svchost CPU 100%

slama · Příspěvekod **slama** » 17 bře 2010 19:53

Ahoj po spuštění pc mi svchost žere 100 procent CPU kdž proces vypnu tak se mi po chvilce restartuje pc. Myslim že je zavyrovanej pc sem projížděl antivirakem Kaspersky což mi doporučil kámoš. Doporučili byste mi co s tím mám dělat? muj hijackthis:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:37:12, on 17.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\csrss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\Explorer.EXE
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS.1\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS.1\system32\wscntfy.exe
C:\WINDOWS.1\system32\taskmgr.exe
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL\Plocha\QIP 2005\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.1\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS.1\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=3W ... V7sTvY7c3t
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: monnwb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.1\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.1\system32\browseui.dll
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5121 bytes

Reklama

Damned · Příspěvekod **Damned** » 17 bře 2010 20:02

Odinstaluj si DAEMON Tools Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query=3W ... V7sTvY7c3t
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O4 - Startup: monnwb32.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

slama · Příspěvekod **slama** » 17 bře 2010 21:05

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3877
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17.3.2010 21:02:36
mbam-log-2010-03-17 (21-02-18).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 205162
Uplynulý čas: 41 minute(s), 2 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 11

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\RECYCLER\S-1-5-21-823518204-963894560-1417001333-1003\Dc2.unk (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marek Zavadil\Nabídka Start\Programy\Po spuštění\monnwb32.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS.1\system32\drivers\gjazjc.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL.000\Local Settings\Temp\Rar$EX00.125\keygen.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS.2\Data aplikací\av.exe (Rogue.MultipleAV) -> No action taken.
C:\Documents and Settings\Marek Zavadil\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL.000\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\All Users.WINDOWS.2\Data aplikací\ave.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL\Nabídka Start\Programy\Po spuštění\monnwb32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL.000\Nabídka Start\Programy\Po spuštění\monnwb32.exe (Trojan.Agent) -> No action taken.

Damned · Příspěvekod **Damned** » 17 bře 2010 21:08

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

slama · Příspěvekod **slama** » 17 bře 2010 22:07

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3877
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17.3.2010 21:54:38
mbam-log-2010-03-17 (21-54-38).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 205195
Uplynulý čas: 40 minute(s), 16 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 11

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\RECYCLER\S-1-5-21-823518204-963894560-1417001333-1003\Dc2.unk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marek Zavadil\Nabídka Start\Programy\Po spuštění\monnwb32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS.1\system32\drivers\gjazjc.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL.000\Local Settings\Temp\Rar$EX00.125\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.2\Data aplikací\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marek Zavadil\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL.000\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.2\Data aplikací\ave.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL\Nabídka Start\Programy\Po spuštění\monnwb32.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Marek Zavadil.MAREKZAVADIL.000\Nabídka Start\Programy\Po spuštění\monnwb32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ComboFix 10-03-17.01 - Marek Zavadil 17.03.2010 22:10:14.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.370 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek Zavadil.MAREKZAVADIL\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marek Zavadil.MAREKZAVADIL.000\Local Settings\Temporary Internet Files\0vQtN.jpg
c:\documents and settings\Marek Zavadil.MAREKZAVADIL.000\Local Settings\Temporary Internet Files\18A84V2ev.jpg
c:\documents and settings\Marek Zavadil.MAREKZAVADIL.000\Local Settings\Temporary Internet Files\2O1RK.jpg
c:\documents and settings\Marek Zavadil.MAREKZAVADIL.000\Local Settings\Temporary Internet Files\YgRK51aj.jpg
c:\recycler\S-1-5-21-823518204-963894560-1417001333-1003
c:\recycler\S-1-5-21-854245398-861567501-1606980848-1003

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-17 19:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-03-17 19:17 . 2010-03-17 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 19:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-03-17 18:35 . 2010-03-17 18:35 -------- d-----w- c:\program files\TrendMicro
2010-03-17 13:01 . 2010-03-17 12:15 -------- d--h--r- c:\documents and settings\Default User.WINDOWS\Data aplikací
2010-03-17 13:00 . 2010-03-17 12:16 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2010-03-17 13:00 . 2010-03-17 12:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2010-03-17 12:19 . 2008-04-13 23:17 25856 ----a-w- c:\windows.1\system32\drivers\usbprint.sys
2010-03-17 12:16 . 2010-03-17 12:16 -------- d-----w- c:\program files\QIP 2005 psYNovA-Edition
2010-03-17 12:16 . 2010-03-17 12:16 -------- d-----w- c:\program files\SpeedFan
2010-03-17 12:15 . 2010-03-17 12:15 -------- d-----w- c:\program files\DVD Decrypter
2010-03-17 12:15 . 2010-03-17 12:15 -------- d-----w- c:\program files\DVD Shrink
2010-03-17 12:13 . 2010-03-17 12:13 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2010-03-17 11:51 . 2010-03-17 11:51 51807 ----a-w- c:\documents and settings\Marek Zavadil.MAREKZAVADIL.000\wuaucldt.exe
2010-03-16 22:57 . 2010-03-17 10:45 -------- d-----w- c:\program files\BS_Player
2010-03-16 22:57 . 2010-03-16 22:57 -------- d-----w- c:\program files\Conduit
2010-03-16 21:42 . 2010-03-16 21:42 -------- d-----w- C:\SXS
2010-03-16 20:56 . 2010-03-16 20:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS.2\Documents
2010-03-16 20:56 . 2010-03-16 20:56 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-03-16 20:55 . 2010-03-16 20:55 -------- d-----w- c:\program files\Sony Ericsson
2010-03-16 20:16 . 2010-03-16 20:16 -------- d-----w- c:\program files\Valve
2010-03-16 19:44 . 2010-03-16 20:00 -------- d-----w- c:\program files\Canon
2010-03-16 19:24 . 2010-03-16 19:32 -------- d-----w- c:\program files\HP
2010-03-16 19:12 . 2010-03-16 19:12 -------- d-----w- c:\program files\Common Files\Labtec
2010-03-16 18:50 . 2010-03-16 18:50 -------- d-----w- c:\program files\Nero
2010-03-16 18:32 . 2010-03-16 17:47 -------- d--h--r- c:\documents and settings\Default User.WINDOWS.2\Data aplikací
2010-03-16 18:32 . 2010-03-17 11:19 -------- d--h--r- c:\documents and settings\All Users.WINDOWS.2\Data aplikací
2010-03-16 18:32 . 2010-03-16 20:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS.2
2010-03-16 18:32 . 2010-03-16 17:48 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.2
2010-03-16 18:30 . 2010-03-16 18:30 -------- d-----w- c:\program files\EA SPORTS
2010-03-16 18:27 . 2010-03-17 11:45 -------- d-----w- C:\WINDOWS.2
2010-03-16 18:12 . 2010-03-16 18:12 -------- d-----w- c:\documents and settings\Marek Zavadil.MAREKZAVADIL.000\WINDOWS
2010-03-16 18:06 . 2010-03-16 18:06 -------- d-----w- c:\documents and settings\MAREKZ~1~000\LOCALS~1
2010-03-16 18:06 . 2010-03-16 18:06 -------- d-----w- c:\documents and settings\MAREKZ~1~000
2010-03-16 18:05 . 2010-03-16 18:05 -------- d-----w- C:\searchplugins
2010-03-16 18:05 . 2010-03-16 18:05 -------- d-----w- c:\program files\Ask.com
2010-03-16 18:05 . 2010-03-16 18:05 -------- d-----w- C:\FIND_MOZ_EXT
2010-03-16 18:00 . 2010-03-16 18:00 -------- d-----w- c:\program files\Google
2010-03-16 17:50 . 2010-03-17 10:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Data aplikací
2010-03-16 17:50 . 2010-03-16 17:50 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.000
2010-03-16 17:50 . 2010-03-16 17:50 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.000\Data aplikací
2010-03-16 17:50 . 2010-03-16 17:50 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY.000
2010-03-16 17:45 . 2010-03-16 18:16 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.2\DRM
2010-03-16 14:51 . 2010-03-16 14:51 148 ----a-w- c:\windows.1\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 20:21 . 2010-02-13 00:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-17 20:20 . 2010-03-16 11:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-17 19:06 . 2010-03-16 13:21 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-17 12:16 . 2010-02-12 16:00 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-17 12:15 . 2010-02-12 15:59 -------- d-----w- c:\program files\GPU-Z
2010-03-17 12:15 . 2010-02-12 15:59 -------- d-----w- c:\program files\CPU-Z 1.45
2010-03-17 12:15 . 2010-02-12 15:59 -------- d-----w- c:\program files\VirtualDub
2010-03-17 12:15 . 2010-02-12 15:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-17 12:10 . 2010-02-12 15:55 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-17 10:34 . 2010-02-12 18:00 -------- d-----w- c:\program files\Warcraft 3
2010-03-17 10:23 . 2010-02-13 00:32 -------- d-----w- c:\program files\Garena
2010-03-17 10:19 . 2010-02-13 00:14 -------- d-----w- c:\program files\Skype
2010-03-16 21:34 . 2010-02-12 16:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-16 19:19 . 2010-02-12 16:14 -------- d-----w- c:\program files\Asus
2010-03-16 18:52 . 2010-02-13 11:59 -------- d-----w- c:\program files\Common Files\Nero
2010-03-16 18:20 . 2010-02-13 00:17 -------- d-----w- c:\program files\Winamp
2010-03-16 18:19 . 2010-02-12 18:00 -------- d-----w- c:\program files\vypinac
2010-03-16 18:03 . 2010-02-12 17:58 -------- d-----w- c:\program files\QIP 2005
2010-03-16 17:59 . 2010-02-13 00:03 -------- d-----w- c:\program files\Ventrilo
2010-03-16 13:18 . 2010-03-16 13:18 717296 ----a-w- c:\windows.1\system32\drivers\sptd.sys
2010-03-16 13:11 . 2001-10-25 12:00 46196 ----a-w- c:\windows.1\system32\perfc005.dat
2010-03-16 13:11 . 2001-10-25 12:00 309990 ----a-w- c:\windows.1\system32\perfh005.dat
2010-03-16 13:02 . 2010-03-16 13:02 0 ----a-w- c:\windows.1\nsreg.dat
2010-03-16 12:54 . 2010-03-16 12:54 -------- d-----w- c:\program files\CCleaner
2010-03-16 12:52 . 2010-03-16 12:52 8738 ----a-w- c:\windows.1\pchealth\helpctr\Config\Cntstore.bin
2010-03-16 12:52 . 2010-03-16 12:52 2136 ----a-w- c:\windows.1\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-16 12:52 . 2010-03-16 12:52 86339 ----a-w- c:\windows.1\pchealth\helpctr\OfflineCache\index.dat
2010-03-16 12:49 . 2010-03-16 12:49 21812 ----a-w- c:\windows.1\system32\emptyregdb.dat
2010-03-15 12:13 . 2010-03-15 12:13 -------- d-----w- c:\program files\Doblon
2010-03-08 15:15 . 2010-03-08 15:15 -------- d-----w- c:\program files\Common Files\Autodesk
2010-03-08 15:02 . 2010-03-08 12:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-08 12:27 . 2010-03-08 12:25 -------- d-----w- c:\program files\AOEMView 2009
2010-03-08 12:24 . 2010-03-08 12:24 -------- d-----w- c:\program files\Microsoft WSE
2010-03-08 12:24 . 2010-03-08 12:21 -------- d-----w- c:\program files\DWG TrueView 2009
2010-02-28 17:31 . 2010-02-28 17:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-27 17:17 . 2010-02-27 13:17 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-27 13:06 . 2010-02-27 13:06 -------- d-----w- c:\program files\Microsoft Works
2010-02-27 13:06 . 2010-02-27 13:06 -------- d-----w- c:\program files\MSBuild
2010-02-27 13:03 . 2010-02-27 13:03 -------- d-----w- c:\program files\Microsoft.NET
2010-02-27 12:59 . 2010-02-27 12:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-23 18:04 . 2010-02-23 18:04 -------- d-----w- c:\program files\Common Files\Java
2010-02-23 18:02 . 2010-02-23 18:02 -------- d-----w- c:\program files\Java
2010-02-13 16:28 . 2010-02-13 16:28 -------- d-----w- c:\program files\Common Files\Canon
2010-02-13 13:07 . 2010-02-13 13:07 -------- d-----w- c:\program files\Common Files\HP
2010-02-13 13:05 . 2010-02-13 13:05 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-13 13:05 . 2010-02-13 13:05 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-13 12:40 . 2010-02-13 12:40 -------- d-----w- c:\program files\Ahead
2010-02-13 12:40 . 2010-02-13 12:40 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-13 12:38 . 2010-02-13 12:38 -------- d-----w- c:\program files\Yahoo!
2010-02-13 00:20 . 2010-02-13 00:20 -------- d-----w- c:\program files\Winamp Toolbar
2010-02-13 00:20 . 2010-02-13 00:20 -------- d-----w- c:\program files\Winamp Remote
2010-02-13 00:16 . 2010-02-13 00:16 -------- d-----w- c:\program files\VideoLAN
2010-02-13 00:15 . 2010-02-13 00:13 -------- d-----w- c:\program files\QuickTime
2010-02-13 00:15 . 2010-02-13 00:15 -------- d-----w- c:\program files\SopCast
2010-02-13 00:13 . 2010-02-13 00:13 -------- d-----w- c:\program files\Apple Software Update
2010-02-13 00:12 . 2010-02-13 00:12 -------- d-----w- c:\program files\Webteh
2010-02-12 23:52 . 2010-02-12 23:51 -------- d-----w- c:\program files\Logitech
2010-02-12 23:51 . 2010-02-12 23:51 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-12 23:51 . 2010-02-12 16:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 16:42 . 2010-02-12 16:42 -------- d-----w- c:\program files\USBTurboSpeed
2010-02-12 16:14 . 2010-02-12 16:11 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- c:\program files\Marvell
2010-02-12 16:11 . 2010-02-12 16:11 -------- d-----w- c:\program files\Analog Devices
2010-02-12 16:08 . 2010-02-12 16:08 -------- d-----w- c:\program files\Intel
2010-02-12 15:59 . 2010-02-12 15:59 -------- d-----w- c:\program files\7-Zip
.

------- Sigcheck -------

[-] 2008-06-23 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows.1\system32\drivers\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows.1\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows.1\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3gdr\tcpip.sys

[-] 2008-06-22 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-22 123904]

c:\documents and settings\All Users.WINDOWS.1\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

S0 gjazjc;gjazjc; [x]
S0 sptd;sptd;c:\windows.1\system32\drivers\sptd.sys [16.3.2010 14:18 717296]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\MAREKZ~1.MAR\LOCALS~1\Temp\IZD11.tmp --> c:\docume~1\MAREKZ~1.MAR\LOCALS~1\Temp\IZD11.tmp [?]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Marek Zavadil.MAREKZAVADIL\Data aplikací\Mozilla\Firefox\Profiles\nl0xdfdy.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\documents and settings\Marek Zavadil.MAREKZAVADIL\Data aplikací\Mozilla\Firefox\Profiles\nl0xdfdy.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 22:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\MAREKZ~1.MAR\LOCALS~1\Temp\IZD11.tmp"
.
Celkový čas: 2010-03-17 22:15:36
ComboFix-quarantined-files.txt 2010-03-17 21:15

Před spuštěním: Volných bajtů: 87 525 527 552
Po spuštění: Volných bajtů: 90 092 445 696

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.2
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.2="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D2EB80EA3EB6F935A1C41DB85DC390C7

Damned · Příspěvekod **Damned** » 17 bře 2010 22:38

Co to tam máš za guláš?? Kolikrát jsi instaloval systém? 4x Windows na jednom PC?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows.1\system32\fjhdyfhsn.bat
c:\windows.1\nsreg.dat
c:\windows.1\system32\emptyregdb.dat
c:\docume~1\MAREKZ~1.MAR\LOCALS~1\Temp\IZD11.tmp

Folder::
c:\program files\Ask.com
c:\program files\Conduit
c:\program files\DAEMON Tools Toolbar
C:\searchplugins
c:\program files\Winamp Toolbar

Driver::
gjazjc
GarenaPEngine

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

Registry-clean::

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

slama · Příspěvekod **slama** » 17 bře 2010 23:05

ComboFix 10-03-17.01 - Marek Zavadil 17.03.2010 22:47:57.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.306 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek Zavadil.MAREKZAVADIL\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek Zavadil.MAREKZAVADIL\Plocha\CFScript.txt

FILE ::
"c:\docume~1\MAREKZ~1.MAR\LOCALS~1\Temp\IZD11.tmp"
"c:\windows.1\nsreg.dat"
"c:\windows.1\system32\emptyregdb.dat"
"c:\windows.1\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files\DAEMON Tools Toolbar\Resources\about.ico
c:\program files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files\DAEMON Tools Toolbar\Resources\accept.ico
c:\program files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.png
c:\program files\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_download.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_home.ico
c:\program files\DAEMON Tools Toolbar\Resources\astro_lite.ico
c:\program files\DAEMON Tools Toolbar\Resources\astroburn_site.ico
c:\program files\DAEMON Tools Toolbar\Resources\astroLite_16.ico
c:\program files\DAEMON Tools Toolbar\Resources\az.ico
c:\program files\DAEMON Tools Toolbar\Resources\b1.png
c:\program files\DAEMON Tools Toolbar\Resources\burn_files.ico
c:\program files\DAEMON Tools Toolbar\Resources\burn_image.ico
c:\program files\DAEMON Tools Toolbar\Resources\burn_imgs.ico
c:\program files\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files\DAEMON Tools Toolbar\Resources\d.ico
c:\program files\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon_search_site.ico
c:\program files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
c:\program files\DAEMON Tools Toolbar\Resources\download.ico
c:\program files\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt-home.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_about.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_download.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_faq.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_line.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_lite.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_manual.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt_pro.ico
c:\program files\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt16.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt32.ico
c:\program files\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files\DAEMON Tools Toolbar\Resources\favicon.ico
c:\program files\DAEMON Tools Toolbar\Resources\features.ico
c:\program files\DAEMON Tools Toolbar\Resources\feedback.ico
c:\program files\DAEMON Tools Toolbar\Resources\forum.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameS.ico
c:\program files\DAEMON Tools Toolbar\Resources\games_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\games_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\gct16.ico
c:\program files\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files\DAEMON Tools Toolbar\Resources\help.ico
c:\program files\DAEMON Tools Toolbar\Resources\hide.ico
c:\program files\DAEMON Tools Toolbar\Resources\home.ico
c:\program files\DAEMON Tools Toolbar\Resources\image_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\image_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageS.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files\DAEMON Tools Toolbar\Resources\m.ico
c:\program files\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files\DAEMON Tools Toolbar\Resources\mount.ico
c:\program files\DAEMON Tools Toolbar\Resources\mount_n_drive.ico
c:\program files\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\op.ico
c:\program files\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play.ico
c:\program files\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rbcheck.ico
c:\program files\DAEMON Tools Toolbar\Resources\rbtxt.ico
c:\program files\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA1.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssRefresh.ico
c:\program files\DAEMON Tools Toolbar\Resources\s2.ico
c:\program files\DAEMON Tools Toolbar\Resources\show.ico
c:\program files\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_lr.ico
c:\program files\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_rl.ico
c:\program files\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\style.ico
c:\program files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files\DAEMON Tools Toolbar\Resources\timer.ico
c:\program files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\u.ico
c:\program files\DAEMON Tools Toolbar\Resources\unmount-all.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\web_resources.ico
c:\program files\DAEMON Tools Toolbar\Resources\web_search.ico
c:\program files\DAEMON Tools Toolbar\Resources\web_search_SA.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebS.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebSa.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi14.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files\DAEMON Tools Toolbar\uninst.exe
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
C:\searchplugins
c:\searchplugins\askcom.xml
c:\windows.1\nsreg.dat
c:\windows.1\system32\emptyregdb.dat
c:\windows.1\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Legacy_GJAZJC
-------\Service_gjazjc

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-17 21:58 . 2010-03-17 21:58 -------- d-----w- c:\windows.1\system32\wbem\snmp
2010-03-17 21:58 . 2010-03-17 21:58 -------- d-----w- c:\windows.1\system32\xircom
2010-03-17 21:58 . 2010-03-17 21:58 -------- d-----w- c:\program files\microsoft frontpage
2010-03-17 19:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-03-17 19:17 . 2010-03-17 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 19:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-03-17 18:35 . 2010-03-17 18:35 -------- d-----w- c:\program files\TrendMicro
2010-03-17 13:01 . 2010-03-17 12:15 -------- d--h--r- c:\documents and settings\Default User.WINDOWS\Data aplikací
2010-03-17 13:00 . 2010-03-17 12:16 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2010-03-17 13:00 . 2010-03-17 12:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2010-03-17 12:19 . 2008-04-13 23:17 25856 ----a-w- c:\windows.1\system32\drivers\usbprint.sys
2010-03-17 12:16 . 2010-03-17 12:16 -------- d-----w- c:\program files\QIP 2005 psYNovA-Edition
2010-03-17 12:16 . 2010-03-17 12:16 -------- d-----w- c:\program files\SpeedFan
2010-03-17 12:15 . 2010-03-17 12:15 -------- d-----w- c:\program files\DVD Decrypter
2010-03-17 12:15 . 2010-03-17 12:15 -------- d-----w- c:\program files\DVD Shrink
2010-03-17 12:13 . 2010-03-17 12:13 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2010-03-17 11:51 . 2010-03-17 11:51 51807 ----a-w- c:\documents and settings\Marek Zavadil.MAREKZAVADIL.000\wuaucldt.exe
2010-03-16 22:57 . 2010-03-17 10:45 -------- d-----w- c:\program files\BS_Player
2010-03-16 21:42 . 2010-03-16 21:42 -------- d-----w- C:\SXS
2010-03-16 20:56 . 2010-03-16 20:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS.2\Documents
2010-03-16 20:56 . 2010-03-16 20:56 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-03-16 20:55 . 2010-03-16 20:55 -------- d-----w- c:\program files\Sony Ericsson
2010-03-16 20:16 . 2010-03-16 20:16 -------- d-----w- c:\program files\Valve
2010-03-16 19:44 . 2010-03-16 20:00 -------- d-----w- c:\program files\Canon
2010-03-16 19:24 . 2010-03-16 19:32 -------- d-----w- c:\program files\HP
2010-03-16 19:12 . 2010-03-16 19:12 -------- d-----w- c:\program files\Common Files\Labtec
2010-03-16 18:50 . 2010-03-16 18:50 -------- d-----w- c:\program files\Nero
2010-03-16 18:32 . 2010-03-16 17:47 -------- d--h--r- c:\documents and settings\Default User.WINDOWS.2\Data aplikací
2010-03-16 18:32 . 2010-03-17 11:19 -------- d--h--r- c:\documents and settings\All Users.WINDOWS.2\Data aplikací
2010-03-16 18:32 . 2010-03-16 20:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS.2
2010-03-16 18:32 . 2010-03-16 17:48 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.2
2010-03-16 18:30 . 2010-03-16 18:30 -------- d-----w- c:\program files\EA SPORTS
2010-03-16 18:27 . 2010-03-17 11:45 -------- d-----w- C:\WINDOWS.2
2010-03-16 18:12 . 2010-03-16 18:12 -------- d-----w- c:\documents and settings\Marek Zavadil.MAREKZAVADIL.000\WINDOWS
2010-03-16 18:06 . 2010-03-16 18:06 -------- d-----w- c:\documents and settings\MAREKZ~1~000\LOCALS~1
2010-03-16 18:06 . 2010-03-16 18:06 -------- d-----w- c:\documents and settings\MAREKZ~1~000
2010-03-16 18:05 . 2010-03-16 18:05 -------- d-----w- C:\FIND_MOZ_EXT
2010-03-16 18:00 . 2010-03-16 18:00 -------- d-----w- c:\program files\Google
2010-03-16 17:50 . 2010-03-17 10:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Data aplikací
2010-03-16 17:50 . 2010-03-16 17:50 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.000
2010-03-16 17:50 . 2010-03-16 17:50 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.000\Data aplikací
2010-03-16 17:50 . 2010-03-16 17:50 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY.000
2010-03-16 17:45 . 2010-03-16 18:16 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.2\DRM

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 21:20 . 2010-02-12 17:58 -------- d-----w- c:\program files\QIP 2005
2010-03-17 20:21 . 2010-02-13 00:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-17 20:20 . 2010-03-16 11:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-17 12:16 . 2010-02-12 16:00 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-17 12:15 . 2010-02-12 15:59 -------- d-----w- c:\program files\GPU-Z
2010-03-17 12:15 . 2010-02-12 15:59 -------- d-----w- c:\program files\CPU-Z 1.45
2010-03-17 12:15 . 2010-02-12 15:59 -------- d-----w- c:\program files\VirtualDub
2010-03-17 12:15 . 2010-02-12 15:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-17 12:10 . 2010-02-12 15:55 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-17 10:34 . 2010-02-12 18:00 -------- d-----w- c:\program files\Warcraft 3
2010-03-17 10:23 . 2010-02-13 00:32 -------- d-----w- c:\program files\Garena
2010-03-17 10:19 . 2010-02-13 00:14 -------- d-----w- c:\program files\Skype
2010-03-16 21:34 . 2010-02-12 16:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-16 19:19 . 2010-02-12 16:14 -------- d-----w- c:\program files\Asus
2010-03-16 18:52 . 2010-02-13 11:59 -------- d-----w- c:\program files\Common Files\Nero
2010-03-16 18:20 . 2010-02-13 00:17 -------- d-----w- c:\program files\Winamp
2010-03-16 18:19 . 2010-02-12 18:00 -------- d-----w- c:\program files\vypinac
2010-03-16 17:59 . 2010-02-13 00:03 -------- d-----w- c:\program files\Ventrilo
2010-03-16 13:18 . 2010-03-16 13:18 717296 ----a-w- c:\windows.1\system32\drivers\sptd.sys
2010-03-16 13:11 . 2001-10-25 12:00 46196 ----a-w- c:\windows.1\system32\perfc005.dat
2010-03-16 13:11 . 2001-10-25 12:00 309990 ----a-w- c:\windows.1\system32\perfh005.dat
2010-03-16 12:54 . 2010-03-16 12:54 -------- d-----w- c:\program files\CCleaner
2010-03-16 12:52 . 2010-03-16 12:52 8738 ----a-w- c:\windows.1\pchealth\helpctr\Config\Cntstore.bin
2010-03-16 12:52 . 2010-03-16 12:52 2136 ----a-w- c:\windows.1\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-16 12:52 . 2010-03-16 12:52 86339 ----a-w- c:\windows.1\pchealth\helpctr\OfflineCache\index.dat
2010-03-15 12:13 . 2010-03-15 12:13 -------- d-----w- c:\program files\Doblon
2010-03-08 15:15 . 2010-03-08 15:15 -------- d-----w- c:\program files\Common Files\Autodesk
2010-03-08 15:02 . 2010-03-08 12:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-08 12:27 . 2010-03-08 12:25 -------- d-----w- c:\program files\AOEMView 2009
2010-03-08 12:24 . 2010-03-08 12:24 -------- d-----w- c:\program files\Microsoft WSE
2010-03-08 12:24 . 2010-03-08 12:21 -------- d-----w- c:\program files\DWG TrueView 2009
2010-02-28 17:31 . 2010-02-28 17:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-27 17:17 . 2010-02-27 13:17 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-27 13:06 . 2010-02-27 13:06 -------- d-----w- c:\program files\Microsoft Works
2010-02-27 13:06 . 2010-02-27 13:06 -------- d-----w- c:\program files\MSBuild
2010-02-27 13:03 . 2010-02-27 13:03 -------- d-----w- c:\program files\Microsoft.NET
2010-02-27 12:59 . 2010-02-27 12:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-23 18:04 . 2010-02-23 18:04 -------- d-----w- c:\program files\Common Files\Java
2010-02-23 18:02 . 2010-02-23 18:02 -------- d-----w- c:\program files\Java
2010-02-13 16:28 . 2010-02-13 16:28 -------- d-----w- c:\program files\Common Files\Canon
2010-02-13 13:07 . 2010-02-13 13:07 -------- d-----w- c:\program files\Common Files\HP
2010-02-13 13:05 . 2010-02-13 13:05 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-13 13:05 . 2010-02-13 13:05 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-13 12:40 . 2010-02-13 12:40 -------- d-----w- c:\program files\Ahead
2010-02-13 12:40 . 2010-02-13 12:40 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-13 12:38 . 2010-02-13 12:38 -------- d-----w- c:\program files\Yahoo!
2010-02-13 00:20 . 2010-02-13 00:20 -------- d-----w- c:\program files\Winamp Remote
2010-02-13 00:16 . 2010-02-13 00:16 -------- d-----w- c:\program files\VideoLAN
2010-02-13 00:15 . 2010-02-13 00:13 -------- d-----w- c:\program files\QuickTime
2010-02-13 00:15 . 2010-02-13 00:15 -------- d-----w- c:\program files\SopCast
2010-02-13 00:13 . 2010-02-13 00:13 -------- d-----w- c:\program files\Apple Software Update
2010-02-13 00:12 . 2010-02-13 00:12 -------- d-----w- c:\program files\Webteh
2010-02-12 23:52 . 2010-02-12 23:51 -------- d-----w- c:\program files\Logitech
2010-02-12 23:51 . 2010-02-12 23:51 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-12 23:51 . 2010-02-12 16:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 16:42 . 2010-02-12 16:42 -------- d-----w- c:\program files\USBTurboSpeed
2010-02-12 16:14 . 2010-02-12 16:11 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- c:\program files\Marvell
2010-02-12 16:11 . 2010-02-12 16:11 -------- d-----w- c:\program files\Analog Devices
2010-02-12 16:08 . 2010-02-12 16:08 -------- d-----w- c:\program files\Intel
2010-02-12 15:59 . 2010-02-12 15:59 -------- d-----w- c:\program files\7-Zip
.

------- Sigcheck -------

[-] 2008-06-23 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows.1\system32\drivers\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows.1\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows.1\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3gdr\tcpip.sys

[-] 2008-06-22 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-22 123904]

c:\documents and settings\All Users.WINDOWS.1\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 sptd;sptd;c:\windows.1\system32\drivers\sptd.sys [16.3.2010 14:18 717296]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Marek Zavadil.MAREKZAVADIL\Data aplikací\Mozilla\Firefox\Profiles\nl0xdfdy.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\documents and settings\Marek Zavadil.MAREKZAVADIL\Data aplikací\Mozilla\Firefox\Profiles\nl0xdfdy.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 22:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spri.sys hal.dll >>UNKNOWN [0x82392938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857af28
\Driver\ACPI -> ACPI.sys @ 0xf83d5cb8
\Driver\atapi -> atapi.sys @ 0xf836ab40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf8273bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8280a21
SendHandler -> NDIS.sys @ 0xf825e87b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1332)
c:\windows.1\system32\ieframe.dll
c:\windows.1\system32\wpdshserviceobj.dll
c:\windows.1\system32\portabledevicetypes.dll
c:\windows.1\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows.1\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-17 23:02:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-17 22:02
ComboFix2.txt 2010-03-17 21:15

Před spuštěním: Volných bajtů: 90 092 597 248
Po spuštění: Volných bajtů: 90 024 943 616

- - End Of File - - 5766AEBBA9C53E08BBAC1832E156FC3B

Damned · Příspěvekod **Damned** » 17 bře 2010 23:16

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Stáhni si :Dr. Web CureIt nebo z http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html dej update , po aktualizaci dej start.

Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat. Dej mi sem pak výsledek (snap).
*****************************************************************************************************************************************
Potom:
Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci.
Akceptuj licenci.
Po instalaci ActiveX, klikni na Full System Scan. Když je stahování skončeno, automaticky začne sken.
Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken, klikni na tlačítko Automatic clearing (recommended).
Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

slama · Příspěvekod **slama** » 17 bře 2010 23:51

Vaše zpráva obsahuje 265232 znaků. Maximální povolený počet znaků je 60000.
tak sem soubor hodil na leteckou
http://leteckaposta.cz/906327442

Damned · Příspěvekod **Damned** » 18 bře 2010 00:01

Ještě ten F-Secure. Pokud by byl log také dlouhý, zabal ho do raru a přilož do odpovědi jako přílohu.

slama · Příspěvekod **slama** » 18 bře 2010 01:19

tady tahle stranka se mi zobrazila po testu
file:///C:/DOCUME~1/MAREKZ~1.MAR/LOCALS~1/Temp/fsonlinescanner_report.html

Damned · Příspěvekod **Damned** » 18 bře 2010 01:38

Měl si ji zkopírovat a překlopit sem, takhle nevyčtu, zda jsi to měk OK, nebo co nesmazal.

svchost CPU 100% Vyřešeno

svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Re: svchost CPU 100%

Kdo je online