 . 2009-07-01 17:01 -------- d-----w- c:\program files\Commercial Service
2009-06-30 20:53 . 2009-06-30 20:53 -------- d-----w- c:\program files\MSECache
2009-06-30 19:58 . 2009-06-30 19:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-30 19:57 . 2009-06-30 19:57 -------- d-----w- c:\program files\Common Files\Control Panels
2009-06-30 19:32 . 2009-06-30 19:32 -------- d-----w- c:\program files\Bonjour
2009-06-30 19:27 . 2009-06-30 19:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-30 19:11 . 2009-06-29 15:23 -------- d-----w- c:\program files\Mv2Player
2009-06-30 19:03 . 2009-06-29 05:12 -------- d-----w- c:\program files\Creative
2009-06-30 19:02 . 2009-06-29 05:18 -------- d--h--w- c:\program files\Creative Installation Information
2009-06-30 18:48 . 2009-06-30 18:48 -------- d-----w- c:\program files\APC
2009-06-30 18:24 . 2009-06-30 18:24 -------- d-----w- c:\program files\Common Files\HP
2009-06-30 18:22 . 2009-06-30 18:22 -------- d-----w- c:\program files\HP
2009-06-30 18:22 . 2009-06-30 18:22 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-29 21:11 . 2009-06-26 16:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-29 20:59 . 2009-06-29 20:55 -------- d-----w- c:\program files\Audiograbber
2009-06-29 20:54 . 2009-06-29 20:54 -------- d-----w- c:\program files\Restoration
2009-06-29 20:11 . 2009-06-29 20:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-29 19:57 . 2009-06-29 19:56 -------- d-----w- c:\program files\IrfanView
2009-06-29 19:52 . 2009-06-29 19:45 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-29 19:45 . 2009-06-29 19:45 -------- d-----w- c:\program files\Nero
2009-06-29 19:05 . 2009-06-29 17:32 81613 ----a-w- c:\windows\War3Unin.dat
2009-06-29 18:57 . 2009-06-29 17:32 2829 ----a-w- c:\windows\War3Unin.pif
2009-06-29 18:57 . 2009-06-29 17:32 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-29 17:03 . 2009-06-29 17:02 -------- d---a-w- c:\program files\WhereIsIt
2009-06-29 16:30 . 2009-06-29 16:30 -------- d-----w- c:\program files\uTorrent
2009-06-29 16:07 . 2009-06-29 16:07 -------- d-----w- c:\program files\DVD Shrink
2009-06-29 16:03 . 2009-06-29 16:03 -------- d-----w- c:\program files\Elaborate Bytes
2009-06-29 15:39 . 2009-06-29 15:39 -------- d-----w- c:\program files\Miranda IM
2009-06-29 15:39 . 2009-06-29 15:38 -------- d-----w- c:\program files\QuickTime
2009-06-29 15:38 . 2009-06-29 15:38 -------- d-----w- c:\program files\Apple Software Update
2009-06-29 15:37 . 2009-06-29 15:34 -------- d-----w- c:\program files\Google
2009-06-29 15:34 . 2009-06-29 15:34 -------- d-----w- c:\program files\DivX
2009-06-29 15:34 . 2009-06-29 15:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 15:31 . 2009-06-29 15:31 209641 ----a-w- c:\windows\IPUI_DivXG400.exe
2009-06-29 15:20 . 2009-06-29 15:20 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-29 15:03 . 2009-06-29 15:03 -------- d-----w- c:\program files\Winamp
2009-06-29 14:12 . 2009-06-29 14:12 -------- d-----w- c:\program files\D-Tools
2009-06-29 14:00 . 2009-06-29 14:00 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-29 13:51 . 2009-06-29 13:51 -------- d-----w- c:\program files\DVD Region+CSS Free
2009-06-29 13:48 . 2009-06-29 13:48 -------- d-----w- c:\program files\Essentials Codec Pack
2009-06-29 13:09 . 2009-06-29 13:08 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-06-29 05:18 . 2009-06-29 05:18 -------- d-----w- c:\program files\Common Files\Creative
2009-06-29 05:16 . 2009-06-28 20:58 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-29 05:16 . 2009-06-28 20:58 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-28 21:13 . 2009-06-26 16:34 -------- d-----w- c:\program files\Intel Audio Studio
2009-06-28 20:56 . 2009-06-28 20:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-28 20:52 . 2009-06-28 20:50 -------- d-----w- c:\program files\Total Commander
2009-06-28 18:42 . 2009-06-28 18:24 -------- d-----w- c:\program files\Microsoft Works
2009-06-28 18:24 . 2009-06-28 18:24 -------- d-----w- c:\program files\Microsoft.NET
2009-06-28 17:58 . 2009-06-26 15:21 -------- d-----w- c:\program files\microsoft frontpage
2009-06-28 17:32 . 2009-06-28 17:31 -------- d-----w- c:\program files\F-Secure
2009-06-28 14:25 . 2009-06-28 13:33 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-28 14:15 . 2009-06-28 14:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-28 14:15 . 2009-06-28 14:05 -------- d-----w- c:\program files\AutoCAD Architecture 2008
2009-06-28 14:04 . 2009-06-28 14:04 -------- d-----w- c:\program files\Autodesk
2009-06-28 13:35 . 2009-06-28 13:35 -------- d-----w- c:\program files\MSBuild
2009-06-28 13:35 . 2009-06-28 13:35 -------- d-----w- c:\program files\Reference Assemblies
2009-06-28 13:32 . 2009-06-28 13:32 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-28 13:17 . 2009-06-26 15:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-28 13:17 . 2009-06-26 15:21 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-28 13:16 . 2009-06-26 15:21 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-06-26 16:03 . 2009-06-26 16:03 -------- d-----w- c:\program files\MSXML 4.0
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 13:15 . 2009-06-15 13:15 524288 ----a-w- c:\windows\opuc.dll
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-28 15:01 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-03-27 22:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2009-03-27 22:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2009-03-27 22:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 04:03 . 2009-03-27 22:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-03-27 22:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2009-03-27 22:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-03-27 22:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-02-15 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-02-15 895584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"DVD43"="c:\progra~1\DVDREG~1\DVDRegionFree.exe" [2005-02-18 262656]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"SPIRun"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-11-29 8704]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-6-30 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-6-30 209016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EE0F732F-177D-4284-A192-9D247476BA51}"= "c:\windows\system32\robotryo.dll" [2007-03-31 319488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-299502267-1801674531-500\Scripts\Logon\0\0]
"Script"=\\egp.cz\sysvol\egp.cz\scripts\w-nastaveni.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTCheck"=c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hry\\Garena\\Garena.exe"=
"c:\\Program Files\\Hry\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Hry\\RapGet\\RapgetRS.exe"=
"c:\\Program Files\\Hry\\Warcraft III\\euroloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Hry\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Hry\\Dungeon Siege 2\\DungeonSiege2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Dota1t
"6112:UDP"= 6112:UDP:Dota1U
"6119:TCP"= 6119:TCP:Dota2t
"6119:UDP"= 6119:UDP:Dota2U
"5190:TCP"= 5190:TCP:mirandaT
"5190:UDP"= 5190:UDP:mirandaU
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"59125:TCP"= 59125:TCP:utorrentT
"59125:UDP"= 59125:UDP:utorrentU
"3784:TCP"= 3784:TCP:ventriloT
"3784:UDP"= 3784:UDP:ventriloU
"8383:TCP"= 8383:TCP:GarenaT
"8383:UDP"= 8383:UDP:GarenaU
"1513:TCP"= 1513:TCP:GarenaT2
"1513:UDP"= 1513:UDP:GarenaU2

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [28.6.2009 19:32 60256]
R3 Dvd43;Dvd43;c:\windows\system32\drivers\Dvd43.sys [29.6.2009 15:52 35296]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [28.6.2009 19:32 62048]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [28.6.2009 22:58 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [28.6.2009 22:58 1656960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [28.6.2009 19:32 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [28.6.2009 19:32 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-03 c:\windows\Tasks\BlackBoxTaskUserS-1-5-21-790525478-329068152-1801674531-1003.job
- c:\windows\system32\Blackdav.exe [2009-06-29 13:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 172.30.100.10:80
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: {55808E03-2973-4FAE-8881-40341DA347BE} = 213.46.172.37,213.46.172.36,192.168.1.254
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 21:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(840)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
Celkový čas: 2009-08-03 21:21
ComboFix-quarantined-files.txt 2009-08-03 19:21
ComboFix2.txt 2009-08-03 18:25

Před spuštěním: Volných bajtů: 227 689 754 624
Po spuštění: Volných bajtů: 227 673 935 872

278

HJthis new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:13, on 3.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hry\Garena\update.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.30.100.10:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6036503609
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55808E03-2973-4FAE-8881-40341DA347BE}: NameServer = 213.46.172.37,213.46.172.36,192.168.1.254
O22 - SharedTaskScheduler: RobotryoFpm - {EE0F732F-177D-4284-A192-9D247476BA51} - C:\WINDOWS\system32\robotryo.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Služba F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11680 bytes

Damned · Příspěvekod **Damned** » 03 srp 2009 21:47

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SPIRun"=-

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\Tasks\BlackBoxTaskUserS-1-5-21-790525478-329068152-1801674531-1003.job
c:\windows\system32\Blackdav.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
*****************************************************************************************************************************************
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only", zatrhnout políčko
před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
****************************************************************************************************************************************
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found,
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
pak klik empty selected.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

ExecutorQ3 · Příspěvekod **ExecutorQ3** » 03 srp 2009 22:49

Ok, udelal jsem vsechno na seznamu krome opraveni jedne veci pomoci HJT (pri poslednim scanu uz nebyla ve vyhledanem seznamu).
Jedna se o:

Kód: Vybrat vše

O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry

Jinak fakt diky za pomoc, doufam (i trochu verim

) ze uz bude pokoj.

Damned · Příspěvekod **Damned** » 03 srp 2009 23:05

Není zač. Pokud tam položka nebyla, je to v pořádku.

ExecutorQ3 · Příspěvekod **ExecutorQ3** » 04 srp 2009 20:36

Ok, tak to vypada, ze to dalo pokoj... Fakt moc moc diky. :bigups:

Kdyby se to preci jen zasozvalo, urco dam vedet.

hodne instanci iexplorer + zravy lsass.exe Vyřešeno

hodne instanci iexplorer + zravy lsass.exe Vyřešeno

Re: hodne instanci iexplorer + zravy lsass.exe

Re: hodne instanci iexplorer + zravy lsass.exe

Re: hodne instanci iexplorer + zravy lsass.exe

Re: hodne instanci iexplorer + zravy lsass.exe

Re: hodne instanci iexplorer + zravy lsass.exe

Re: hodne instanci iexplorer + zravy lsass.exe

Re: hodne instanci iexplorer + zravy lsass.exe

Re: hodne instanci iexplorer + zravy lsass.exe

Kdo je online