PC zamrzá při přehrávání videí např. z YouTube Vyřešeno

[jeczny]

Zamrzá to tedy HLAVNĚ při spuštění videa - chvilku nereaguje, po chvíli černá obrazovka.
Za pomoc předem moc děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:45:38, on 22.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Ovislink\Common\TurboG-UI.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (file missing) (HKCU)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9220 bytes

[Reklama]

[Žbeky]

Odinstaluj Spybot S&D

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (file missing) (HKCU)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[jeczny]

Tady je ten log:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 6643

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.5.2011 23:47:02
mbam-log-2011-05-22 (23-46-59).txt

Typ kontroly: Rychlý test
Testované objekty: 193024
Uplynulý čas: 2 minut, 10 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\zden\local settings\Temp\oprava_kopírky.pps (Trojan.Agent) -> No action taken.

[Žbeky]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[jeczny]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6643

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.5.2011 13:05:00
mbam-log-2011-05-23 (13-05-00).txt

Typ kontroly: Rychlý test
Testované objekty: 193161
Uplynulý čas: 8 minut, 39 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\zden\local settings\Temp\oprava_kopírky.pps (Trojan.Agent) -> Quarantined and deleted successfully.

[jeczny]

SNAD NEVADÍ, ŽE JSEM MĚL VYPNUTÝ ŠTÍTY NA 10 MINUT, TUDÍŽ SE MI NĚKDE KOLEM FÁZE 50 ZAPLY A MUSEL JSEM JE ZA BĚHU PROGRAMU ZNOVU VYPNOUT

ComboFix 11-05-22.01 - admin 23.05.2011 13:15:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1465 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\zden\Data aplikací\Local
c:\program files\Ovislink\AirLive WT-2000PCI\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\win2k\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\win9x\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winme\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winx64\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winxp\_desktop.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-23 do 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-22 21:29 . 2011-05-22 21:29 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2011-05-22 21:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 21:29 . 2011-05-22 21:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-22 21:29 . 2011-05-22 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 21:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 21:18 . 2011-05-22 21:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 08:45 . 2011-05-22 08:45 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-22 08:45 . 2011-05-22 08:45 -------- d-----w- c:\program files\Trend Micro
2011-05-21 03:42 . 2011-05-21 03:42 -------- d-----w- c:\documents and settings\zden\Local Settings\Data aplikací\My Games
2011-05-20 03:49 . 2011-05-20 03:49 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\My Games
2011-05-20 03:42 . 2007-06-20 18:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-05-20 03:42 . 2007-06-20 18:45 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2011-05-20 03:42 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-05-20 03:42 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-05-20 03:42 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-05-20 03:35 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2011-05-20 03:35 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-05-20 03:35 . 2007-03-15 14:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2011-05-20 03:35 . 2007-03-12 14:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2011-05-20 03:35 . 2007-01-24 13:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2011-05-20 03:35 . 2006-12-08 10:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2011-05-20 03:35 . 2007-03-05 10:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2011-05-20 03:35 . 2006-09-28 14:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2011-05-20 03:35 . 2006-07-28 07:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2011-05-20 03:35 . 2006-07-28 07:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2011-05-20 03:34 . 2011-05-20 03:34 -------- d-----w- c:\documents and settings\admin\Data aplikací\InstallShield
2011-05-20 03:22 . 2011-05-20 03:22 -------- d-----w- c:\program files\Firaxis Games
2011-05-11 05:09 . 2011-04-14 16:38 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-11 05:09 . 2011-04-14 16:38 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 05:09 . 2011-04-14 16:38 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 05:09 . 2011-04-14 16:38 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 05:09 . 2011-04-14 16:38 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 05:09 . 2011-04-14 16:38 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 05:09 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 05:09 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-03 17:42 . 2003-09-17 15:36 339968 ----a-w- c:\windows\system32\N124UFW.dll
2011-05-03 17:42 . 2002-09-11 23:07 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2011-05-03 17:42 . 2002-05-24 01:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2011-05-03 17:40 . 2003-03-03 15:01 114688 ----a-w- C:\Deldrv.exe
2011-05-03 17:32 . 2011-05-03 17:32 -------- d-----w- C:\Temp
2011-04-26 09:52 . 2011-04-26 12:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\tmp
2011-04-26 09:52 . 2011-04-26 09:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\hps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-07 05:33 . 2009-01-24 22:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 16:38 . 2011-05-11 05:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2010-12-6 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\TOTAL_CO\\TOTALCMD.EXE"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22063:TCP"= 22063:TCP:BitComet 22063 TCP
"22063:UDP"= 22063:UDP:BitComet 22063 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.1.2009 7:50 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.1.2009 6:32 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.1.2009 6:32 17744]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [27.8.2010 14:59 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.2.2010 14:41 10064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [26.9.2010 16:49 6097]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.4.2010 22:04 136176]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [25.1.2009 7:16 1171456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27.4.2010 22:04 136176]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [26.9.2010 16:49 299923]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 20:04]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 20:04]
.
2011-05-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-05-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-05-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-05-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-05-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-05-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bt67g6w4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1148)
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2011-05-23 13:26:57
ComboFix-quarantined-files.txt 2011-05-23 11:26
.
Před spuštěním: Volných bajtů: 58 547 367 936
Po spuštění: Volných bajtů: 59 025 715 200
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer /TUTag=2HETC0 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /usepmtimer /TUTag=2HETC0-BAK
.
- - End Of File - - 3375C0899C395A5A36D59EAF6EC15F8F

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1004.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1005.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1006.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1005.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1006.job

Driver::
Lbd

Firefox::
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bt67g6w4.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[jeczny]

ComboFix 11-05-22.01 - admin 23.05.2011 15:49:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1573 [GMT 2:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1004.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1005.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1006.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1004.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1005.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1006.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Mafia
c:\windows\Mafia \uninstall.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1004.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1005.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-2139871995-725345543-1006.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1004.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1005.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-2139871995-725345543-1006.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Service_Lbd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-23 do 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-22 21:29 . 2011-05-22 21:29 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2011-05-22 21:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 21:29 . 2011-05-22 21:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-22 21:29 . 2011-05-22 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 21:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 21:18 . 2011-05-22 21:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 08:45 . 2011-05-22 08:45 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-22 08:45 . 2011-05-22 08:45 -------- d-----w- c:\program files\Trend Micro
2011-05-21 03:42 . 2011-05-21 03:42 -------- d-----w- c:\documents and settings\zden\Local Settings\Data aplikací\My Games
2011-05-20 03:49 . 2011-05-20 03:49 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\My Games
2011-05-20 03:42 . 2007-06-20 18:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-05-20 03:42 . 2007-06-20 18:45 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2011-05-20 03:42 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-05-20 03:42 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-05-20 03:42 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-05-20 03:35 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2011-05-20 03:35 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-05-20 03:35 . 2007-03-15 14:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2011-05-20 03:35 . 2007-03-12 14:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2011-05-20 03:35 . 2007-01-24 13:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2011-05-20 03:35 . 2006-12-08 10:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2011-05-20 03:35 . 2007-03-05 10:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2011-05-20 03:35 . 2006-09-28 14:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2011-05-20 03:35 . 2006-07-28 07:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2011-05-20 03:35 . 2006-07-28 07:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2011-05-20 03:34 . 2011-05-20 03:34 -------- d-----w- c:\documents and settings\admin\Data aplikací\InstallShield
2011-05-20 03:22 . 2011-05-20 03:22 -------- d-----w- c:\program files\Firaxis Games
2011-05-11 05:09 . 2011-04-14 16:38 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-11 05:09 . 2011-04-14 16:38 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 05:09 . 2011-04-14 16:38 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 05:09 . 2011-04-14 16:38 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 05:09 . 2011-04-14 16:38 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 05:09 . 2011-04-14 16:38 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 05:09 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 05:09 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-03 17:42 . 2003-09-17 15:36 339968 ----a-w- c:\windows\system32\N124UFW.dll
2011-05-03 17:42 . 2002-09-11 23:07 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2011-05-03 17:42 . 2002-05-24 01:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2011-05-03 17:40 . 2003-03-03 15:01 114688 ----a-w- C:\Deldrv.exe
2011-05-03 17:32 . 2011-05-03 17:32 -------- d-----w- C:\Temp
2011-04-26 09:52 . 2011-04-26 12:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\tmp
2011-04-26 09:52 . 2011-04-26 09:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\hps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-07 05:33 . 2009-01-24 22:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-14 16:38 . 2011-05-11 05:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-23_11.22.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 13:58 . 2011-05-23 13:58 16384 c:\windows\temp\Perflib_Perfdata_428.dat
- 2006-03-02 12:00 . 2011-05-23 11:11 68156 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2011-05-23 11:42 68156 c:\windows\system32\perfc009.dat
- 2006-03-02 12:00 . 2011-05-23 11:11 79062 c:\windows\system32\perfc005.dat
+ 2006-03-02 12:00 . 2011-05-23 11:42 79062 c:\windows\system32\perfc005.dat
+ 2006-03-02 12:00 . 2011-05-23 11:42 435260 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2011-05-23 11:11 435260 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2011-05-23 11:11 432004 c:\windows\system32\perfh005.dat
+ 2006-03-02 12:00 . 2011-05-23 11:42 432004 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2010-12-6 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\TOTAL_CO\\TOTALCMD.EXE"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22063:TCP"= 22063:TCP:BitComet 22063 TCP
"22063:UDP"= 22063:UDP:BitComet 22063 UDP
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [26.9.2010 16:49 6097]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.1.2009 7:50 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.1.2009 6:32 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.1.2009 6:32 17744]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [27.8.2010 14:59 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.2.2010 14:41 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.4.2010 22:04 136176]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [25.1.2009 7:16 1171456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27.4.2010 22:04 136176]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [26.9.2010 16:49 299923]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bt67g6w4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 15:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1168)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Celkový čas: 2011-05-23 16:03:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-23 14:03
ComboFix2.txt 2011-05-23 11:26
.
Před spuštěním: Volných bajtů: 58 354 610 176
Po spuštění: Volných bajtů: 58 220 355 584
.
- - End Of File - - E1FE279EB6DB9830BCE0E4CF3DCF81F5

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[jeczny]

Log níže, bohužel problém stále trvá. Kliknu na video, nejdřív to zamrzne tak, že můžu jenom hejbat myší a asi za 5 - 10 s černo a větráky hučí.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:58:42, on 23.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6860 bytes

[Žbeky]

Virového původu to není a CF neumí zázraky. Zkus ještě přeinstalovat flash, ale tady to už zavři a dej si nové téma do problémů s SW

[jeczny]

OK, díky.