Prosím o pomoc - zpomalený notebook Vyřešeno

[shorty1963]

Prosím o pomoc,kamarádka mi donesla notebook,jede strašně pomalu.
Posílá mlog.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:20, on 10.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\INSTALL\Nová složka\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 7063 bytes

[Reklama]

[Žbeky]

Ahoj

V HJT fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[shorty1963]

OTF jsem pouzil,polozky oznacene jsem fixnul,MVAW uz bezi pres hodinu a zatim nic,PC porad pomaly.

[jaro3]

MWAV Ti vůbec neradil , jde nám o Malwarebytes' Anti-Malware..

[shorty1963]

Samozřejmě MBAM ne MVAW,dal jsem úplný scan,běží už skoro 2 hodiny,zatím nic.

[Žbeky]

Čti pořádně ty návody, stačil rychlý sken.

[shorty1963]

Tak sna jsem tim nic nepokazil...MBAM proste nic nenasel.

[shorty1963]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5732

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.2.2011 19:48:18
mbam-log-2011-02-10 (19-48-17).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 80864
Uplynulý čas: 2 hodin, 11 minut, 52 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Žbeky]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[shorty1963]

ComboFix 11-02-09.05 - vyroba 10.02.2011 20:12:18.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.246 [GMT 1:00]
Spuštěný z: c:\documents and settings\vyroba\Plocha\ComboFix.exe
AV: Aplikace Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Aplikace Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{E6BEC86E-DCA9-4510-975F-E2DC68D3E5D7}\setup.msi
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-10 do 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-10 19:04 . 2011-02-10 19:04 -------- d-----w- c:\windows\LastGood
2011-02-10 15:44 . 2011-02-10 15:44 -------- d-----w- c:\documents and settings\vyroba\Local Settings\Data aplikací\SlimWare Utilities Inc
2011-02-10 15:43 . 2011-02-10 15:43 -------- d-----w- c:\program files\SlimDrivers
2011-02-09 18:05 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 18:05 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-09 18:05 . 2011-02-10 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 17:37 . 2011-02-09 17:37 -------- d-----w- c:\documents and settings\vyroba\Data aplikací\SUPERAntiSpyware.com
2011-02-09 17:37 . 2011-02-09 17:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-02-09 17:37 . 2011-02-09 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-09 17:20 . 2011-02-09 17:20 -------- d-----w- c:\program files\CodeStuff
2011-02-09 17:09 . 2011-02-09 17:09 -------- d---a-w- c:\windows\rundll16.exe
2011-02-09 17:09 . 2011-02-09 17:09 -------- d---a-w- c:\windows\logo1_.exe
2011-01-30 10:09 . 2011-01-30 10:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-01-30 04:38 . 2011-01-30 04:38 -------- d-----w- c:\documents and settings\vyroba\Local Settings\Data aplikací\Threat Expert
2011-01-29 20:33 . 2011-02-09 16:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-01-21 14:44 . 2011-01-21 14:44 440320 ------w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 07:02 . 2010-11-30 09:35 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-01-21 14:44 . 1979-12-31 22:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 1979-12-31 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 1979-12-31 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 1979-12-31 22:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 1979-12-31 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 1979-12-31 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 1979-12-31 22:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 1979-12-31 22:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 1979-12-31 22:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 1979-12-31 22:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2004-08-17 13:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 1979-12-31 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-30 09:31 . 2010-11-30 09:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-30 09:31 . 2010-11-30 09:31 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-25 10:54 . 2010-11-25 10:54 89600 ----a-w- c:\windows\system32\atl71.dll
2010-11-25 10:54 . 2010-11-25 10:54 87368 ----a-w- c:\windows\system32\FwsVpn.dll
2010-11-25 10:54 . 2010-11-25 10:54 625032 ----a-w- c:\windows\system32\SymNeti.dll
2010-11-25 10:54 . 2010-11-25 10:54 43336 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
2010-11-25 10:54 . 2010-11-25 10:54 353608 ----a-w- c:\windows\system32\sysfer.dll
2010-11-25 10:54 . 2010-11-25 10:54 242056 ----a-w- c:\windows\system32\SymRedir.dll
2010-11-25 10:54 . 2010-11-25 10:54 107848 ----a-w- c:\windows\system32\SymVPN.dll
2010-11-25 10:54 . 2010-11-25 10:54 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-11-25 10:54 . 2010-11-25 10:54 320944 ----a-w- c:\windows\system32\drivers\srtspl.sys
2010-11-25 10:54 . 2010-11-25 10:54 283184 ----a-w- c:\windows\system32\drivers\srtsp.sys
2010-11-25 10:54 . 2010-11-30 09:31 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-11-25 10:54 . 2010-11-25 10:54 67472 ----a-w- c:\windows\system32\drivers\Teefer2.sys
2010-11-25 10:54 . 2010-11-25 10:54 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
2010-11-25 10:54 . 2010-11-25 10:54 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
2010-11-25 10:54 . 2010-11-25 10:54 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-11-25 10:54 . 2010-11-25 10:54 39856 ----a-w- c:\windows\system32\drivers\symids.sys
2010-11-25 10:54 . 2010-11-25 10:54 35120 ----a-w- c:\windows\system32\drivers\symndis.sys
2010-11-25 10:54 . 2010-11-25 10:54 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
2010-11-25 10:54 . 2010-11-25 10:54 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
2010-11-25 10:54 . 2010-11-25 10:54 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2010-11-18 18:15 . 2004-10-18 06:19 81920 ----a-w- c:\windows\system32\isign32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-25 115560]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 14:49 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-02-27 04:40 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 09:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7255:TCP"= 7255:TCP:BitComet 7255 TCP
"7255:UDP"= 7255:UDP:BitComet 7255 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.2.2011 19:05 363344]
R3 BTPCH4;Bluetooth H4 Transport;c:\windows\system32\drivers\btpch4.sys [15.8.2009 14:30 31888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30.11.2010 10:42 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.2.2011 19:05 20952]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [25.11.2010 11:54 23888]
S3 ewdmaudn;ewdmaudn; [x]
S3 TMGHRHCA;TMGHRHCA; [x]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2011-02-10 c:\windows\Tasks\User_Feed_Synchronization-{FF43FBB7-33A2-427E-95F8-AC7058DAE7B3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q=
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Symantec Antvirus
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 20:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C3EE7CB-EC45-AEBF-6CFA-0D8CAD3D711B}\InProcServer32*]
"oaknpgaocbmlhnlmeilimmecjglemm"=hex:6a,61,6c,69,6c,61,62,6b,67,6e,66,6a,6c,6f,
65,63,70,68,6a,65,00,fa
"naknbfeaajlbcbdabnkfeemhihep"=hex:69,61,63,68,6f,64,65,66,63,6c,6e,66,65,67,
67,62,6e,67,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E9A387A-5701-ACA0-CA45-B7FB57B7078C}\InProcServer32*]
"oamnfhacocalbhdgdhgjggndmddhco"=hex:6a,61,6b,69,69,62,70,6a,6b,62,6a,6e,64,6b,
64,69,67,68,69,64,00,07
"namnpgcmlfkfomdlligghajohkpm"=hex:6a,61,6b,69,69,62,70,6a,6b,62,6a,6e,64,6b,
64,69,67,68,69,64,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
c:\windows\system32\netprovcredman.dll
.
Celkový čas: 2011-02-10 20:30:35
ComboFix-quarantined-files.txt 2011-02-10 19:30

Před spuštěním: Volných bajtů: 43,045,453,824
Po spuštění: Volných bajtů: 43,455,672,320

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9C27724A1F4C8D9393A09FA7DF1297EF

[Žbeky]

Odinstaluj SUPERAntiSpyware.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\windows\rundll16.exe
c:\windows\logo1_.exe
c:\documents and settings\vyroba\Local Settings\Data aplikací\Threat Expert

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

Driver::
ewdmaudn
TMGHRHCA

Firefox::
FF - ProfilePath - c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[shorty1963]

ComboFix 11-02-09.05 - vyroba 10.02.2011 21:44:20.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.230 [GMT 1:00]
Spuštěný z: c:\documents and settings\vyroba\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vyroba\Plocha\CFScript.txt
AV: Aplikace Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Aplikace Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\documents and settings\vyroba\Local Settings\Data aplikací\Threat Expert
c:\windows\logo1_.exe
c:\windows\regedit.com
c:\windows\rundll16.exe
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EWDMAUDN
-------\Legacy_TMGHRHCA
-------\Service_ewdmaudn
-------\Service_TMGHRHCA


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-10 do 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-10 19:04 . 2011-02-10 19:04 -------- d-----w- c:\windows\LastGood.Tmp
2011-02-10 15:44 . 2011-02-10 15:44 -------- d-----w- c:\documents and settings\vyroba\Local Settings\Data aplikací\SlimWare Utilities Inc
2011-02-10 15:43 . 2011-02-10 15:43 -------- d-----w- c:\program files\SlimDrivers
2011-02-09 18:05 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 18:05 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-09 18:05 . 2011-02-10 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 17:37 . 2011-02-09 17:37 -------- d-----w- c:\documents and settings\vyroba\Data aplikací\SUPERAntiSpyware.com
2011-02-09 17:37 . 2011-02-09 17:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-02-09 17:37 . 2011-02-09 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-09 17:20 . 2011-02-09 17:20 -------- d-----w- c:\program files\CodeStuff
2011-01-30 10:09 . 2011-01-30 10:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-01-29 20:33 . 2011-02-09 16:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-01-21 14:44 . 2011-01-21 14:44 440320 ------w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 07:02 . 2010-11-30 09:35 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-01-21 14:44 . 1979-12-31 22:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 1979-12-31 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 1979-12-31 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 1979-12-31 22:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 1979-12-31 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 1979-12-31 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 1979-12-31 22:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 1979-12-31 22:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 1979-12-31 22:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 1979-12-31 22:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2004-08-17 13:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 1979-12-31 22:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-30 09:31 . 2010-11-30 09:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-30 09:31 . 2010-11-30 09:31 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-25 10:54 . 2010-11-25 10:54 89600 ----a-w- c:\windows\system32\atl71.dll
2010-11-25 10:54 . 2010-11-25 10:54 87368 ----a-w- c:\windows\system32\FwsVpn.dll
2010-11-25 10:54 . 2010-11-25 10:54 625032 ----a-w- c:\windows\system32\SymNeti.dll
2010-11-25 10:54 . 2010-11-25 10:54 43336 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
2010-11-25 10:54 . 2010-11-25 10:54 353608 ----a-w- c:\windows\system32\sysfer.dll
2010-11-25 10:54 . 2010-11-25 10:54 242056 ----a-w- c:\windows\system32\SymRedir.dll
2010-11-25 10:54 . 2010-11-25 10:54 107848 ----a-w- c:\windows\system32\SymVPN.dll
2010-11-25 10:54 . 2010-11-25 10:54 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-11-25 10:54 . 2010-11-25 10:54 320944 ----a-w- c:\windows\system32\drivers\srtspl.sys
2010-11-25 10:54 . 2010-11-25 10:54 283184 ----a-w- c:\windows\system32\drivers\srtsp.sys
2010-11-25 10:54 . 2010-11-30 09:31 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-11-25 10:54 . 2010-11-25 10:54 67472 ----a-w- c:\windows\system32\drivers\Teefer2.sys
2010-11-25 10:54 . 2010-11-25 10:54 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
2010-11-25 10:54 . 2010-11-25 10:54 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
2010-11-25 10:54 . 2010-11-25 10:54 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-11-25 10:54 . 2010-11-25 10:54 39856 ----a-w- c:\windows\system32\drivers\symids.sys
2010-11-25 10:54 . 2010-11-25 10:54 35120 ----a-w- c:\windows\system32\drivers\symndis.sys
2010-11-25 10:54 . 2010-11-25 10:54 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
2010-11-25 10:54 . 2010-11-25 10:54 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
2010-11-25 10:54 . 2010-11-25 10:54 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2010-11-18 18:15 . 2004-10-18 06:19 81920 ----a-w- c:\windows\system32\isign32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-25 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 14:49 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-02-27 04:40 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 09:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7255:TCP"= 7255:TCP:BitComet 7255 TCP
"7255:UDP"= 7255:UDP:BitComet 7255 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.2.2011 19:05 363344]
R3 BTPCH4;Bluetooth H4 Transport;c:\windows\system32\drivers\btpch4.sys [15.8.2009 14:30 31888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30.11.2010 10:42 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.2.2011 19:05 20952]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [25.11.2010 11:54 23888]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2011-02-10 c:\windows\Tasks\User_Feed_Synchronization-{FF43FBB7-33A2-427E-95F8-AC7058DAE7B3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\vyroba\Data aplikací\Mozilla\Firefox\Profiles\83o9gq0g.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 22:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C3EE7CB-EC45-AEBF-6CFA-0D8CAD3D711B}\InProcServer32*]
"oaknpgaocbmlhnlmeilimmecjglemm"=hex:6a,61,6c,69,6c,61,62,6b,67,6e,66,6a,6c,6f,
65,63,70,68,6a,65,00,fa
"naknbfeaajlbcbdabnkfeemhihep"=hex:69,61,63,68,6f,64,65,66,63,6c,6e,66,65,67,
67,62,6e,67,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E9A387A-5701-ACA0-CA45-B7FB57B7078C}\InProcServer32*]
"oamnfhacocalbhdgdhgjggndmddhco"=hex:6a,61,6b,69,69,62,70,6a,6b,62,6a,6e,64,6b,
64,69,67,68,69,64,00,07
"namnpgcmlfkfomdlligghajohkpm"=hex:6a,61,6b,69,69,62,70,6a,6b,62,6a,6e,64,6b,
64,69,67,68,69,64,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1448)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\ZCfgSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Celkový čas: 2011-02-10 22:15:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-10 21:15
ComboFix2.txt 2011-02-10 19:30

Před spuštěním: Volných bajtů: 43,148,570,624
Po spuštění: Volných bajtů: 43,381,293,056

- - End Of File - - 9D8A4E994B8A0F123EAA7E6181FE3D56