díky, to už šlo :) takže tady mám ty logy:
LOG COMBOFIXU:ComboFix 12-07-30.03 - Manni 31.07.2012 18:36:48.2.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.798 [GMT 3:00]
Spuštěný z: c:\documents and settings\Manni\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Manni\Dokumenty\Downloads\CFScript.txt
AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\documents and settings\Manni\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe"
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\Skype\Updater\Updater.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\Services.reg
c:\windows\system32\aaaammon.dll
c:\windows\system32\win32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_SKYPEUPDATE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-29 16:51 . 2006-03-01 01:53 773120 ----a-w- c:\windows\system32\bubbles.scr
2012-07-29 16:50 . 2006-03-03 11:42 117248 ----a-w- c:\windows\system32\Mystify.scr
2012-07-29 16:50 . 2006-03-01 02:21 117248 ----a-w- c:\windows\system32\ribbons.scr
2012-07-29 16:50 . 2006-03-01 02:21 1263616 ----a-w- c:\windows\system32\aurora.scr
2012-07-29 16:33 . 2012-05-08 15:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-07-29 16:29 . 2010-11-26 15:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-07-29 15:53 . 2012-07-29 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-29 15:53 . 2012-07-03 10:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-29 15:28 . 2012-07-29 16:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2012-07-29 15:27 . 2012-07-30 16:51 -------- d-----w- c:\documents and settings\Manni\Data aplikací\IObit
2012-07-29 15:26 . 2012-07-29 16:31 -------- d-----w- c:\program files\IObit
2012-07-29 14:19 . 2012-07-29 14:19 388096 ----a-r- c:\documents and settings\Manni\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-29 14:19 . 2012-07-29 14:19 -------- d-----w- c:\program files\Trend Micro
2012-07-25 19:54 . 2012-07-25 20:02 -------- d-----w- c:\documents and settings\Manni\Data aplikací\PC Suite
2012-07-25 19:54 . 2012-07-25 20:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2012-07-25 19:53 . 2012-07-25 19:53 -------- d-----w- c:\program files\Common Files\PCSuite
2012-07-25 19:52 . 2012-06-11 08:33 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-07-25 19:52 . 2012-07-25 19:52 -------- d-----w- c:\program files\PC Connectivity Solution
2012-07-25 19:52 . 2012-01-09 14:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-07-25 19:52 . 2012-01-09 14:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-07-25 19:52 . 2012-01-09 14:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-07-25 19:52 . 2012-01-09 14:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-07-25 19:51 . 2012-01-09 14:28 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-07-23 19:12 . 2012-07-23 19:20 -------- d-----w- c:\documents and settings\Manni\Data aplikací\Realore_Whiterra Roads Of Rome 3
2012-07-23 19:11 . 2012-07-23 19:11 -------- d-----w- c:\program files\Roads Of Rome 3
2012-07-12 15:16 . 2012-07-12 15:29 -------- d-----w- c:\documents and settings\Manni\Data aplikací\Realore_Whiterra Roads Of Rome 2
2012-07-12 14:41 . 2012-07-12 14:41 -------- d-----w- c:\windows\system32\1059
2012-07-12 14:40 . 2012-07-12 14:40 49152 ----a-r- c:\documents and settings\Manni\Data aplikací\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\DAMN_NFO_Viewer.exe_DA5E6A2DDEAA4152A43AFDBDE29AA724.exe
2012-07-12 14:40 . 2012-07-12 14:40 49152 ----a-r- c:\documents and settings\Manni\Data aplikací\Microsoft\Installer\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}\ARPPRODUCTICON.exe
2012-07-12 14:40 . 2012-07-12 14:40 -------- d-----w- c:\program files\DAMN NFO Viewer
2012-07-12 14:40 . 2012-07-12 14:40 -------- d-----w- c:\windows\system32\1058
2012-07-12 14:39 . 2012-07-12 14:39 -------- d-----w- c:\windows\system32\1057
2012-07-12 08:05 . 2012-07-12 08:05 -------- d-----w- c:\documents and settings\Manni\Local Settings\Data aplikací\ESET
2012-07-12 08:05 . 2012-07-12 08:05 -------- d-----w- c:\documents and settings\Manni\Data aplikací\ESET
2012-07-12 08:04 . 2012-07-12 08:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-07-12 07:58 . 2012-07-12 07:58 -------- d-----w- c:\program files\ESET
2012-07-12 07:58 . 2012-07-12 07:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-07-12 07:41 . 2012-07-12 07:41 -------- d-----w- c:\documents and settings\Manni\Data aplikací\Malwarebytes
2012-07-12 07:30 . 2012-07-12 07:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-07-12 07:17 . 2012-07-12 07:17 -------- d-----w- c:\program files\Common Files\xing shared
2012-07-07 11:46 . 2008-04-14 05:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-07-07 11:46 . 2008-04-14 05:51 21504 ----a-w- c:\windows\system32\hidserv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 07:07 . 2011-12-03 23:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-12 07:07 . 2011-12-03 23:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-12 06:49 . 2012-05-04 11:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:49 . 2011-12-03 23:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2010-08-09 18:24 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 08:33 . 2012-06-11 08:33 592896 ----a-w- c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
2012-06-11 08:33 . 2012-06-11 08:33 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
2012-06-05 15:49 . 2010-08-09 18:23 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2010-08-09 18:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2010-08-09 18:24 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 12:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 12:19 . 2009-08-06 17:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 12:19 . 2010-08-09 08:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 12:19 . 2010-08-09 08:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 12:19 . 2010-08-09 08:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 12:19 . 2010-08-09 18:23 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 12:19 . 2010-08-09 08:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 12:19 . 2010-08-09 08:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 12:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 12:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 12:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 12:19 . 2010-08-09 08:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 12:19 . 2010-08-09 08:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 12:19 . 2010-11-11 21:19 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 12:18 . 2010-11-11 21:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 12:18 . 2010-11-11 21:19 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2010-08-09 18:23 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2010-08-09 18:24 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2010-08-09 18:23 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2010-08-09 18:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2010-08-09 18:23 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-14 08:06 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_17.54.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-31 15:46 . 2012-07-31 15:46 16384 c:\windows\temp\Perflib_Perfdata_110.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-02-22 2761024]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Manni^Nabídka Start^Programy^Po spuštění^Stardock ObjectDock.lnk]
path=c:\documents and settings\Manni\Nabídka Start\Programy\Po spuštění\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset]
regedit [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager]
2010-01-08 09:47 508280 ----a-w- c:\program files\Acer\Android Manager\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2009-12-11 05:59 59936 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-06-17 03:32 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPatchData]
2010-07-21 01:53 492096 ----a-w- c:\program files\Acer\Updater\iUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncData]
2010-01-08 09:53 407416 ----a-w- c:\program files\Acer\Android Manager\iSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 19:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 10:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-06-17 03:32 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 05:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 08:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-02-05 08:46 1692968 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-07-12 07:08 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
"Updater Service"=2 (0x2)
"QipGuard"=2 (0x2)
"ServiceLayer"=3 (0x3)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Manni\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [29.7.2012 19:29 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.11.2010 4:39 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 8:51 277736]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [29.7.2012 18:26 490840]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.3.2012 15:40 913144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.7.2012 18:53 655944]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 14:08 260640]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 21:25 61552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.7.2012 18:53 22344]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [11.11.2010 22:18 3221120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 13:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 13:26 82384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [29.7.2012 19:31 14416]
S4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 13:44 243232]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-31 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-07-29 14:57]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 20:33]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 20:33]
.
2012-07-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1445258045-784569582-2966927733-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 09:00]
.
2012-07-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1445258045-784569582-2966927733-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 09:00]
.
2012-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1445258045-784569582-2966927733-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 09:00]
.
2012-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1445258045-784569582-2966927733-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 09:00]
.
2012-07-31 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-29 16:08]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.facebook.com/uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:info@biatlon.cz
uSearchAssistant =
hxxp://search.qip.ru/ieIE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-07-31 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1944)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-07-31 18:53:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-31 15:53
ComboFix2.txt 2012-07-29 18:00
.
Před spuštěním: Volných bajtů: 25 258 016 768
Po spuštění: Volných bajtů: 24 078 721 024
.
- - End Of File - - 98C47F1E4D9A4F62BDAAB260D8085DB6
LOG HJT:Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:58:03, on 31.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Manni\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.facebook.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.qip.ru/ieR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:info@biatlon.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6626 bytes
Problém je v tom, že po zapnutí běží poměrně normálně, je spuštěných tedy asi 35 nějakých programů a to je většina SYSTEM... poté začne mít trochu pomalejší reakce, pomaleji se načítá a když je spuštěný internet, tak se tak sekaně načítají stránky a celý je to zbržděný... když napřéklad pak vypnu prohlížeč (Chrome) tak zmáčknu zavřít a zavře se to až za 10 sekund...
