Proces "svchost.exe" vytěžuje PC

marxadus · Příspěvekod **marxadus** » 28 říj 2010 09:17

Mám takový problém s procesem jménem "svchost.exe". Problém je v tom, že při spouštění systému mi strašně zatěžuje PC (bere asi 95 % CPU) a spouštění trvá hrozně dlouho. Za pár chvil se "stáhne", CPU už nezatěžuje vůbec, ale využívá kolem 47 000 kB paměti, což se mi zdá i tak hodně, protože jsem vypnutím tohoto procesu zjistil, že se vypne všechen zvuk a tudíž tento proces zvuk řídí. Proč ale tak zatěžuje systém? Používám Windows XP Proffesional SP3. Přikládám log z HiJackThis. Pomoc by byla velice ceněná.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:24, on 28.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
D:\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mvcr.cz:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8840315531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8841698203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - (no file)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8665 bytes

Reklama

Příspěvekod **jaro3** » 28 říj 2010 09:45

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: ESET Service (ekrn) - Unknown owner - (no file)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mvcr.cz:8080---tu proxy používáš?

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole můzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

marxadus · Příspěvekod **marxadus** » 28 říj 2010 11:49

O té proxy nic nevím, v tomhle se vůbec nevyznám, tak nevím. Jinak tady je obsah toho logu:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4971

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.10.2010 11:44:39
mbam-log-2010-10-28 (11-44-39).txt

Typ skenu: Rychlý sken
Skenované objekty: 146206
Uplynulý čas: 11 minuta(y), 48 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 5
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\admin\Plocha\pdtrain.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\admin\Local Settings\Temp\Test.#xe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\admin\Local Settings\Temp\nsnCB.tmp\nswebgui.dll (Trojan.Dropper) -> No action taken.

Příspěvekod **memphisto** » 28 říj 2010 12:09

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

marxadus · Příspěvekod **marxadus** » 28 říj 2010 13:12

Log MbAMu:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4971

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.10.2010 12:32:51
mbam-log-2010-10-28 (12-32-51).txt

Typ skenu: Rychlý sken
Skenované objekty: 146171
Uplynulý čas: 19 minuta(y), 14 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 5
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\admin\Plocha\pdtrain.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temp\Test.#xe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temp\nsnCB.tmp\nswebgui.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

Log ComboFixu:

ComboFix 10-10-27.05 - admin 28.10.2010 12:56:06.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1536 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\grecorder.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-28 do 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 09:45 . 2010-10-07 14:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9F0AAE3F-B740-4AD1-BEFF-09AC5192F449}\mpengine.dll
2010-10-28 09:31 . 2010-10-28 09:31 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2010-10-28 09:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 09:30 . 2010-10-28 09:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-28 09:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 08:46 . 2010-10-28 09:27 -------- d-----w- c:\documents and settings\admin\DoctorWeb
2010-10-28 07:41 . 2010-10-28 08:04 -------- d-----w- c:\documents and settings\admin\Data aplikací\.minecraft
2010-10-28 07:06 . 2010-10-28 07:06 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 07:26 . 2010-10-26 07:35 -------- d-----w- c:\documents and settings\admin\Data aplikací\DiskSpaceFanPro
2010-10-26 07:07 . 2010-10-26 07:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RegCure
2010-10-25 14:25 . 2010-10-25 14:39 2829 ----a-w- c:\windows\War3Unin.pif
2010-10-25 14:25 . 2010-10-25 14:39 139264 ----a-w- c:\windows\War3Unin.exe
2010-10-25 12:59 . 2010-10-25 13:01 -------- d-sh--w- c:\documents and settings\admin\Local Settings\Data aplikací\.#
2010-10-25 11:56 . 2000-05-22 14:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2010-10-25 11:23 . 2010-10-25 11:23 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\PackageAware
2010-10-24 17:47 . 2002-07-25 14:57 98304 ------w- c:\windows\system32\CMIVCDNav.ax
2010-10-24 17:47 . 2003-01-03 19:41 102400 ------w- c:\windows\system32\CMIEffect.ax
2010-10-24 17:47 . 2002-10-04 10:20 188416 ------w- c:\windows\system32\CMIMPEG2V.ax
2010-10-24 17:47 . 2002-06-28 14:37 61440 ------w- c:\windows\system32\CMICDDAFilter.ax
2010-10-24 17:47 . 2002-02-19 13:27 65536 ------w- c:\windows\system32\CMIEchoFilter.ax
2010-10-24 17:47 . 2000-10-24 15:12 352256 ------w- c:\windows\system32\ActiveSkin.ocx
2010-10-24 17:47 . 2010-10-24 17:47 -------- d-----w- c:\program files\C-Media Audio
2010-10-24 08:22 . 2010-10-24 08:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-21 15:13 . 2010-10-21 15:13 22457344 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\LocalCopy\{D5AD219B-4C73-C814-B9D2-E0CBC569FA6A}-mso.msp
2010-10-20 17:40 . 2010-10-20 17:45 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\AaaaaRecklessDisregard
2010-10-19 18:12 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-19 18:12 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-10-19 18:07 . 2010-10-26 06:38 -------- d-----w- c:\program files\Microsoft Works
2010-10-19 18:01 . 2010-10-19 18:01 -------- d-----w- c:\program files\Microsoft.NET
2010-10-19 17:53 . 2010-10-19 17:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-19 17:49 . 2010-10-19 18:04 -------- d-----w- c:\windows\SHELLNEW
2010-10-19 17:47 . 2010-10-19 17:47 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Microsoft Help
2010-10-19 17:46 . 2010-10-28 06:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2010-10-18 17:34 . 2008-04-13 22:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-10-18 17:34 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-10-18 17:33 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\admin\Data aplikací\Nokia
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\admin\Data aplikací\PC Suite
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-18 17:22 . 2010-10-18 17:22 -------- d-----w- c:\program files\Common Files\PCSuite
2010-10-18 17:22 . 2010-10-18 17:22 -------- d-----w- c:\program files\Common Files\Nokia
2010-10-18 17:21 . 2010-10-18 17:21 -------- d-----w- c:\program files\DIFX
2010-10-18 17:21 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-18 17:21 . 2010-10-18 17:21 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-18 17:21 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-10-18 17:21 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-10-18 17:20 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-10-18 17:20 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-10-18 17:20 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-10-18 17:20 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-10-18 17:20 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-10-18 17:17 . 2010-10-18 17:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2010-10-18 14:04 . 2010-10-18 14:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\YoYoGames
2010-10-15 14:31 . 2010-10-15 14:48 -------- d-----w- C:\vcs5BGEffects
2010-10-15 06:57 . 2010-10-15 07:18 -------- d-----w- c:\program files\Eagle Dynamics
2010-10-13 16:14 . 2010-10-13 16:14 -------- d-----w- c:\documents and settings\admin\Data aplikací\MixMeister Technology
2010-10-13 06:53 . 2010-10-25 05:52 -------- d-----w- c:\program files\ESET
2010-10-13 06:53 . 2010-10-13 06:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-10-12 11:48 . 2010-10-12 13:13 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Panda3D
2010-10-12 10:20 . 2010-10-12 10:20 -------- d-----w- C:\Rbackup
2010-10-12 09:15 . 2009-09-02 08:20 652 ----a-w- c:\windows\FIX.reg
2010-10-12 09:15 . 2008-11-01 11:23 280 ----a-w- c:\windows\reset.reg
2010-10-09 15:50 . 2010-10-24 08:19 -------- d-----w- c:\documents and settings\admin\Data aplikací\Downloaded Installations
2010-10-09 15:01 . 2010-10-09 15:01 -------- d-----w- c:\documents and settings\admin\Data aplikací\Chime
2010-10-09 15:01 . 2010-10-09 15:01 -------- d-----w- c:\program files\Microsoft XNA
2010-10-09 13:19 . 2010-10-09 13:19 -------- d-----w- c:\program files\Microsoft Chart Controls
2010-10-08 10:57 . 2010-10-08 10:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-10-08 10:52 . 2010-10-08 10:53 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Temp
2010-10-08 10:52 . 2010-10-08 10:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-10-07 07:50 . 2010-10-07 07:50 -------- d-----w- c:\program files\OpenAL
2010-10-07 07:50 . 2010-10-07 07:50 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-07 07:50 . 2010-10-07 07:50 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-02 08:21 . 2010-10-12 10:21 -------- d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-03-18 15:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 14:21 . 2010-03-20 08:10 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-22 11:43 . 2010-03-20 12:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:52 . 2008-03-01 13:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-05-07 08:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-03-01 13:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 06:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 05:45 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 06:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-14 06:51 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-02 10:21 . 2010-08-02 10:21 249856 ------w- c:\windows\Setup1.exe
2010-08-02 10:21 . 2010-08-02 10:21 73216 ----a-w- c:\windows\ST6UNST.EXE
.

------- Sigcheck -------

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-07 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-04-10 323392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-09 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-10-10 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"GrooveMonitor"="d:\microsoft office 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\uTorrent\\utorrent.exe"=
"d:\\games\\Audiosurf\\engine\\QuestViewer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\admin\\Data aplikací\\Sony Online Entertainment\\Installed Games\\Clone Wars\\CloneWars.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Steam\\Steam.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"d:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58010:TCP"= 58010:TCP:Pando Media Booster
"58010:UDP"= 58010:UDP:Pando Media Booster
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"26897:TCP"= 26897:TCP:*:Disabled:SolidNetworkManager
"26897:UDP"= 26897:UDP:*:Disabled:SolidNetworkManager
"57688:TCP"= 57688:TCP:Pando Media Booster
"57688:UDP"= 57688:UDP:Pando Media Booster
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [25.8.2010 22:28 27704]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.1.2008 10:19 501560]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 0:06 34384]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S2 ekrn;ESET Service; [x]
S2 gupdate;Služba Google Update (gupdate); [x]
S3 cpuz130;cpuz130; [x]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admin\LOCALS~1\Temp\NQZ1A5.tmp --> c:\docume~1\admin\LOCALS~1\Temp\NQZ1A5.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 XDva281;XDva281; [x]
S3 XDva349;XDva349; [x]
S3 XDva358;XDva358; [x]
S3 XDva359;XDva359; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.3.2010 14:10 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-09-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-XXX-619471ABCC5-admin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-10 08:32]

2010-10-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]

2010-10-27 c:\windows\Tasks\RegCure Program Check.job
- d:\regcure\RegCure.exe [2010-05-19 23:20]

2010-10-26 c:\windows\Tasks\RegCure.job
- d:\regcure\RegCure.exe [2010-05-19 23:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = proxy.mvcr.cz:8080
IE: E&xportovat do aplikace Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\2rdbr9ou.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - component: d:\nokia pc suite\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\Npindeo.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-WudfPf
SafeBoot-WudfRd

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 13:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\admin\LOCALS~1\Temp\NQZ1A5.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1801674531-115176313-515967899-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,29,5b,91,8d,7b,22,56,50,f8,0f,ce,92,15,e6,77,a6,af,4c,78,f3,16,3c,
e4,91,1b,23,5c,d8,d6,58,00,f5,9a,bd,f5,b0,b3,61,34,8b,ca,fa,fd,c2,80,85,11,\
"??"=hex:b1,ea,83,5a,9e,65,87,31,b2,9f,b9,36,13,73,9e,ab

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-10-28 13:05:28
ComboFix-quarantined-files.txt 2010-10-28 11:05

Před spuštěním: 1 012 027 392
Po spuštění: 2 994 483 200

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 32F8E7DDC240B4C474EB8B04D031822B

Příspěvekod **jaro3** » 28 říj 2010 13:49

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Driver::
hasplms
gupdate
cpuz130
GarenaPEngine
GGSAFERDriver
XDva281
XDva349
XDva358
XDva359
npggsvc

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
 [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

c:\windows\system32\DRIVERS\ehdrv.sys ---chybí tento soubor , doporučuji přeinstalovat ESS.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\reset.reg
c:\windows\FIX.reg
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\sfcfiles.dll
c:\windows\system32\CMIVCDNav.ax
c:\windows\system32\CMIEffect.ax
c:\windows\system32\CMIMPEG2V.ax
c:\windows\system32\CMICDDAFilter.ax
c:\windows\system32\CMIEchoFilter.ax

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

marxadus · Příspěvekod **marxadus** » 28 říj 2010 15:37

ESS už nepoužívám, něco se pokazilo a tak jsem ho musel odstranit ručně, asi po něm něco ještě zůstalo. Ještě musím připomenout, že před vkládáním tohoto příspěvku a děláním posledních skenů uvedených v tomto příspěvku jsem odinstaloval můj starý antivirus Microsoft Security Essentials a nainstaloval jsem si free verzi antiviru Avast.

Log ComboFixu:

ComboFix 10-10-27.08 - admin 28.10.2010 14:28:17.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1527 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Legacy_GARENAPENGINE
-------\Legacy_GGSAFERDRIVER
-------\Legacy_GUPDATE
-------\Legacy_HASPLMS
-------\Legacy_XDVA281
-------\Legacy_XDVA349
-------\Legacy_XDVA358
-------\Legacy_XDVA359
-------\Service_cpuz130
-------\Service_GarenaPEngine
-------\Service_GGSAFERDriver
-------\Service_gupdate
-------\Service_hasplms
-------\Service_npggsvc
-------\Service_XDva281
-------\Service_XDva349
-------\Service_XDva358
-------\Service_XDva359

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-28 do 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 12:08 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-28 12:08 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-28 12:08 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-28 12:08 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-28 12:08 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-28 12:08 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-28 12:08 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-28 12:08 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-28 12:08 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-28 12:08 . 2010-10-28 12:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-28 09:31 . 2010-10-28 09:31 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2010-10-28 09:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 09:30 . 2010-10-28 09:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-28 09:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 08:46 . 2010-10-28 09:27 -------- d-----w- c:\documents and settings\admin\DoctorWeb
2010-10-28 07:41 . 2010-10-28 08:04 -------- d-----w- c:\documents and settings\admin\Data aplikací\.minecraft
2010-10-28 07:06 . 2010-10-28 07:06 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 07:26 . 2010-10-26 07:35 -------- d-----w- c:\documents and settings\admin\Data aplikací\DiskSpaceFanPro
2010-10-26 07:07 . 2010-10-26 07:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RegCure
2010-10-25 14:25 . 2010-10-25 14:39 2829 ----a-w- c:\windows\War3Unin.pif
2010-10-25 14:25 . 2010-10-25 14:39 139264 ----a-w- c:\windows\War3Unin.exe
2010-10-25 12:59 . 2010-10-25 13:01 -------- d-sh--w- c:\documents and settings\admin\Local Settings\Data aplikací\.#
2010-10-25 11:56 . 2000-05-22 14:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2010-10-25 11:23 . 2010-10-25 11:23 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\PackageAware
2010-10-24 17:47 . 2002-07-25 14:57 98304 ------w- c:\windows\system32\CMIVCDNav.ax
2010-10-24 17:47 . 2003-01-03 19:41 102400 ------w- c:\windows\system32\CMIEffect.ax
2010-10-24 17:47 . 2002-10-04 10:20 188416 ------w- c:\windows\system32\CMIMPEG2V.ax
2010-10-24 17:47 . 2002-06-28 14:37 61440 ------w- c:\windows\system32\CMICDDAFilter.ax
2010-10-24 17:47 . 2002-02-19 13:27 65536 ------w- c:\windows\system32\CMIEchoFilter.ax
2010-10-24 17:47 . 2000-10-24 15:12 352256 ------w- c:\windows\system32\ActiveSkin.ocx
2010-10-24 17:47 . 2010-10-24 17:47 -------- d-----w- c:\program files\C-Media Audio
2010-10-24 08:22 . 2010-10-24 08:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-20 17:40 . 2010-10-20 17:45 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\AaaaaRecklessDisregard
2010-10-19 18:12 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-19 18:12 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-10-19 18:07 . 2010-10-26 06:38 -------- d-----w- c:\program files\Microsoft Works
2010-10-19 18:01 . 2010-10-19 18:01 -------- d-----w- c:\program files\Microsoft.NET
2010-10-19 17:53 . 2010-10-19 17:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-19 17:49 . 2010-10-19 18:04 -------- d-----w- c:\windows\SHELLNEW
2010-10-19 17:47 . 2010-10-19 17:47 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Microsoft Help
2010-10-19 17:46 . 2010-10-28 06:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2010-10-18 17:34 . 2008-04-13 22:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-10-18 17:34 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-10-18 17:33 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\admin\Data aplikací\Nokia
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\admin\Data aplikací\PC Suite
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-18 17:22 . 2010-10-18 17:22 -------- d-----w- c:\program files\Common Files\PCSuite
2010-10-18 17:22 . 2010-10-18 17:22 -------- d-----w- c:\program files\Common Files\Nokia
2010-10-18 17:21 . 2010-10-18 17:21 -------- d-----w- c:\program files\DIFX
2010-10-18 17:21 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-18 17:21 . 2010-10-18 17:21 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-18 17:21 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-10-18 17:21 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-10-18 17:20 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-10-18 17:20 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-10-18 17:20 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-10-18 17:20 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-10-18 17:20 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-10-18 17:17 . 2010-10-18 17:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2010-10-18 14:04 . 2010-10-18 14:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\YoYoGames
2010-10-15 14:31 . 2010-10-15 14:48 -------- d-----w- C:\vcs5BGEffects
2010-10-15 06:57 . 2010-10-15 07:18 -------- d-----w- c:\program files\Eagle Dynamics
2010-10-13 16:14 . 2010-10-13 16:14 -------- d-----w- c:\documents and settings\admin\Data aplikací\MixMeister Technology
2010-10-13 06:53 . 2010-10-25 05:52 -------- d-----w- c:\program files\ESET
2010-10-13 06:53 . 2010-10-13 06:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-10-12 11:48 . 2010-10-12 13:13 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Panda3D
2010-10-12 10:20 . 2010-10-12 10:20 -------- d-----w- C:\Rbackup
2010-10-12 09:15 . 2009-09-02 08:20 652 ----a-w- c:\windows\FIX.reg
2010-10-12 09:15 . 2008-11-01 11:23 280 ----a-w- c:\windows\reset.reg
2010-10-09 15:50 . 2010-10-24 08:19 -------- d-----w- c:\documents and settings\admin\Data aplikací\Downloaded Installations
2010-10-09 15:01 . 2010-10-09 15:01 -------- d-----w- c:\documents and settings\admin\Data aplikací\Chime
2010-10-09 15:01 . 2010-10-09 15:01 -------- d-----w- c:\program files\Microsoft XNA
2010-10-09 13:19 . 2010-10-09 13:19 -------- d-----w- c:\program files\Microsoft Chart Controls
2010-10-08 10:57 . 2010-10-08 10:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-10-08 10:52 . 2010-10-08 10:53 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Temp
2010-10-08 10:52 . 2010-10-08 10:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-10-07 07:50 . 2010-10-07 07:50 -------- d-----w- c:\program files\OpenAL
2010-10-07 07:50 . 2010-10-07 07:50 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-07 07:50 . 2010-10-07 07:50 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-02 08:21 . 2010-10-12 10:21 -------- d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-03-18 15:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 11:43 . 2010-03-20 12:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:52 . 2008-03-01 13:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-05-07 08:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-03-01 13:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 06:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 05:45 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 06:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-14 06:51 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-02 10:21 . 2010-08-02 10:21 249856 ------w- c:\windows\Setup1.exe
2010-08-02 10:21 . 2010-08-02 10:21 73216 ----a-w- c:\windows\ST6UNST.EXE
.

------- Sigcheck -------

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-07 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-10-28_11.02.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-10-28 12:37 . 2010-10-28 12:37 16384 c:\windows\Temp\Perflib_Perfdata_614.dat
+ 2010-10-28 12:36 . 2010-10-28 12:36 16384 c:\windows\Temp\Perflib_Perfdata_2b8.dat
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2010-10-28 12:08 . 2010-10-28 12:08 219648 c:\windows\Installer\464c49.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-04-10 323392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-09 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-10-10 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"GrooveMonitor"="d:\microsoft office 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast5"="d:\avast!\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\uTorrent\\utorrent.exe"=
"d:\\games\\Audiosurf\\engine\\QuestViewer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\admin\\Data aplikací\\Sony Online Entertainment\\Installed Games\\Clone Wars\\CloneWars.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Steam\\Steam.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"d:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58010:TCP"= 58010:TCP:Pando Media Booster
"58010:UDP"= 58010:UDP:Pando Media Booster
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"26897:TCP"= 26897:TCP:*:Disabled:SolidNetworkManager
"26897:UDP"= 26897:UDP:*:Disabled:SolidNetworkManager
"57688:TCP"= 57688:TCP:Pando Media Booster
"57688:UDP"= 57688:UDP:Pando Media Booster
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.10.2010 14:08 165584]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [25.8.2010 22:28 27704]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.1.2008 10:19 501560]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2010 14:08 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 0:06 34384]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S2 ekrn;ESET Service; [x]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.3.2010 14:10 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-09-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-XXX-619471ABCC5-admin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-10 08:32]

2010-10-27 c:\windows\Tasks\RegCure Program Check.job
- d:\regcure\RegCure.exe [2010-05-19 23:20]

2010-10-26 c:\windows\Tasks\RegCure.job
- d:\regcure\RegCure.exe [2010-05-19 23:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = proxy.mvcr.cz:8080
IE: E&xportovat do aplikace Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\2rdbr9ou.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - component: d:\nokia pc suite\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\Npindeo.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 14:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1801674531-115176313-515967899-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,29,5b,91,8d,7b,22,56,50,f8,0f,ce,92,15,e6,77,a6,af,4c,78,f3,16,3c,
e4,91,1b,23,5c,d8,d6,58,00,f5,9a,bd,f5,b0,b3,61,34,8b,ca,fa,fd,c2,80,85,11,\
"??"=hex:b1,ea,83,5a,9e,65,87,31,b2,9f,b9,36,13,73,9e,ab
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
d:\nokia pc suite\Nokia PC Suite 7\PhoneBrowser.dll
d:\nokia pc suite\Nokia PC Suite 7\NGSCM.DLL
d:\nokia pc suite\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\nokia pc suite\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
d:\avast!\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2010-10-28 14:43:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-28 12:43
ComboFix2.txt 2010-10-28 11:05

Před spuštěním: 3 133 751 296
Po spuštění: 3 035 299 840

- - End Of File - - 3D4E7C0A21237E3CA42A557C29270EBA

Log HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:48:45, on 28.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Avast!\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
D:\Microsoft Office 2007\Office12\GrooveMonitor.exe
D:\Avast!\avastUI.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mvcr.cz:8080
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "D:\Avast!\avastUI.exe" /nogui
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8840315531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8841698203
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Avast!\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Avast!\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Avast!\AvastSvc.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - (no file)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6703 bytes

Výsledky testů daných souborů ve VirusTotal:

c:\windows\reset.reg - http://www.virustotal.com/file-scan/rep ... 1288270421
c:\windows\FIX.reg - http://www.virustotal.com/file-scan/rep ... 1288270803
c:\windows\system32\drivers\tcpip.sys - http://www.virustotal.com/file-scan/rep ... 1288270992
c:\windows\system32\sfcfiles.dll - http://www.virustotal.com/file-scan/rep ... 1288271156
c:\windows\system32\CMIVCDNav.ax - http://www.virustotal.com/file-scan/rep ... 1288271330
c:\windows\system32\CMIEffect.ax - http://www.virustotal.com/file-scan/rep ... 1288272434
c:\windows\system32\CMIMPEG2V.ax - http://www.virustotal.com/file-scan/rep ... 1288272599
c:\windows\system32\CMICDDAFilter.ax - http://www.virustotal.com/file-scan/rep ... 1288272730
c:\windows\system32\CMIEchoFilter.ax - http://www.virustotal.com/file-scan/rep ... 1288272889

Příspěvekod **jaro3** » 28 říj 2010 19:38

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

SecCenter::
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

File::
c:\windows\Tasks\RegCure Program Check.job
d:\regcure\RegCure.exe
c:\windows\Tasks\RegCure.job
d:\regcure\RegCure.exe

Folder::
c:\program files\ESET
c:\documents and settings\All Users\Data aplikací\ESET

Driver::
ehdrv
ekrn

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

TAKHLE ZA BĚHU MĚNIT ANTIVIRY NEDOPORUĆUJI.

uInternet Settings,ProxyServer = proxy.mvcr.cz:8080---používáš tu proxy??

marxadus · Příspěvekod **marxadus** » 28 říj 2010 20:43

Antivirus jsem změnil, protože mi MSE taky zpomaloval PC. Jak zjistím, kterou proxy momentálně používám?

ComboFix log:

ComboFix 10-10-27.A3 - admin 28.10.2010 20:19:38.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1590 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Tasks\RegCure Program Check.job"
"c:\windows\Tasks\RegCure.job"
"d:\regcure\RegCure.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\ESET
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Antispam\asdata.dat
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Antispam\sc1.bin.full.2009.01.12.21.11.19
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Antispam\sc2.bin.full.2005.02.11.04.44.13
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Antispam\sc5.bin.full.2007.01.28.16.09.00
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\epfwdata.bin
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\EpfwTemp.dat
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\EpfwUser.dat
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Charon\CACHE.NDB
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Charon\FND0.NFI
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Logs\epfwlog.dat
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Logs\virlog.dat
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Logs\warnlog.dat
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Updfiles\http_um16.eset.com\update.ver
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Updfiles\lastupd.ver
c:\documents and settings\All Users\Data aplikací\ESET\ESET Smart Security\Updfiles\upd.ver
c:\program files\ESET
c:\program files\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files\ESET\ESET Online Scanner\log.txt
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0352.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0718.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0C73.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0F89.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod1AA4.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2093.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod221B.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3175.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3DE9.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4423.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod56A5.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5E1C.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5E47.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6473.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod65DD.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod68C3.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6D70.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files\ESET\ESET Online Scanner\OnlineScanner.cab
c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files\ESET\ESET Online Scanner\unicows.dll
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure.job
d:\regcure\RegCure.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EHDRV
-------\Legacy_EKRN
-------\Service_ehdrv
-------\Service_ekrn

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-28 do 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 12:08 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-28 12:08 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-28 12:08 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-28 12:08 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-28 12:08 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-28 12:08 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-28 12:08 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-28 12:08 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-28 12:08 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-28 12:08 . 2010-10-28 12:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-28 09:31 . 2010-10-28 09:31 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2010-10-28 09:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 09:30 . 2010-10-28 09:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-28 09:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 08:46 . 2010-10-28 09:27 -------- d-----w- c:\documents and settings\admin\DoctorWeb
2010-10-28 07:41 . 2010-10-28 08:04 -------- d-----w- c:\documents and settings\admin\Data aplikací\.minecraft
2010-10-28 07:06 . 2010-10-28 07:06 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 07:26 . 2010-10-26 07:35 -------- d-----w- c:\documents and settings\admin\Data aplikací\DiskSpaceFanPro
2010-10-26 07:07 . 2010-10-26 07:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RegCure
2010-10-25 14:25 . 2010-10-25 14:39 2829 ----a-w- c:\windows\War3Unin.pif
2010-10-25 14:25 . 2010-10-25 14:39 139264 ----a-w- c:\windows\War3Unin.exe
2010-10-25 12:59 . 2010-10-25 13:01 -------- d-sh--w- c:\documents and settings\admin\Local Settings\Data aplikací\.#
2010-10-25 11:56 . 2000-05-22 14:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2010-10-25 11:23 . 2010-10-25 11:23 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\PackageAware
2010-10-24 17:47 . 2002-07-25 14:57 98304 ------w- c:\windows\system32\CMIVCDNav.ax
2010-10-24 17:47 . 2003-01-03 19:41 102400 ------w- c:\windows\system32\CMIEffect.ax
2010-10-24 17:47 . 2002-10-04 10:20 188416 ------w- c:\windows\system32\CMIMPEG2V.ax
2010-10-24 17:47 . 2002-06-28 14:37 61440 ------w- c:\windows\system32\CMICDDAFilter.ax
2010-10-24 17:47 . 2002-02-19 13:27 65536 ------w- c:\windows\system32\CMIEchoFilter.ax
2010-10-24 17:47 . 2000-10-24 15:12 352256 ------w- c:\windows\system32\ActiveSkin.ocx
2010-10-24 17:47 . 2010-10-24 17:47 -------- d-----w- c:\program files\C-Media Audio
2010-10-24 08:22 . 2010-10-24 08:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-20 17:40 . 2010-10-20 17:45 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\AaaaaRecklessDisregard
2010-10-19 18:12 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-19 18:12 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-10-19 18:07 . 2010-10-26 06:38 -------- d-----w- c:\program files\Microsoft Works
2010-10-19 18:01 . 2010-10-19 18:01 -------- d-----w- c:\program files\Microsoft.NET
2010-10-19 17:53 . 2010-10-19 17:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-19 17:49 . 2010-10-19 18:04 -------- d-----w- c:\windows\SHELLNEW
2010-10-19 17:47 . 2010-10-19 17:47 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Microsoft Help
2010-10-19 17:46 . 2010-10-28 06:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2010-10-18 17:34 . 2008-04-13 22:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-10-18 17:34 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-10-18 17:33 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\admin\Data aplikací\Nokia
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\admin\Data aplikací\PC Suite
2010-10-18 17:30 . 2010-10-18 17:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-18 17:22 . 2010-10-18 17:22 -------- d-----w- c:\program files\Common Files\PCSuite
2010-10-18 17:22 . 2010-10-18 17:22 -------- d-----w- c:\program files\Common Files\Nokia
2010-10-18 17:21 . 2010-10-18 17:21 -------- d-----w- c:\program files\DIFX
2010-10-18 17:21 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-18 17:21 . 2010-10-18 17:21 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-18 17:21 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-10-18 17:21 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-10-18 17:20 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-10-18 17:20 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-10-18 17:20 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-10-18 17:20 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-10-18 17:20 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-10-18 17:17 . 2010-10-18 17:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2010-10-18 14:04 . 2010-10-18 14:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\YoYoGames
2010-10-15 14:31 . 2010-10-15 14:48 -------- d-----w- C:\vcs5BGEffects
2010-10-15 06:57 . 2010-10-15 07:18 -------- d-----w- c:\program files\Eagle Dynamics
2010-10-13 16:14 . 2010-10-13 16:14 -------- d-----w- c:\documents and settings\admin\Data aplikací\MixMeister Technology
2010-10-12 11:48 . 2010-10-12 13:13 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Panda3D
2010-10-12 10:20 . 2010-10-12 10:20 -------- d-----w- C:\Rbackup
2010-10-12 09:15 . 2009-09-02 08:20 652 ----a-w- c:\windows\FIX.reg
2010-10-12 09:15 . 2008-11-01 11:23 280 ----a-w- c:\windows\reset.reg
2010-10-09 15:50 . 2010-10-24 08:19 -------- d-----w- c:\documents and settings\admin\Data aplikací\Downloaded Installations
2010-10-09 15:01 . 2010-10-09 15:01 -------- d-----w- c:\documents and settings\admin\Data aplikací\Chime
2010-10-09 15:01 . 2010-10-09 15:01 -------- d-----w- c:\program files\Microsoft XNA
2010-10-09 13:19 . 2010-10-09 13:19 -------- d-----w- c:\program files\Microsoft Chart Controls
2010-10-08 10:57 . 2010-10-08 10:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-10-08 10:52 . 2010-10-08 10:53 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\Temp
2010-10-08 10:52 . 2010-10-08 10:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2010-10-07 07:50 . 2010-10-07 07:50 -------- d-----w- c:\program files\OpenAL
2010-10-07 07:50 . 2010-10-07 07:50 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-07 07:50 . 2010-10-07 07:50 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-02 08:21 . 2010-10-12 10:21 -------- d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-03-18 15:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 11:43 . 2010-03-20 12:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:52 . 2008-03-01 13:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-05-07 08:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-03-01 13:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 06:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 05:45 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 06:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-14 06:51 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-02 10:21 . 2010-08-02 10:21 249856 ------w- c:\windows\Setup1.exe
2010-08-02 10:21 . 2010-08-02 10:21 73216 ----a-w- c:\windows\ST6UNST.EXE
.

------- Sigcheck -------

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-07 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-04-10 323392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-09 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-10-10 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"GrooveMonitor"="d:\microsoft office 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast5"="d:\avast!\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\uTorrent\\utorrent.exe"=
"d:\\games\\Audiosurf\\engine\\QuestViewer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\admin\\Data aplikací\\Sony Online Entertainment\\Installed Games\\Clone Wars\\CloneWars.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Steam\\Steam.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"d:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58010:TCP"= 58010:TCP:Pando Media Booster
"58010:UDP"= 58010:UDP:Pando Media Booster
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"26897:TCP"= 26897:TCP:*:Disabled:SolidNetworkManager
"26897:UDP"= 26897:UDP:*:Disabled:SolidNetworkManager
"57688:TCP"= 57688:TCP:Pando Media Booster
"57688:UDP"= 57688:UDP:Pando Media Booster
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.10.2010 14:08 165584]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [25.8.2010 22:28 27704]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.1.2008 10:19 501560]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2010 14:08 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 0:06 34384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.3.2010 14:10 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-09-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-XXX-619471ABCC5-admin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-10 08:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = proxy.mvcr.cz:8080
IE: E&xportovat do aplikace Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\2rdbr9ou.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - component: d:\nokia pc suite\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\Npindeo.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 20:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1801674531-115176313-515967899-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,29,5b,91,8d,7b,22,56,50,f8,0f,ce,92,15,e6,77,a6,af,4c,78,f3,16,3c,
e4,91,1b,23,5c,d8,d6,58,00,f5,9a,bd,f5,b0,b3,61,34,8b,ca,fa,fd,c2,80,85,11,\
"??"=hex:b1,ea,83,5a,9e,65,87,31,b2,9f,b9,36,13,73,9e,ab
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
d:\nokia pc suite\Nokia PC Suite 7\PhoneBrowser.dll
d:\nokia pc suite\Nokia PC Suite 7\NGSCM.DLL
d:\nokia pc suite\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\nokia pc suite\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
d:\avast!\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2010-10-28 20:36:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-28 18:36
ComboFix2.txt 2010-10-28 12:43
ComboFix3.txt 2010-10-28 11:05

Před spuštěním: 3 001 303 040
Po spuštění: 2 967 465 984

- - End Of File - - AB3CAB5380178A2129F380D029784CED

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:04, on 28.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\Avast!\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Microsoft Office 2007\Office12\GrooveMonitor.exe
D:\Avast!\avastUI.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mvcr.cz:8080
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "D:\Avast!\avastUI.exe" /nogui
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\admin\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8840315531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8841698203
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Avast!\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Avast!\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Avast!\AvastSvc.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6604 bytes

Příspěvekod **jaro3** » 28 říj 2010 21:14

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

napiš , jak to vypadá s PC.

marxadus · Příspěvekod **marxadus** » 29 říj 2010 08:28

No, tak včera se svchost.exe stáhnul asi na 20 000 kB, dneska při startu PC měl proměnlivě 50 000 - 70 000 kB a vytěžoval procesor mezi 50 a 80 %. Teď využívá asi 35 000 kB paměti. Ještě jednou jsem to pro jistotu projel MbAMem, ale nic jsem nenašel.

Příspěvekod **jaro3** » 29 říj 2010 09:35

Jaké máš při tom vytížení CPU 50-80% spuštěny programy?

Stáhni AVP Tools
na svojí plochu.

Zaškrtni :
Hidden startup objels
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)

A jiné , např. Flash disky , které máš připojeny.

Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.

Proces "svchost.exe" vytěžuje PC Vyřešeno

Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Re: Proces "svchost.exe" vytěžuje PC

Kdo je online