CPU pořád na 100%

bledulka · Příspěvekod **bledulka** » 04 črc 2010 10:30

Nevadí, já tu budu stejně až večer

Reklama

filipsi · Příspěvekod **filipsi** » 04 črc 2010 11:02

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4271

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4.7.2010 11:03:26
mbam-log-2010-07-04 (11-03-26).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 577489
Uplynulý čas: 1 hodina(y), 44 minuta(y), 31 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Documents and Settings\Filip\Plocha\Braid\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Program Files\Electronic Arts\Command & Conquer 4 Tiberian Twilight\CNC4.exe (Hacktool.Gen) -> Quarantined and deleted successfully

Příspěvekod **jaro3** » 04 črc 2010 14:14

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

filipsi · Příspěvekod **filipsi** » 04 črc 2010 16:42

Žádný problém nebyl, tady to je :

ComboFix 10-07-03.06 - Filip 04.07.2010 16:27:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.629 [GMT 2:00]
Spuštěný z: c:\documents and settings\Filip\Plocha\Download\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Filip\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Filip\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Filip\Dokumenty\cc_20100703_141350.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-04 do 2010-07-04 )))))))))))))))))))))))))))))))
.

2010-07-04 09:58 . 2010-07-04 09:58 -------- d-----w- c:\program files\AVIConverter
2010-07-04 09:14 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-03 15:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 15:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 15:40 . 2010-07-03 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 12:49 . 2010-07-03 12:50 -------- d-----w- c:\program files\ImgBurn
2010-07-03 12:36 . 2010-07-03 12:21 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2010-07-03 12:36 . 2010-07-03 12:36 -------- d-----w- c:\program files\Common Files\Authentium
2010-07-03 12:16 . 2010-07-03 12:16 -------- d-----w- C:\rsit
2010-07-03 11:59 . 2010-07-03 11:59 -------- d-----w- c:\program files\CCleaner
2010-07-03 10:43 . 2010-07-03 12:16 -------- d-----w- c:\program files\Trend Micro
2010-06-30 15:56 . 2010-06-30 15:56 -------- d-----w- c:\program files\ImTOO
2010-06-30 15:53 . 2010-06-30 15:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-30 15:53 . 2010-06-30 15:53 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-30 15:53 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-06-30 14:56 . 2010-06-30 15:28 -------- d-----w- C:\OutputFolder
2010-06-30 14:56 . 2010-06-30 14:56 -------- d-----w- c:\program files\Digiarty
2010-06-26 13:47 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-06-26 13:39 . 2010-06-26 13:39 -------- d-----w- c:\program files\Mplayer
2010-06-26 13:35 . 2010-06-26 14:59 -------- d-----w- c:\program files\Quake III Arena
2010-06-26 13:34 . 1999-10-09 15:30 305152 ----a-w- c:\windows\IsUninst.exe
2010-06-26 11:51 . 2010-06-26 11:52 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix
2010-06-26 11:51 . 2010-06-28 11:59 -------- d-----w- c:\program files\GtkRadiant-1.4
2010-06-26 11:51 . 2010-06-26 11:51 -------- d-----w- c:\program files\Raven
2010-06-26 10:24 . 2010-06-26 10:24 -------- d-----w- c:\program files\GtkRadiant 1.5.0
2010-06-13 15:34 . 2004-08-17 13:49 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-13 15:34 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-13 15:29 . 2007-09-06 14:56 98304 ----a-w- c:\windows\amcap.exe
2010-06-13 15:29 . 2007-04-21 07:37 270336 ----a-w- c:\windows\tsnpstd3.exe
2010-06-13 15:29 . 2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe
2010-06-13 15:29 . 2008-02-21 15:15 3968 ----a-w- c:\windows\system32\drivers\denoise.sys
2010-06-13 15:29 . 2010-06-13 15:29 -------- d-----w- c:\program files\Common Files\snpstd3
2010-06-13 15:29 . 2008-07-29 08:30 10423936 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2010-06-13 15:29 . 2008-04-09 12:30 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2010-06-13 15:29 . 2007-12-19 08:31 163840 ----a-w- c:\windows\system32\rsnpstd3.dll
2010-06-13 15:29 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2010-06-13 15:29 . 2005-11-23 11:55 53248 ----a-w- c:\windows\csnpstd3.dll
2010-06-13 13:59 . 2010-06-13 13:59 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-13 13:59 . 2010-06-13 13:59 -------- d-----w- c:\program files\Logitech
2010-06-10 19:37 . 2010-06-11 14:51 -------- d-----w- c:\program files\Flip-Flap
2010-06-06 14:27 . 2010-06-06 14:27 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-06-06 14:18 . 2010-06-18 13:55 -------- d-----w- c:\program files\Counter-Strike Source
2010-06-05 17:58 . 2010-06-08 04:28 -------- d-----w- C:\Downloads
2010-06-05 17:58 . 2010-06-05 17:58 -------- d-----w- c:\program files\Orbitdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 08:22 . 2010-03-06 15:32 -------- d-----w- c:\program files\Wallpaper Cycle
2010-06-28 20:57 . 2010-04-19 08:53 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-19 08:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-19 08:53 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-19 08:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-19 08:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-19 08:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-19 08:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-19 08:53 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 14:59 . 2010-03-06 13:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 17:22 . 2010-03-06 18:23 -------- d-----w- c:\program files\ICQ7.0
2010-06-23 04:14 . 2010-03-08 17:05 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-06-21 14:17 . 2010-05-21 14:27 -------- d-----w- c:\program files\Ubisoft
2010-06-19 12:48 . 2010-04-01 10:31 -------- d-----w- c:\program files\stepmania.com
2010-06-04 14:44 . 2004-08-18 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-06-04 13:25 . 2010-06-04 13:25 -------- d-----w- c:\program files\Sega
2010-06-01 15:40 . 2010-06-01 15:40 -------- d-----w- c:\program files\Common Files\Java
2010-06-01 15:39 . 2010-06-01 15:40 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 15:39 . 2010-06-01 15:39 -------- d-----w- c:\program files\Java
2010-06-01 08:05 . 2010-06-01 08:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-29 11:28 . 2010-05-02 07:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-29 11:28 . 2010-05-29 11:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-29 11:28 . 2010-05-29 11:28 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-28 12:35 . 2010-03-06 13:58 -------- d-----w- c:\program files\ATI Technologies
2010-05-23 14:52 . 2010-05-23 14:47 -------- d-----w- c:\program files\MultiRes(2)
2010-05-23 14:46 . 2010-05-23 14:46 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-05-23 14:44 . 2010-05-23 14:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 08:05 . 2010-05-22 08:01 -------- d-----w- c:\program files\GameGain
2010-05-22 08:00 . 2010-05-22 08:00 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2010-05-22 07:20 . 2010-05-22 07:20 -------- d-----w- c:\program files\Uniblue
2010-05-22 07:10 . 2010-05-22 07:10 -------- d-----w- c:\program files\Engelmann Media
2010-05-21 15:13 . 2010-05-21 15:13 -------- d-----w- c:\program files\AskBarDis
2010-05-21 15:12 . 2010-05-21 15:12 -------- d-----w- c:\program files\Foxit Software
2010-05-18 15:07 . 2010-03-12 16:58 -------- d-----w- c:\program files\Hamachi
2010-05-18 15:06 . 2010-03-12 16:58 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-05-17 18:27 . 2010-05-06 17:39 -------- d-----w- c:\program files\SGU The Game
2010-05-17 03:50 . 2010-04-21 14:32 -------- d-----w- c:\program files\uTorrent
2010-05-16 13:58 . 2010-05-16 13:58 -------- d-----w- c:\program files\Common Files\Real
2010-05-16 13:58 . 2010-05-16 13:58 -------- d-----w- c:\program files\Real
2010-05-16 13:58 . 2010-05-16 13:58 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-16 13:58 . 2010-05-16 13:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-16 13:58 . 2010-05-16 13:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-16 13:16 . 2010-05-16 13:12 -------- d-----w- c:\program files\uPatcher
2010-05-16 12:15 . 2010-05-16 12:15 -------- d-----w- c:\program files\IcoFX 1.6
2010-05-11 19:46 . 2010-05-10 18:13 -------- d-----w- c:\program files\Game_Maker7
2010-05-06 17:22 . 2010-03-22 08:42 -------- d-----w- c:\program files\Free Screen Recorder
2010-05-03 06:30 . 2004-08-18 12:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2010-05-03 06:30 . 2004-08-18 12:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2010-04-30 13:30 . 2010-04-30 13:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ABBYY Screenshot Reader Retail"="c:\program files\ABBYY Screenshot Reader\ScreenShotReader.exe" [2008-12-08 959776]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-16 202256]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Rodina.SERVER.000\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Filip\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Change Wallpaper.lnk - c:\program files\Wallpaper Cycle\Change Wallpaper.exe [2010-3-6 69632]
éspory na nově Pc.xlsx [2010-6-19 11354]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\THQ\\Pandemic Studios\\Full Spectrum Warrior\\Launcher.locked"=
"c:\\Documents and Settings\\Filip\\Plocha\\[PSY] Garrys Mod 11(1.o.o.5)\\hl2.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\Program Files\\Sun Age\\SunAge.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\CAPCOM\\DARK VOID\\nativePC\\Binaries\\ShippingPC-SkyGame.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 4 Tiberian Twilight\\Data\\CNC4.game"=
"c:\\Documents and Settings\\Filip\\Plocha\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Filip\\Plocha\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=
"c:\\Program Files\\GtkRadiant-1.4\\GtkRadiant-1.4.0.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Documents and Settings\\Filip\\Plocha\\[PSY] Garrys Mod 11(1.o.o.5)(NEW)\\[PSY] Garrys Mod 11(1.o.o.5)\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.4.2010 10:53 165456]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [27.10.2008 18:03 759072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.4.2010 10:53 17744]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21.4.2010 17:49 20968]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [8.4.2010 16:46 117288]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [8.4.2010 16:46 117288]
R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [8.4.2010 16:46 154152]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.3.2010 16:29 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1770027372-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1770027372-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-07-01 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2010-05-22 07:46]

2010-05-22 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2010-05-22 07:46]
.
.
------- Doplňkový sken -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\u7p011e4.default\
FF - component: c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\u7p011e4.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-AtiExtEvent - (no file)
AddRemove-StarGate GameProject - beta1 - c:\documents and settings\Filip\Plocha\fd\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 16:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-07-04 16:40:40
ComboFix-quarantined-files.txt 2010-07-04 14:40

Před spuštěním: Volných bajtů: 10 768 314 368
Po spuštění: Volných bajtů: 10 977 947 648

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E7CA37B903ED77EAE929503CF894C617

Příspěvekod **jaro3** » 04 črc 2010 19:11

Toto si instaloval sám:
c:\program files\Common Files\Authentium\AntiVirus5 ??

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\d3d9caps.dat
c:\windows\system32\ezsidmv.dat

Folder::
c:\program files\AskBarDis

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-  
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=- 
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=- 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

filipsi · Příspěvekod **filipsi** » 04 črc 2010 20:15

ComboFix 10-07-03.06 - Filip 04.07.2010 19:46:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.475 [GMT 2:00]
Spuštěný z: c:\documents and settings\Filip\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Filip\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\003E9935
c:\program files\AskBarDis\bar\Cache\003E9E17
c:\program files\AskBarDis\bar\Cache\008DA7BB.bin
c:\program files\AskBarDis\bar\Cache\008DAFF9.bin
c:\program files\AskBarDis\bar\Cache\008DB392.bin
c:\program files\AskBarDis\bar\Cache\008FFE1F.bin
c:\program files\AskBarDis\bar\Cache\00EF20FA
c:\program files\AskBarDis\bar\Cache\00EF24F2
c:\program files\AskBarDis\bar\Cache\00EF2D20.bin
c:\program files\AskBarDis\bar\Cache\00EF2ED5.bin
c:\program files\AskBarDis\bar\Cache\00EF3156.bin
c:\program files\AskBarDis\bar\Cache\00EF328E.bin
c:\program files\AskBarDis\bar\Cache\00EF33D7.bin
c:\program files\AskBarDis\bar\Cache\00EF354E.bin
c:\program files\AskBarDis\bar\Cache\00EF3696.bin
c:\program files\AskBarDis\bar\Cache\00EF37CE.bin
c:\program files\AskBarDis\bar\Cache\00EF7BCC.bin
c:\program files\AskBarDis\bar\Cache\00EF7D15.bin
c:\program files\AskBarDis\bar\Cache\0220A717.bin
c:\program files\AskBarDis\bar\Cache\0220B436.bin
c:\program files\AskBarDis\bar\Cache\0220B7A1.bin
c:\program files\AskBarDis\bar\Cache\0220B947.bin
c:\program files\AskBarDis\bar\Cache\0220BB4B.bin
c:\program files\AskBarDis\bar\Cache\0220BCC2.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-04 do 2010-07-04 )))))))))))))))))))))))))))))))
.

2010-07-04 16:02 . 2010-07-04 16:02 -------- d-----w- c:\windows\Sun
2010-07-04 09:58 . 2010-07-04 09:58 -------- d-----w- c:\program files\AVIConverter
2010-07-04 09:14 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-03 15:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 15:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 15:40 . 2010-07-03 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 12:49 . 2010-07-03 12:50 -------- d-----w- c:\program files\ImgBurn
2010-07-03 12:36 . 2010-07-03 12:21 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2010-07-03 12:36 . 2010-07-03 12:36 -------- d-----w- c:\program files\Common Files\Authentium
2010-07-03 12:16 . 2010-07-03 12:16 -------- d-----w- C:\rsit
2010-07-03 11:59 . 2010-07-03 11:59 -------- d-----w- c:\program files\CCleaner
2010-07-03 10:43 . 2010-07-03 12:16 -------- d-----w- c:\program files\Trend Micro
2010-06-30 15:56 . 2010-06-30 15:56 -------- d-----w- c:\program files\ImTOO
2010-06-30 15:53 . 2010-06-30 15:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-30 15:53 . 2010-06-30 15:53 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-30 15:53 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-06-30 14:56 . 2010-06-30 15:28 -------- d-----w- C:\OutputFolder
2010-06-30 14:56 . 2010-06-30 14:56 -------- d-----w- c:\program files\Digiarty
2010-06-26 13:47 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-06-26 13:39 . 2010-06-26 13:39 -------- d-----w- c:\program files\Mplayer
2010-06-26 13:35 . 2010-06-26 14:59 -------- d-----w- c:\program files\Quake III Arena
2010-06-26 13:34 . 1999-10-09 15:30 305152 ----a-w- c:\windows\IsUninst.exe
2010-06-26 11:51 . 2010-06-26 11:52 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix
2010-06-26 11:51 . 2010-06-28 11:59 -------- d-----w- c:\program files\GtkRadiant-1.4
2010-06-26 11:51 . 2010-06-26 11:51 -------- d-----w- c:\program files\Raven
2010-06-26 10:24 . 2010-06-26 10:24 -------- d-----w- c:\program files\GtkRadiant 1.5.0
2010-06-13 15:34 . 2004-08-17 13:49 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-13 15:34 . 2004-08-17 13:49 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-13 15:29 . 2007-09-06 14:56 98304 ----a-w- c:\windows\amcap.exe
2010-06-13 15:29 . 2007-04-21 07:37 270336 ----a-w- c:\windows\tsnpstd3.exe
2010-06-13 15:29 . 2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe
2010-06-13 15:29 . 2008-02-21 15:15 3968 ----a-w- c:\windows\system32\drivers\denoise.sys
2010-06-13 15:29 . 2010-06-13 15:29 -------- d-----w- c:\program files\Common Files\snpstd3
2010-06-13 15:29 . 2008-07-29 08:30 10423936 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2010-06-13 15:29 . 2008-04-09 12:30 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2010-06-13 15:29 . 2007-12-19 08:31 163840 ----a-w- c:\windows\system32\rsnpstd3.dll
2010-06-13 15:29 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2010-06-13 15:29 . 2005-11-23 11:55 53248 ----a-w- c:\windows\csnpstd3.dll
2010-06-13 13:59 . 2010-06-13 13:59 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-13 13:59 . 2010-06-13 13:59 -------- d-----w- c:\program files\Logitech
2010-06-10 19:37 . 2010-06-11 14:51 -------- d-----w- c:\program files\Flip-Flap
2010-06-06 14:27 . 2010-06-06 14:27 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-06-06 14:18 . 2010-06-18 13:55 -------- d-----w- c:\program files\Counter-Strike Source
2010-06-05 17:58 . 2010-06-08 04:28 -------- d-----w- C:\Downloads
2010-06-05 17:58 . 2010-06-05 17:58 -------- d-----w- c:\program files\Orbitdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 08:22 . 2010-03-06 15:32 -------- d-----w- c:\program files\Wallpaper Cycle
2010-06-28 20:57 . 2010-04-19 08:53 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-19 08:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-19 08:53 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-19 08:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-19 08:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-19 08:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-19 08:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-19 08:53 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 14:59 . 2010-03-06 13:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 17:22 . 2010-03-06 18:23 -------- d-----w- c:\program files\ICQ7.0
2010-06-23 04:14 . 2010-03-08 17:05 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-06-21 14:17 . 2010-05-21 14:27 -------- d-----w- c:\program files\Ubisoft
2010-06-19 12:48 . 2010-04-01 10:31 -------- d-----w- c:\program files\stepmania.com
2010-06-04 14:44 . 2004-08-18 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-06-04 13:25 . 2010-06-04 13:25 -------- d-----w- c:\program files\Sega
2010-06-01 15:40 . 2010-06-01 15:40 -------- d-----w- c:\program files\Common Files\Java
2010-06-01 15:39 . 2010-06-01 15:40 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 15:39 . 2010-06-01 15:39 -------- d-----w- c:\program files\Java
2010-06-01 08:05 . 2010-06-01 08:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-29 11:28 . 2010-05-02 07:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-29 11:28 . 2010-05-29 11:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-29 11:28 . 2010-05-29 11:28 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-28 12:35 . 2010-03-06 13:58 -------- d-----w- c:\program files\ATI Technologies
2010-05-23 14:52 . 2010-05-23 14:47 -------- d-----w- c:\program files\MultiRes(2)
2010-05-23 14:46 . 2010-05-23 14:46 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-05-22 08:05 . 2010-05-22 08:01 -------- d-----w- c:\program files\GameGain
2010-05-22 08:00 . 2010-05-22 08:00 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2010-05-22 07:20 . 2010-05-22 07:20 -------- d-----w- c:\program files\Uniblue
2010-05-22 07:10 . 2010-05-22 07:10 -------- d-----w- c:\program files\Engelmann Media
2010-05-21 15:12 . 2010-05-21 15:12 -------- d-----w- c:\program files\Foxit Software
2010-05-18 15:07 . 2010-03-12 16:58 -------- d-----w- c:\program files\Hamachi
2010-05-18 15:06 . 2010-03-12 16:58 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-05-17 18:27 . 2010-05-06 17:39 -------- d-----w- c:\program files\SGU The Game
2010-05-17 03:50 . 2010-04-21 14:32 -------- d-----w- c:\program files\uTorrent
2010-05-16 13:58 . 2010-05-16 13:58 -------- d-----w- c:\program files\Common Files\Real
2010-05-16 13:58 . 2010-05-16 13:58 -------- d-----w- c:\program files\Real
2010-05-16 13:58 . 2010-05-16 13:58 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-16 13:58 . 2010-05-16 13:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-16 13:58 . 2010-05-16 13:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-16 13:16 . 2010-05-16 13:12 -------- d-----w- c:\program files\uPatcher
2010-05-16 12:15 . 2010-05-16 12:15 -------- d-----w- c:\program files\IcoFX 1.6
2010-05-11 19:46 . 2010-05-10 18:13 -------- d-----w- c:\program files\Game_Maker7
2010-05-06 17:22 . 2010-03-22 08:42 -------- d-----w- c:\program files\Free Screen Recorder
2010-05-03 06:30 . 2004-08-18 12:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2010-05-03 06:30 . 2004-08-18 12:00 432278 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ABBYY Screenshot Reader Retail"="c:\program files\ABBYY Screenshot Reader\ScreenShotReader.exe" [2008-12-08 959776]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-16 202256]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Rodina.SERVER.000\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Filip\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Change Wallpaper.lnk - c:\program files\Wallpaper Cycle\Change Wallpaper.exe [2010-3-6 69632]
éspory na nově Pc.xlsx [2010-6-19 11354]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\THQ\\Pandemic Studios\\Full Spectrum Warrior\\Launcher.locked"=
"c:\\Documents and Settings\\Filip\\Plocha\\[PSY] Garrys Mod 11(1.o.o.5)\\hl2.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\Program Files\\Sun Age\\SunAge.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\CAPCOM\\DARK VOID\\nativePC\\Binaries\\ShippingPC-SkyGame.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 4 Tiberian Twilight\\Data\\CNC4.game"=
"c:\\Documents and Settings\\Filip\\Plocha\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Filip\\Plocha\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=
"c:\\Program Files\\GtkRadiant-1.4\\GtkRadiant-1.4.0.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Documents and Settings\\Filip\\Plocha\\[PSY] Garrys Mod 11(1.o.o.5)(NEW)\\[PSY] Garrys Mod 11(1.o.o.5)\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.4.2010 10:53 165456]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [27.10.2008 18:03 759072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.4.2010 10:53 17744]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21.4.2010 17:49 20968]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [8.4.2010 16:46 117288]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [8.4.2010 16:46 117288]
R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [8.4.2010 16:46 154152]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.3.2010 16:29 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1770027372-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1770027372-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-07-01 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2010-05-22 07:46]

2010-05-22 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2010-05-22 07:46]
.
.
------- Doplňkový sken -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\u7p011e4.default\
FF - component: c:\documents and settings\Filip\Data aplikací\Mozilla\Firefox\Profiles\u7p011e4.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 19:56
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-07-04 20:04:56
ComboFix-quarantined-files.txt 2010-07-04 18:04
ComboFix2.txt 2010-07-04 14:40

Před spuštěním: Volných bajtů: 11 000 963 072
Po spuštění: Volných bajtů: 10 984 792 064

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - D255FA818E3172FF0D8A47F4CE313561

filipsi · Příspěvekod **filipsi** » 04 črc 2010 20:18

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:18:23, on 4.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe
C:\Program Files\Wallpaper Cycle\Change Wallpaper.exe
C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ABBYY Screenshot Reader Retail] "C:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe" -autorun
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Change Wallpaper.lnk = C:\Program Files\Wallpaper Cycle\Change Wallpaper.exe
O4 - Startup: Úspory na nový Pc.xlsx
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY (BIT Software) - C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 8200 bytes

filipsi · Příspěvekod **filipsi** » 04 črc 2010 20:26

: cpu.GIF (3.5 KiB) Zobrazeno 714 x

POřád

Příspěvekod **jaro3** » 04 črc 2010 20:53

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.

Stáhni si rkill

a spusť ho . Spustí se sken .Po skenu se program sám ukončí.

Pozn.: NERESTARTUJ PC !

Pak se podívej , jak je to s vytížením CPU.

+
Vypni rez.ochrany a firewall.

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

filipsi · Příspěvekod **filipsi** » 05 črc 2010 07:37

Tak jsem spustil rkill a tady je stav CPU po skenu :

: cpu.GIF (5.52 KiB) Zobrazeno 701 x

a tady je stav po 10 minutách klidu :

: Cpu 2.GIF (4.38 KiB) Zobrazeno 701 x

výsledek z F-Secure Online Scanner sem hodím až za několik hodin.

filipsi · Příspěvekod **filipsi** » 05 črc 2010 12:15

Tady to je :

Hlášení kontroly
Pondělí, Červenec 5, 2010 10:12:06 - 12:13:24

Název počítače: SERVER
Typ kontroly: Kontrolovat systém na přítomnost malwaru, spywaru a programů rootkit
Cíl: C:\
Nalezený malware: 9
Suspicious:W32/Malware!Gemini (spyware)

* Systém (Vyléčeno)

Backdoor.Generic.358364 (spyware)

* Systém (Vyléčeno)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\UPATCHER\UPATCHER.EXE (Nevyčištěno)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\PRIME95\PRIME95.EXE (Nevyčištěno)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\GAMEGAIN\GAMEGAIN.EXE (Nevyčištěno)

Suspicious:W32/Malware!Gemini (virus)

* C:\DOCUMENTS AND SETTINGS\FILIP\PLOCHA\OTISKY CD A PROGRAMY\QUAKE 3 ARENA\ČEŠTINA\QUAKE_3_ARENA-BUILD_01.EXE (Nevyčištěno & Odesláno)

Suspicious:W32/Malware!Gemini (virus)

* C:\DOCUMENTS AND SETTINGS\FILIP\PLOCHA\DOWNLOAD\RSIT.EXE (Nevyčištěno)

Backdoor.Generic.358364 (virus)

* C:\DOCUMENTS AND SETTINGS\FILIP\PLOCHA\DOWNLOAD\T-CLEANER.EXE (Nevyčištěno)

Dialer.Generic.38546 (virus)

* C:\DOCUMENTS AND SETTINGS\FILIP\GM\GARRYS MOD V10.EXE (Přejmenováno & Odesláno)

Statistika
Kontrolováno:

* Soubory: 46302
* Systém: 4776
* Nekontrolováno: 8

Akce:

* Vyléčeno: 2
* Přejmenováno: 1
* Odstraněno: 0
* Nevyčištěno: 6
* Odesláno: 2

Nekontrolované soubory:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\DOCUMENTS AND SETTINGS\FILIP\DATA APLIKACÍ\SKYPE\ETILQS_CIA2FELVK4YNKY771AHQ
* C:\DOCUMENTS AND SETTINGS\FILIP\DATA APLIKACÍ\SKYPE\ETILQS_ZVQDTKFNDMCF2LX1LH1O

Možnosti
Moduly kontroly:

Možnosti kontroly:

* Kontrolovat určené soubory: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Používat pokročilou heuristiku

Copyright © 1998–2009 Podpora produktu | Odeslat vzorek viru společnosti F-Secure
Společnost F-Secure nepřejímá jakoukoli odpovědnost za materiály vytvořené nebo publikované třetími stranami, na které odkazují webové stránky společnosti F-Secure. Pokud odešlete na kterýkoli z našich serverů jakýkoli materiál (například pomocí e-mailu nebo prostřednictvím e-mailu F-Secure CGI), souhlasíte, že všechny vámi zpřístupněné materiály mohou být publikovány na webových stránkách společnosti F-Secure nebo tiskově publikovány, s výjimkou případu, kdy jednoznačně oznámíte svůj nesouhlas. Veřejné webové stránky společnosti F-Secure navštívíte klepnutím na následující odkazy. Současně bude váš přístup zaznamenán do našich osobních statistik přístupu pro název vaší domény. Tato informace nebude předávána třetím stranám. Tímto vyjadřujete svůj souhlas s tím, že ohledně odesílaných materiálů nepodniknete vůči nám jakékoli právní kroky. Odesláním materiálu opravňujete společnost F-Secure k tomu, že může začlenit jakékoli koncepty popsané v těchto materiálech bez dalších závazků, pokud výslovně neuvedete jinak.

Příspěvekod **jaro3** » 05 črc 2010 14:56

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\system32\SET*.tmp 
c:\windows\Tasks\*.job 
C:\*.tmp
C:\PROGRAM FILES\UPATCHER\UPATCHER.EXE
C:\PROGRAM FILES\PRIME95\PRIME95.EXE
C:\PROGRAM FILES\GAMEGAIN\GAMEGAIN.EXE
C:\DOCUMENTS AND SETTINGS\FILIP\PLOCHA\OTISKY CD A PROGRAMY\QUAKE 3 ARENA\ČEŠTINA\QUAKE_3_ARENA-BUILD_01.EXE
C:\DOCUMENTS AND SETTINGS\FILIP\GM\GARRYS MOD V10.EXE

:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

CPU pořád na 100% Vyřešeno

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Re: CPU pořád na 100%

Kdo je online