Pomale otevirani adresaru - perfdisk.dll

matthew72 · Příspěvekod **matthew72** » 15 led 2010 12:30

Dobry den,
objevil se mi problem pri otevirani adresaru (hlavne s vetsim mnozstvim souboru) na sdilenem disku (z jinych PC lze tento adresar otevrit v pohode) - vse trva neskutecne dlouho. Ve vypisu prohlizece udalosti je nekolikrat uvedena tato hlaska :

Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení volání velice zaneprázdněn.

Predem moc diky za jakoukoli pomoc.

Prikladam log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2010-01-15 09:59:04
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 2 GB (10%) free of 20 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:08, on 15.1.2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
i:\ideas\ms9\Iona\bin\orbixd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\MICROS~3\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Avant Browser\avant.exe
C:\Applic\proe2001\i486_nt\obj\xtop.exe
C:\Applic\proe2001\i486_nt\obj\pro_comm_msg.exe
C:\Applic\proe2001\i486_nt\obj\pglclock.exe
C:\WINNT\system32\mmc.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.amtek.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 172.17.9.9 ntserver
O1 - Hosts: 172.16.203.6 fileserver
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" Ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.cz/s/v/58.10/uploader2.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.111.0.70/activex/AxisCamControl.cab
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.242.34.63:8083/activex/AMC.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: I-DEAS 9 Open I-DEAS Server - Unknown owner - i:\ideas\ms9\Iona\bin\orbixd.exe
O23 - Service: I-DEAS License Manager 9.0 - Unknown owner - i:\ideas\ms9\sec\lmgrd.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8142 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-22 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINNT\system32\dla\tfswshx.dll [2003-02-07 98356]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Rádio - C:\WINNT\system32\msdxm.ocx [2005-06-03 849168]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{2913D3DD-9363-4C21-B205-C19A584A0674} - Spb Wallet - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"PtiuPbmd"=Ptipbm.dll,SetWriteBack []
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2008-05-26 8523776]
"nwiz"=nwiz.exe /install []
"HPDJ Taskbar Utility"=C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2008-05-26 81920]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-25 520024]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-06-07 98304]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-23 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=C:\WINNT\system32\internat.exe [2002-08-26 20752]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-05-07 3139164]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINNT\system32\dla\tfswctrl.exe [2003-02-07 114741]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe [2006-05-07 3139164]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\LogMeInSystray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-06-07 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2003-12-13 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]
C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^Svátky a narozeniny.lnk]
C:\PROGRA~1\SVTKYA~1\SaN.exe [2004-05-18 694272]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BTTray.lnk - C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ActiveSync]
C:\WINNT\system32\WcesWlgn.dll [2006-11-13 16168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINNT\system32\avgrsstx.dll [2009-12-22 12464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-01-15 09:40:17 ----D---- C:\Program Files\trend micro
2010-01-15 09:40:16 ----D---- C:\rsit
2010-01-15 08:20:30 ----D---- C:\WINNT\OPTIONS
2010-01-15 08:20:30 ----D---- C:\Program Files\Realtek
2010-01-15 08:20:10 ----D---- C:\Documents and Settings\Martin\Data aplikací\InstallShield
2010-01-15 08:18:43 ----RA---- C:\WINNT\system32\RtNicProp32.dll
2010-01-13 17:01:17 ----HDC---- C:\WINNT\$NtUninstallKB972270$
2009-12-29 13:37:40 ----D---- C:\WINNT\system32\TVUAx
2009-12-23 11:06:26 ----D---- C:\Program Files\HQ ONLINE TV
2009-12-22 09:07:14 ----HD---- C:\$AVG
2009-12-22 09:06:32 ----AD---- C:\Documents and Settings\All Users\Data aplikací\avg9
2009-12-22 09:04:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Temp
2009-12-16 14:46:24 ----D---- C:\Program Files\ZAV1

======List of files/folders modified in the last 1 months======

2010-01-15 09:57:52 ----D---- C:\WINNT\Temp
2010-01-15 09:50:50 ----AD---- C:\WINNT\system32
2010-01-15 09:50:49 ----D---- C:\Documents and Settings\Martin\Data aplikací\Skype
2010-01-15 09:40:17 ----AD---- C:\Program Files
2010-01-15 08:59:42 ----D---- C:\Temp
2010-01-15 08:54:52 ----A---- C:\WINNT\wincmd.ini
2010-01-15 08:44:59 ----D---- C:\Documents and Settings\Martin\Data aplikací\skypePM
2010-01-15 08:42:37 ----D---- C:\WINNT\system32\NtmsData
2010-01-15 08:42:20 ----AD---- C:\WINNT\Debug
2010-01-15 08:38:59 ----A---- C:\WINNT\SchedLgU.Txt
2010-01-15 08:35:35 ----AD---- C:\WINNT\system32\drivers
2010-01-15 08:20:30 ----AD---- C:\WINNT
2010-01-15 08:20:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-15 08:18:42 ----HD---- C:\WINNT\inf
2010-01-14 10:40:24 ----D---- C:\Program Files\Google
2010-01-14 10:20:47 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 10:19:42 ----D---- C:\Program Files\Seznam DVD
2010-01-14 10:19:18 ----D---- C:\Program Files\QIP
2010-01-14 10:17:01 ----SHD---- C:\WINNT\Installer
2010-01-14 10:16:24 ----D---- C:\Program Files\Hewlett-Packard
2010-01-14 10:14:24 ----D---- C:\Program Files\Axis Communications
2010-01-14 10:14:03 ----D---- C:\Program Files\BitTorrent
2010-01-14 10:13:40 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2010-01-13 17:01:21 ----RASHDC---- C:\WINNT\system32\dllcache
2010-01-13 17:01:02 ----AD---- C:\Program Files\JDownloader
2010-01-13 16:51:43 ----SHD---- C:\WINNT\CSC
2010-01-13 13:44:20 ----D---- C:\WINNT\system32\QuickTime
2010-01-13 13:44:20 ----D---- C:\Program Files\QuickTime
2010-01-12 11:24:13 ----D---- C:\Users
2010-01-12 11:00:56 ----D---- C:\Install
2010-01-12 09:27:48 ----A---- C:\WINNT\winamp.ini
2010-01-07 09:37:59 ----D---- C:\ISIMPULS
2010-01-05 01:17:46 ----A---- C:\WINNT\system32\MRT.exe
2009-12-29 09:44:48 ----SD---- C:\WINNT\Downloaded Program Files
2009-12-23 12:05:41 ----D---- C:\Program Files\Kapesní slovník
2009-12-22 09:41:33 ----A---- C:\WINNT\system32\avgrsstx.dll
2009-12-22 09:07:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2009-12-22 09:06:32 ----D---- C:\Program Files\AVG
2009-12-22 09:06:04 ----D---- C:\WINNT\winsxs
2009-12-16 13:00:40 ----D---- C:\Documents and Settings\Martin\Data aplikací\TeamViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2004-07-03 82380]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2009-12-22 333192]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\WINNT\System32\Drivers\avgmfx86.sys [2009-12-22 28424]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2009-12-22 360584]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2004-06-17 58000]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2004-06-17 23420]
R1 SCDEmu;SCDEmu; C:\WINNT\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 sscdbhk5;sscdbhk5; C:\WINNT\system32\drivers\sscdbhk5.sys [2003-02-05 5589]
R1 ssrtln;ssrtln; C:\WINNT\system32\drivers\ssrtln.sys [2003-02-05 23059]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINNT\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINNT\system32\drivers\btslbcsp.sys []
R2 drvnddm;drvnddm; C:\WINNT\system32\drivers\drvnddm.sys [2003-02-05 40416]
R2 tfsnboio;tfsnboio; C:\WINNT\system32\dla\tfsnboio.sys [2003-02-07 23957]
R2 tfsncofs;tfsncofs; C:\WINNT\system32\dla\tfsncofs.sys [2003-02-07 34773]
R2 tfsndrct;tfsndrct; C:\WINNT\system32\dla\tfsndrct.sys [2003-02-07 4053]
R2 tfsndres;tfsndres; C:\WINNT\system32\dla\tfsndres.sys [2003-02-07 2169]
R2 tfsnifs;tfsnifs; C:\WINNT\system32\dla\tfsnifs.sys [2003-02-07 55540]
R2 tfsnopio;tfsnopio; C:\WINNT\system32\dla\tfsnopio.sys [2003-02-07 14133]
R2 tfsnpool;tfsnpool; C:\WINNT\system32\dla\tfsnpool.sys [2003-02-07 6293]
R2 tfsnudf;tfsnudf; C:\WINNT\system32\dla\tfsnudf.sys [2003-02-07 96596]
R2 tfsnudfa;tfsnudfa; C:\WINNT\system32\dla\tfsnudfa.sys [2003-02-07 99029]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINNT\system32\drivers\ALCXWDM.SYS [2006-02-17 3846848]
R3 BtAudio;Bluetooth Audio; C:\WINNT\system32\DRIVERS\btaudio.sys [2003-01-16 21701]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINNT\system32\DRIVERS\btport.sys [2003-01-16 30043]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINNT\system32\DRIVERS\btwdndis.sys [2003-01-16 144608]
R3 NtApm;Ovladač rozhraní služby NT Apm/Legacy; C:\WINNT\system32\DRIVERS\NtApm.sys [2000-03-08 9136]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2008-05-26 7433472]
R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2003-03-21 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2002-08-26 6032]
R3 RTL8023;Realtek 10/100/1000 PCI NIC Family NDIS NT Driver; C:\WINNT\system32\DRIVERS\Rtnic.sys [2008-07-17 107264]
R3 uhcd;Ovladač univerzálního hostitelského řadiče USB; C:\WINNT\system32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINNT\system32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINNT\system32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;Podpora rozbočovače sběrnice USB; C:\WINNT\system32\DRIVERS\usbhub20.sys [2003-06-19 49776]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINNT\system32\DRIVERS\kbdhid.sys [2000-03-08 13744]
S2 HidUsb;Ovladač třídy standardu HID; C:\WINNT\system32\DRIVERS\hidusb.sys [1999-10-04 13904]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINNT\System32\Drivers\btwusb.sys [2003-01-16 65076]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2003-02-17 16384]
S3 C-Dilla;C-Dilla; \??\C:\WINNT\system32\drivers\CDANT.SYS []
S3 ENTECH;ENTECH; \??\C:\WINNT\system32\DRIVERS\ENTECH.SYS []
S3 LMImirr;LMImirr; C:\WINNT\system32\DRIVERS\LMImirr.sys []
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2003-02-17 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINNT\system32\DRIVERS\msdv.sys [2003-02-17 56832]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2003-02-17 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2003-02-17 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2003-02-17 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2003-02-17 14976]
S3 usb_rndisy;USB RNDIS Adapter; C:\WINNT\system32\DRIVERS\usb8023y.sys [2006-03-08 14336]
S3 usbprint;Třída USB Printer; C:\WINNT\system32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2003-02-17 18688]
S3 yukonw2k;NDIS5 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINNT\system32\DRIVERS\yk50x86.sys [2006-03-15 243712]
S4 ACPI;ACPI; C:\WINNT\system32\drivers\ACPI.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-22 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-22 285392]
R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 I-DEAS 9 Open I-DEAS Server;I-DEAS 9 Open I-DEAS Server; i:\ideas\ms9\Iona\bin\orbixd.exe [2000-08-15 188416]
R2 Iprip;Služba RIP Listener; C:\WINNT\System32\svchost.exe [2002-08-26 7952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-19 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2008-05-26 155716]
R2 SimpTcp;Služba Simple TCP/IP Services; C:\WINNT\system32\tcpsvcs.exe [2002-08-26 25360]
S2 I-DEAS License Manager 9.0;I-DEAS License Manager 9.0; i:\ideas\ms9\sec\lmgrd.exe []
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-25 1028432]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-01-14 79360]
S3 WmdmPmSN;Služba sériového čísla přenosného zařízení; C:\WINNT\System32\svchost.exe [2002-08-26 7952]

-----------------EOF-----------------

//přesunuto ze sekce Hardware

//mmm

Reklama

Damned · Příspěvekod **Damned** » 15 led 2010 13:17

Spusť přejmenovaný HijackThis (najdeš ho v: C:\Program Files\trend micro\Martin.exe) vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only", zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll (file missing)
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

matthew72 · Příspěvekod **matthew72** » 15 led 2010 13:33

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3568
Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

15.1.2010 13:32:27
mbam-log-2010-01-15 (13-32-27).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 105056
Uplynulý čas: 4 minute(s), 8 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Damned · Příspěvekod **Damned** » 15 led 2010 13:39

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

matthew72 · Příspěvekod **matthew72** » 15 led 2010 14:10

ComboFix 10-01-14.06 - Martin 15.01.2010 13:50:17.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.2047.1324 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\Web\default.htt

c:\winnt\system32\comres.dll . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 12:56 . 2010-01-15 12:56 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_26c.dat
2010-01-15 12:26 . 2010-01-07 15:07 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-01-15 12:26 . 2010-01-15 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 12:26 . 2010-01-07 15:07 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-01-15 10:52 . 2010-01-15 11:23 -------- d-----w- c:\documents and settings\Martin\DoctorWeb
2010-01-15 08:40 . 2010-01-15 12:25 -------- d-----w- c:\program files\trend micro
2010-01-15 08:40 . 2010-01-15 08:42 -------- d-----w- C:\rsit
2010-01-15 07:35 . 2008-07-17 06:40 107264 ----a-r- c:\winnt\system32\drivers\Rtnic.sys
2010-01-15 07:20 . 2010-01-15 07:20 -------- d-----w- c:\winnt\OPTIONS
2010-01-15 07:20 . 2010-01-15 07:20 -------- d-----w- c:\program files\Realtek
2010-01-15 07:18 . 2008-07-16 14:35 9728 ----a-r- c:\winnt\system32\RtNicProp32.dll
2009-12-29 12:37 . 2009-12-29 12:37 -------- d-----w- c:\winnt\system32\TVUAx
2009-12-23 10:06 . 2009-12-23 11:05 -------- d-----w- c:\program files\HQ ONLINE TV
2009-12-22 08:07 . 2009-12-22 08:10 -------- d-----w- C:\$AVG
2009-12-16 13:46 . 2009-12-16 13:46 -------- d-----w- c:\program files\ZAV1

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 10:30 . 2009-06-05 08:32 -------- d-----w- c:\program files\Lavasoft
2010-01-15 07:20 . 2004-06-17 15:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 09:40 . 2008-10-24 06:11 -------- d-----w- c:\program files\Google
2010-01-14 09:19 . 2004-09-06 14:48 -------- d-----w- c:\program files\Seznam DVD
2010-01-14 09:19 . 2008-03-17 07:26 -------- d-----w- c:\program files\QIP
2010-01-14 09:16 . 2004-07-03 18:47 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-14 09:14 . 2006-03-20 12:14 -------- d-----w- c:\program files\Axis Communications
2010-01-14 09:14 . 2007-09-26 08:06 -------- d-----w- c:\program files\BitTorrent
2010-01-13 16:01 . 2009-11-19 13:56 -------- d---a-w- c:\program files\JDownloader
2010-01-13 12:44 . 2006-06-07 12:07 -------- d-----w- c:\program files\QuickTime
2009-12-23 11:05 . 2008-08-19 12:22 -------- d-----w- c:\program files\Kapesní slovník
2009-12-22 08:41 . 2009-05-29 09:20 360584 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2009-12-22 08:41 . 2009-05-29 09:20 12464 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-12-22 08:41 . 2006-10-12 14:11 28424 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-12-22 08:41 . 2009-05-29 09:20 333192 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-12-22 08:41 . 2009-05-29 09:20 161800 ----a-w- c:\winnt\system32\drivers\avgrkx86.sys
2009-12-22 08:06 . 2009-05-29 09:20 -------- d-----w- c:\program files\AVG
2009-12-15 10:10 . 2009-12-15 10:10 -------- d-----w- c:\program files\PowerISO
2009-12-11 09:20 . 2009-12-11 09:20 -------- d-----w- c:\program files\TeamViewer
2009-11-25 07:22 . 2009-11-25 07:22 -------- d-----w- c:\program files\Common Files\Skype
2009-11-25 07:22 . 2006-09-08 10:31 -------- d-----r- c:\program files\Skype
2009-11-20 07:04 . 2009-11-20 07:04 288528 ----a-w- c:\winnt\AppPatch\aclayers.dll
2009-11-19 13:56 . 2009-11-19 13:56 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-11-19 13:56 . 2004-06-17 17:12 -------- d-----w- c:\program files\Java
2009-10-27 14:00 . 2009-10-27 14:00 579072 ----a-w- c:\winnt\system32\WININET.DLL
2006-10-18 11:41 . 2006-10-18 11:41 5162 ----a-w- c:\program files\qeiejdus.txt
2004-06-17 14:54 . 2004-06-17 14:54 22034 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [9.0.1.56] . . c:\winnt\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2002-08-26 20752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"PtiuPbmd"="Ptipbm.dll" [2003-01-21 98304]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-05-26 8523776]
"nwiz"="nwiz.exe" [2008-05-26 1630208]
"HPDJ Taskbar Utility"="c:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-05-26 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-07 98304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 188688]
"ICQ Lite"="c:\progra~1\ICQLite\ICQLite.exe" [2006-05-07 3139164]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MICROSTAR\Bluetooth Software\BTTray.exe [2003-1-16 360509]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
2006-11-13 14:49 16168 ----a-w- c:\winnt\system32\WcesWlgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 08:41 12464 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Martin\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
backup=c:\winnt\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^Svátky a narozeniny.lnk]
path=c:\documents and settings\Martin\Nabídka Start\Programy\Po spuštění\Svátky a narozeniny.lnk
backup=c:\winnt\pss\Svátky a narozeniny.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-02-06 23:03 114741 ----a-w- c:\winnt\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-05-07 16:49 3139164 ----a-w- c:\program files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-07 12:10 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-12-13 00:50 33792 ----a-w- c:\program files\Winamp\winampa.exe

R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [29.5.2009 10:20 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [29.5.2009 10:20 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [29.5.2009 10:20 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.12.2009 9:41 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.12.2009 9:41 285392]
R2 I-DEAS 9 Open I-DEAS Server;I-DEAS 9 Open I-DEAS Server;i:\ideas\ms9\Iona\bin\orbixd.exe -b --> i:\ideas\ms9\Iona\bin\orbixd.exe -b [?]
R3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;c:\winnt\system32\drivers\NtApm.sys [17.6.2004 16:47 9136]
R3 usbhub20;Podpora rozbočovače sběrnice USB;c:\winnt\system32\drivers\usbhub20.sys [17.6.2004 16:46 49776]
S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys --> c:\winnt\system32\DRIVERS\Lbd.sys [?]
S2 I-DEAS License Manager 9.0;I-DEAS License Manager 9.0;i:\ideas\ms9\sec\lmgrd.exe --> i:\ideas\ms9\sec\lmgrd.exe [?]
S3 usb_rndisy;USB RNDIS Adapter;c:\winnt\system32\drivers\usb8023y.sys [8.3.2006 8:57 14336]
S3 yukonw2k;NDIS5 Miniport Driver for Marvell Yukon Ethernet Controller;c:\winnt\system32\drivers\yk50x86.sys [9.11.2007 10:31 243712]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - IPNAT
*NewlyCreated* - RASAUTO
*NewlyCreated* - SHAREDACCESS
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = proxy.amtek.cz:3128
uInternet Settings,ProxyOverride = <local>
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
LSP: %SystemRoot%\system32\msafd.dll
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.cz/s/v/58.10/uploader2.cab
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} - hxxps://ib24.csob.cz/Comp/signer.cab
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.242.34.63:8083/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\3w1nst7t.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-DeviceDiscovery - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\LogMeInSystray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 14:01
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(244)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1840)
c:\winnt\system32\SHDOCVW.DLL
c:\program files\MICROSTAR\Bluetooth Software\BtBalloon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\winnt\system32\hidserv.exe
i:\ideas\ms9\Iona\bin\orbixd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\system32\tcpsvcs.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\winnt\system32\RUNDLL32.EXE
c:\winnt\system32\internat.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\progra~1\MICROS~3\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-15 14:05:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-15 13:05

Před spuštěním: 2 372 554 752
Po spuštění: 2 587 058 176

- - End Of File - - E41B9DE7D920C34C0C6D47FF6168E456

Damned · Příspěvekod **Damned** » 15 led 2010 14:31

Odinstaluj si ICQ Toolbar. I-DEAS License Manager 9.0 tam máš?

Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \comres.dll /a h /s > File.txt

uložho na Plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

matthew72 · Příspěvekod **matthew72** » 15 led 2010 14:42

Svazek v jednotce C je SYSTEM
Sériové číslo svazku je C400-638C

ICQ Toolbar jsem v odebrat programy nenasel a I-DEAS License Manager 9.0 je license pro CAD soft Ideas 9.0

Damned · Příspěvekod **Damned** » 15 led 2010 14:45

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\winnt\system32\comres.dll

matthew72 · Příspěvekod **matthew72** » 15 led 2010 15:00

c:\winnt\system32\comres.dll

Soubor jsem nenasel ani kdyz jsem si dal zobrazit skryte soubory :-(

Damned · Příspěvekod **Damned** » 15 led 2010 15:18

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

FileLook::
c:\winnt\system32\comres.dll

Folder::
C:\Program Files\Spb Wallet

ADS::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT (Martin.exe) a popiš chování počítače

matthew72 · Příspěvekod **matthew72** » 15 led 2010 15:31

PC se chova stale stejne - pripojeni a otevreni adresare na sdilenem disku trva porad hodne dlouho.

ComboFix 10-01-14.06 - Martin 15.01.2010 15:21:51.2.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.2047.1565 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\comres.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 14:21 . 2010-01-15 14:21 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_188.dat
2010-01-15 12:56 . 2010-01-15 12:56 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_26c.dat
2010-01-15 12:26 . 2010-01-07 15:07 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-01-15 12:26 . 2010-01-15 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 12:26 . 2010-01-07 15:07 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-01-15 10:52 . 2010-01-15 11:23 -------- d-----w- c:\documents and settings\Martin\DoctorWeb
2010-01-15 08:40 . 2010-01-15 12:25 -------- d-----w- c:\program files\trend micro
2010-01-15 08:40 . 2010-01-15 08:42 -------- d-----w- C:\rsit
2010-01-15 07:35 . 2008-07-17 06:40 107264 ----a-r- c:\winnt\system32\drivers\Rtnic.sys
2010-01-15 07:20 . 2010-01-15 07:20 -------- d-----w- c:\winnt\OPTIONS
2010-01-15 07:20 . 2010-01-15 07:20 -------- d-----w- c:\program files\Realtek
2010-01-15 07:18 . 2008-07-16 14:35 9728 ----a-r- c:\winnt\system32\RtNicProp32.dll
2009-12-29 12:37 . 2009-12-29 12:37 -------- d-----w- c:\winnt\system32\TVUAx
2009-12-23 10:06 . 2009-12-23 11:05 -------- d-----w- c:\program files\HQ ONLINE TV
2009-12-22 08:07 . 2009-12-22 08:10 -------- d-----w- C:\$AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 10:30 . 2009-06-05 08:32 -------- d-----w- c:\program files\Lavasoft
2010-01-15 07:20 . 2004-06-17 15:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 09:40 . 2008-10-24 06:11 -------- d-----w- c:\program files\Google
2010-01-14 09:19 . 2004-09-06 14:48 -------- d-----w- c:\program files\Seznam DVD
2010-01-14 09:19 . 2008-03-17 07:26 -------- d-----w- c:\program files\QIP
2010-01-14 09:16 . 2004-07-03 18:47 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-14 09:14 . 2006-03-20 12:14 -------- d-----w- c:\program files\Axis Communications
2010-01-14 09:14 . 2007-09-26 08:06 -------- d-----w- c:\program files\BitTorrent
2010-01-13 16:01 . 2009-11-19 13:56 -------- d---a-w- c:\program files\JDownloader
2010-01-13 12:44 . 2006-06-07 12:07 -------- d-----w- c:\program files\QuickTime
2009-12-23 11:05 . 2008-08-19 12:22 -------- d-----w- c:\program files\Kapesní slovník
2009-12-22 08:41 . 2009-05-29 09:20 360584 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2009-12-22 08:41 . 2009-05-29 09:20 12464 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-12-22 08:41 . 2006-10-12 14:11 28424 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-12-22 08:41 . 2009-05-29 09:20 333192 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-12-22 08:41 . 2009-05-29 09:20 161800 ----a-w- c:\winnt\system32\drivers\avgrkx86.sys
2009-12-22 08:06 . 2009-05-29 09:20 -------- d-----w- c:\program files\AVG
2009-12-16 13:46 . 2009-12-16 13:46 -------- d-----w- c:\program files\ZAV1
2009-12-15 10:10 . 2009-12-15 10:10 -------- d-----w- c:\program files\PowerISO
2009-12-11 09:20 . 2009-12-11 09:20 -------- d-----w- c:\program files\TeamViewer
2009-11-25 07:22 . 2009-11-25 07:22 -------- d-----w- c:\program files\Common Files\Skype
2009-11-25 07:22 . 2006-09-08 10:31 -------- d-----r- c:\program files\Skype
2009-11-20 07:04 . 2009-11-20 07:04 288528 ----a-w- c:\winnt\AppPatch\aclayers.dll
2009-11-19 13:56 . 2009-11-19 13:56 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-11-19 13:56 . 2004-06-17 17:12 -------- d-----w- c:\program files\Java
2009-10-27 14:00 . 2009-10-27 14:00 579072 ------w- c:\winnt\system32\WININET.DLL
2006-10-18 11:41 . 2006-10-18 11:41 5162 ----a-w- c:\program files\qeiejdus.txt
2004-06-17 14:54 . 2004-06-17 14:54 22034 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [9.0.1.56] . . c:\winnt\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2002-08-26 20752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"PtiuPbmd"="Ptipbm.dll" [2003-01-21 98304]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-05-26 8523776]
"nwiz"="nwiz.exe" [2008-05-26 1630208]
"HPDJ Taskbar Utility"="c:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-05-26 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-07 98304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 188688]
"ICQ Lite"="c:\progra~1\ICQLite\ICQLite.exe" [2006-05-07 3139164]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MICROSTAR\Bluetooth Software\BTTray.exe [2003-1-16 360509]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
2006-11-13 14:49 16168 ----a-w- c:\winnt\system32\WcesWlgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 08:41 12464 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Martin\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
backup=c:\winnt\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^Svátky a narozeniny.lnk]
path=c:\documents and settings\Martin\Nabídka Start\Programy\Po spuštění\Svátky a narozeniny.lnk
backup=c:\winnt\pss\Svátky a narozeniny.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-02-06 23:03 114741 ----a-w- c:\winnt\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-05-07 16:49 3139164 ----a-w- c:\program files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-12-13 00:50 33792 ----a-w- c:\program files\Winamp\winampa.exe

R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [29.5.2009 10:20 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [29.5.2009 10:20 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [29.5.2009 10:20 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.12.2009 9:41 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.12.2009 9:41 285392]
R3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;c:\winnt\system32\drivers\NtApm.sys [17.6.2004 16:47 9136]
R3 usbhub20;Podpora rozbočovače sběrnice USB;c:\winnt\system32\drivers\usbhub20.sys [17.6.2004 16:46 49776]
S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys --> c:\winnt\system32\DRIVERS\Lbd.sys [?]
S2 I-DEAS 9 Open I-DEAS Server;I-DEAS 9 Open I-DEAS Server;i:\ideas\ms9\Iona\bin\orbixd.exe -b --> i:\ideas\ms9\Iona\bin\orbixd.exe -b [?]
S2 I-DEAS License Manager 9.0;I-DEAS License Manager 9.0;i:\ideas\ms9\sec\lmgrd.exe --> i:\ideas\ms9\sec\lmgrd.exe [?]
S3 usb_rndisy;USB RNDIS Adapter;c:\winnt\system32\drivers\usb8023y.sys [8.3.2006 8:57 14336]
S3 yukonw2k;NDIS5 Miniport Driver for Marvell Yukon Ethernet Controller;c:\winnt\system32\drivers\yk50x86.sys [9.11.2007 10:31 243712]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - IPNAT
*NewlyCreated* - RASAUTO
*NewlyCreated* - SHAREDACCESS
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = proxy.amtek.cz:3128
uInternet Settings,ProxyOverride = <local>
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
LSP: %SystemRoot%\system32\msafd.dll
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.cz/s/v/58.10/uploader2.cab
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} - hxxps://ib24.csob.cz/Comp/signer.cab
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.242.34.63:8083/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\3w1nst7t.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 15:26
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(244)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(2052)
c:\winnt\system32\SHDOCVW.DLL
c:\program files\MICROSTAR\Bluetooth Software\BtBalloon.dll
.
Celkový čas: 2010-01-15 15:28:07
ComboFix-quarantined-files.txt 2010-01-15 14:28
ComboFix2.txt 2010-01-15 13:05

Před spuštěním: 2 593 083 392
Po spuštění: 2 586 951 680

- - End Of File - - E4F5537C1F5A080B75CB7B564272639C

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:34, on 15.1.2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\MICROS~3\BLUETO~1\BTSTAC~1.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.amtek.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" Ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ICQ Lite] C:\PROGRA~1\ICQLite\ICQLite.exe -trayboot (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.cz/s/v/58.10/uploader2.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.111.0.70/activex/AxisCamControl.cab
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.242.34.63:8083/activex/AMC.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: I-DEAS 9 Open I-DEAS Server - Unknown owner - i:\ideas\ms9\Iona\bin\orbixd.exe
O23 - Service: I-DEAS License Manager 9.0 - Unknown owner - i:\ideas\ms9\sec\lmgrd.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 7495 bytes

Damned · Příspěvekod **Damned** » 15 led 2010 15:53

Stáhni si :Dr. Web CureIt nebo z http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html dej update , po aktualizaci dej start.

Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.

Pomale otevirani adresaru - perfdisk.dll

Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Kdo je online