Prosím o kontrolu logu /dlhý reštart/

[bobak11]

Zdravím vás, chcel by som vás poprosiť o kontrolu logu. PC je spomalený a pri reštarte mu veľmi dlho trvá než sa odhlási a ešte dlhšie než sa prihlási.
Aj aplikácie mu trvajú dlho než sa otvoria. A po štarte berie wuauclt.exe okolo 60MB pamäte neskôr sa vypne. A ešte mám otázku.
Može Opera pri viacerých otvorených stránkach brať až 220MB pamäte? Ďakujem za pomoc.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:34:13, on 29.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

--
End of file - 5052 bytes

[Reklama]

[memphisto]

Ten wauclt.exe je proces aktualizací systému. Prohlížeč mi žere i více a je to závislé na počtu otevřených panelů. Při nějakých 20 panelech jsem měl vytížení 400 MB u Firefoxu

odinstaluj:
Spybot - zbytečnost, máš antivir

v logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

---

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

---

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[bobak11]

V prvom rade ďakujem za odpoveď. Urobil som všetko ako si nakázal. Tu je log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4986

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.10.2010 14:47:43
mbam-log-2010-10-29 (14-47-43).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 144633
Uplynulý čas: 6 min, 46 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[bobak11]

Dobrý večer tu log z CF:

ComboFix 10-10-28.09 - BOBO 29.10.2010 22:23:32.5.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1919.1214 [GMT 2:00]
Running from: c:\documents and settings\BOBO\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-29 12:39 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-29 12:39 . 2010-10-29 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 12:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 12:04 . 2010-10-29 12:04 711168 ----a-w- c:\windows\isRS-000.tmp
2010-10-29 11:28 . 2010-10-29 11:28 -------- d-----w- c:\documents and settings\BOBO\DoctorWeb
2010-10-29 08:15 . 2010-10-29 08:15 2267 ----a-w- c:\documents and settings\All Users\Application Data\xml5B2.tmp
2010-10-29 08:15 . 2010-10-29 08:15 13707 ----a-w- c:\documents and settings\All Users\Application Data\xml5B1.tmp
2010-10-29 08:15 . 2010-10-29 08:15 5898 ----a-w- c:\documents and settings\All Users\Application Data\xml5B0.tmp
2010-10-29 08:15 . 2010-10-29 08:15 -------- d-----w- c:\program files\SiSoftware
2010-10-27 16:17 . 2010-10-27 16:21 -------- d-----w- C:\Aljaška
2010-10-25 20:16 . 2010-10-25 20:16 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-10-25 18:35 . 2010-10-26 05:28 -------- d-----w- c:\program files\Unlocker
2010-10-25 18:21 . 2010-10-25 18:21 -------- d--h--w- c:\windows\PIF
2010-10-25 15:37 . 2010-10-25 15:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft
2010-10-25 14:09 . 2010-10-25 14:09 -------- d-----w- c:\program files\Sunbelt Software
2010-10-25 13:43 . 2010-10-25 13:43 -------- d-----w- c:\program files\Womble Multimedia
2010-10-24 19:49 . 2010-10-24 19:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-10-24 14:40 . 2010-10-24 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-10-24 01:56 . 2010-10-24 01:56 -------- d-----w- c:\documents and settings\BOBO\Application Data\Panda Security
2010-10-24 01:55 . 2010-10-24 01:55 -------- d-----w- c:\documents and settings\BOBO\Application Data\SurfSecret Privacy Suite
2010-10-24 01:54 . 2010-10-24 18:06 -------- d-----w- c:\program files\Panda Security
2010-10-24 01:54 . 2010-10-24 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-10-23 23:38 . 2010-10-29 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-23 23:38 . 2010-10-29 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-23 20:28 . 2010-10-25 21:28 -------- d-----w- C:\Lady Dragon
2010-10-20 23:04 . 2010-10-20 23:05 -------- d-----w- c:\program files\Common Files\COWON
2010-10-20 22:45 . 2010-10-20 23:06 -------- d-----w- c:\documents and settings\BOBO\Application Data\COWON
2010-10-20 22:45 . 2010-10-21 01:00 -------- d-----w- c:\program files\JetAudio
2010-10-20 22:33 . 2010-10-20 22:33 -------- d-----w- c:\documents and settings\BOBO\Application Data\streamripper
2010-10-20 22:32 . 2010-10-21 00:47 -------- d-----w- c:\program files\Streamripper
2010-10-20 22:18 . 2010-10-20 22:22 -------- d-----w- c:\program files\iRadio
2010-10-20 22:05 . 2010-10-20 22:05 -------- d-----w- c:\windows\system32\CLSID
2010-10-20 22:05 . 2010-10-20 22:33 -------- d-----w- c:\program files\RadioTracker
2010-10-20 21:27 . 2010-10-20 21:29 -------- d-----w- c:\documents and settings\BOBO\Local Settings\Application Data\Screamer Radio
2010-10-20 21:21 . 2010-10-20 22:00 -------- d-----w- c:\program files\Evil Player
2010-10-20 20:25 . 2010-10-20 20:34 -------- d-----w- c:\program files\MP3VCR
2010-10-19 23:20 . 2010-10-19 23:28 -------- d-----w- c:\program files\JAG Media Player
2010-10-19 23:14 . 2010-10-20 01:50 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-19 23:14 . 2010-10-19 23:14 -------- d-----w- c:\program files\MSBuild
2010-10-19 23:13 . 2010-10-19 23:13 -------- d-----r- C:\AHCache
2010-10-17 00:44 . 2010-10-17 00:44 -------- d-----w- c:\program files\FDRLab
2010-10-16 22:54 . 2010-10-16 22:54 -------- d-----w- c:\program files\AbleMP3
2010-10-16 22:43 . 2010-10-16 22:43 295424 ----a-w- c:\windows\system32\bwmedia1.dll
2010-10-16 22:43 . 2010-10-16 22:43 150016 ----a-w- c:\windows\system32\bwmedia.dll
2010-10-16 22:43 . 2010-10-16 22:43 -------- d-----w- c:\program files\MP3 Wave Converter
2010-10-15 01:06 . 2010-10-15 01:06 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 21:13 . 2010-10-15 09:50 -------- d-----w- C:\ApolloDVD
2010-10-14 21:10 . 2010-10-23 22:22 -------- d-----w- c:\program files\NO1 DVD Audio Ripper
2010-10-14 20:52 . 2010-10-14 20:53 -------- d-----w- c:\program files\DVD Audio Extractor
2010-10-14 19:50 . 2010-10-14 19:52 -------- d-----w- c:\documents and settings\BOBO\Application Data\RipIt4Me
2010-10-14 17:33 . 2010-10-15 09:47 -------- d-----w- C:\Hackeri-Hackers-1995
2010-10-14 16:31 . 2010-10-14 16:31 -------- d-----w- c:\documents and settings\BOBO\Application Data\DVDFab
2010-10-14 16:28 . 2010-10-24 14:53 -------- d-----w- c:\program files\DVDFab 8
2010-10-14 01:01 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 22:01 . 2010-10-13 22:02 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-10-13 11:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 11:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 11:45 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 17:07 . 2010-10-20 22:04 -------- d-----w- c:\program files\Redsystem
2010-10-12 14:22 . 2010-10-12 14:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-12 06:56 . 2010-10-14 16:18 -------- d-----w- C:\Win XP_cz
2010-10-10 05:14 . 2010-10-28 04:48 -------- d-----w- C:\MyAudio
2010-10-09 11:17 . 2010-10-09 11:17 -------- d-----w- c:\documents and settings\BOBO\Local Settings\Application Data\Downloaded Installations
2010-10-09 10:37 . 2010-10-09 10:37 -------- d-----w- c:\program files\Mirillis
2010-10-09 08:44 . 2001-12-20 20:48 -------- d-----w- c:\program files\I
2010-10-09 06:31 . 2010-10-09 06:31 -------- d-----w- c:\program files\CoreCodec
2010-10-09 04:16 . 2010-10-09 04:16 -------- d-----w- c:\program files\Haali
2010-10-09 04:16 . 2010-10-09 04:16 -------- d-----w- c:\documents and settings\BOBO\Application Data\ImgBurn
2010-10-09 04:06 . 2010-10-09 04:06 -------- d-----w- c:\program files\H.264 Encoder
2010-10-09 03:59 . 2010-10-09 03:59 -------- d-----w- c:\program files\MediaInfo
2010-10-06 12:06 . 2010-10-06 12:06 -------- d-----w- c:\documents and settings\BOBO\Application Data\Syntrillium
2010-10-06 12:04 . 2010-10-06 12:07 -------- d-----w- c:\program files\coolpro2
2010-10-06 07:45 . 2010-10-06 07:53 -------- d-----w- c:\program files\WMV to AVI MPEG DVD WMV Converter
2010-10-05 23:14 . 2010-10-05 23:14 -------- d-----w- c:\documents and settings\BOBO\Application Data\LEAPS
2010-10-05 23:13 . 2010-10-05 23:13 -------- d-----w- c:\documents and settings\BOBO\Application Data\Pegasys Inc
2010-10-05 23:12 . 2010-10-05 23:11 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-10-05 23:12 . 2010-10-05 23:11 33408 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2010-10-05 23:12 . 2010-10-05 23:11 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-10-05 23:11 . 2010-10-05 23:11 151552 ----a-r- c:\documents and settings\BOBO\Application Data\Microsoft\Installer\{4EF35707-7052-4331-B8FD-549DB3922AD7}\NewShortcut5_02EC20FD1D074CA3AB9B9EEED76503F0.exe
2010-10-05 23:11 . 2010-10-05 23:11 151552 ----a-r- c:\documents and settings\BOBO\Application Data\Microsoft\Installer\{4EF35707-7052-4331-B8FD-549DB3922AD7}\NewShortcut1_02EC20FD1D074CA3AB9B9EEED76503F0.exe
2010-10-05 23:11 . 2010-10-05 23:11 -------- d-----w- c:\program files\Pegasys Inc
2010-10-04 05:56 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\gdiplus.dll
2010-10-03 07:39 . 2010-10-03 07:39 -------- d-----w- c:\program files\Jufsoft
2010-10-01 19:37 . 2010-10-01 19:37 -------- d-----w- C:\Sexualni manual zeny
2010-10-01 13:39 . 2010-10-08 17:24 -------- d-----w- c:\program files\RapidShareManager
2010-10-01 12:23 . 2010-10-29 20:19 -------- d-----w- c:\documents and settings\BOBO\Application Data\ICQ
2010-09-30 16:49 . 2010-09-30 16:49 -------- d-----w- c:\program files\TimeAdjuster
2010-09-30 13:18 . 2010-10-23 22:03 -------- d-----w- c:\program files\AoA Audio Extractor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 22:03 . 2010-10-23 22:02 7950349 ----a-w- c:\windows\REGBK01.ZIP
2010-10-14 16:28 . 2010-09-14 09:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-14 16:28 . 2010-09-14 09:22 47360 ----a-w- c:\documents and settings\BOBO\Application Data\pcouffin.sys
2010-09-18 10:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-16 13:08 . 2010-09-16 13:07 7279619 ----a-w- c:\windows\REGBK00.ZIP
2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-02 13:22 . 2010-09-06 15:36 76896 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 06:25 . 2010-09-07 09:52 47616 ----a-w- c:\program files\cache.dll
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-08-23 13:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 13:28 . 2010-08-23 13:28 315392 ----a-w- c:\windows\HideWin.exe
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-09-02 13:22 70264 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-25 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
2007-04-08 16:44 303104 ----a-w- c:\program files\Essentials Codec Pack\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 21:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Revo Uninstaller]
2010-10-19 07:26 3139000 ----a-w- c:\program files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-02-26 07:03 16125440 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-01 09:06 2397424 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"clr_optimization_v4.0.30319_32"=2 (0x2)
"ClipSrv"=3 (0x3)
"xmlprov"=3 (0x3)
"WPFFontCache_v0400"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WinRM"=3 (0x3)
"WebClient"=3 (0x3)
"W32Time"=3 (0x3)
"VSS"=3 (0x3)
"UMWdf"=3 (0x3)
"TrkWks"=3 (0x3)
"SwPrv"=3 (0x3)
"Spooler"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"PolicyAgent"=3 (0x3)
"NtmsSvc"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"LmHosts"=3 (0x3)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"Dot3svc"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
"WSearch"=2 (0x2)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\BOBO\\Application Data\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP3\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6.9.2010 17:36 76896]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [4.5.2010 8:36 129928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30.4.2010 13:47 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [27.5.2010 18:39 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [30.4.2010 13:46 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [30.4.2010 13:46 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12.5.2010 10:58 110920]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10.6.2004 0:14 328320]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [29.10.2010 10:15 93848]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28.2.2006 14:00 14336]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\User_Feed_Synchronization-{DF11BF71-AC8F-4B9D-A266-D43B15436CCC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-25 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\BOBO\Application Data\Mozilla\Firefox\Profiles\0f3wpv1u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\BOBO\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 22:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

- - - - - - - > 'explorer.exe'(1248)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-10-29 22:29:39
ComboFix-quarantined-files.txt 2010-10-29 20:29

Pre-Run: 16 082 681 856 bytes free
Post-Run: 27 adresárov, 16 050 421 760 voľných bajtov

- - End Of File - - 9305FF035167C348640194A5F45A66C4

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\isRS-000.tmp
c:\windows\REGBK01.ZIP
c:\windows\REGBK00.ZIP

DirLook::
c:\documents and settings\All Users\Application Data\vsosdk

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\HideWin.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

tyhle složky znáš?
C:\Win XP_cz
c:\program files\I

[bobak11]

Tu je ten log po scripte:

ComboFix 10-10-28.09 - BOBO 30.10.2010 2:22.6.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1919.1395 [GMT 2:00]
Running from: c:\documents and settings\BOBO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BOBO\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *On-access scanning enabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

FILE ::
"c:\windows\isRS-000.tmp"
"c:\windows\REGBK00.ZIP"
"c:\windows\REGBK01.ZIP"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\isRS-000.tmp
c:\windows\REGBK00.ZIP
c:\windows\REGBK01.ZIP

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-29 23:16 . 2010-10-29 23:35 -------- d-----w- C:\Outsiders_DVD9
2010-10-29 12:39 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-29 12:39 . 2010-10-29 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 12:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 11:28 . 2010-10-29 11:28 -------- d-----w- c:\documents and settings\BOBO\DoctorWeb
2010-10-29 08:15 . 2010-10-29 08:15 2267 ----a-w- c:\documents and settings\All Users\Application Data\xml5B2.tmp
2010-10-29 08:15 . 2010-10-29 08:15 13707 ----a-w- c:\documents and settings\All Users\Application Data\xml5B1.tmp
2010-10-29 08:15 . 2010-10-29 08:15 5898 ----a-w- c:\documents and settings\All Users\Application Data\xml5B0.tmp
2010-10-29 08:15 . 2010-10-29 08:15 -------- d-----w- c:\program files\SiSoftware
2010-10-27 16:17 . 2010-10-27 16:21 -------- d-----w- C:\Aljaška
2010-10-25 20:16 . 2010-10-25 20:16 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-10-25 18:35 . 2010-10-26 05:28 -------- d-----w- c:\program files\Unlocker
2010-10-25 18:21 . 2010-10-25 18:21 -------- d--h--w- c:\windows\PIF
2010-10-25 15:37 . 2010-10-25 15:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft
2010-10-25 14:09 . 2010-10-25 14:09 -------- d-----w- c:\program files\Sunbelt Software
2010-10-25 13:43 . 2010-10-25 13:43 -------- d-----w- c:\program files\Womble Multimedia
2010-10-24 19:49 . 2010-10-24 19:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-10-24 14:40 . 2010-10-24 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-10-24 01:56 . 2010-10-24 01:56 -------- d-----w- c:\documents and settings\BOBO\Application Data\Panda Security
2010-10-24 01:55 . 2010-10-24 01:55 -------- d-----w- c:\documents and settings\BOBO\Application Data\SurfSecret Privacy Suite
2010-10-24 01:54 . 2010-10-24 18:06 -------- d-----w- c:\program files\Panda Security
2010-10-24 01:54 . 2010-10-24 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-10-23 23:38 . 2010-10-29 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-23 23:38 . 2010-10-29 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-23 20:28 . 2010-10-25 21:28 -------- d-----w- C:\Lady Dragon
2010-10-20 23:04 . 2010-10-20 23:05 -------- d-----w- c:\program files\Common Files\COWON
2010-10-20 22:45 . 2010-10-20 23:06 -------- d-----w- c:\documents and settings\BOBO\Application Data\COWON
2010-10-20 22:45 . 2010-10-21 01:00 -------- d-----w- c:\program files\JetAudio
2010-10-20 22:33 . 2010-10-20 22:33 -------- d-----w- c:\documents and settings\BOBO\Application Data\streamripper
2010-10-20 22:32 . 2010-10-21 00:47 -------- d-----w- c:\program files\Streamripper
2010-10-20 22:18 . 2010-10-20 22:22 -------- d-----w- c:\program files\iRadio
2010-10-20 22:05 . 2010-10-20 22:05 -------- d-----w- c:\windows\system32\CLSID
2010-10-20 22:05 . 2010-10-20 22:33 -------- d-----w- c:\program files\RadioTracker
2010-10-20 21:27 . 2010-10-20 21:29 -------- d-----w- c:\documents and settings\BOBO\Local Settings\Application Data\Screamer Radio
2010-10-20 21:21 . 2010-10-20 22:00 -------- d-----w- c:\program files\Evil Player
2010-10-20 20:25 . 2010-10-20 20:34 -------- d-----w- c:\program files\MP3VCR
2010-10-19 23:20 . 2010-10-19 23:28 -------- d-----w- c:\program files\JAG Media Player
2010-10-19 23:14 . 2010-10-20 01:50 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-19 23:14 . 2010-10-19 23:14 -------- d-----w- c:\program files\MSBuild
2010-10-19 23:13 . 2010-10-19 23:13 -------- d-----r- C:\AHCache
2010-10-17 00:44 . 2010-10-17 00:44 -------- d-----w- c:\program files\FDRLab
2010-10-16 22:54 . 2010-10-16 22:54 -------- d-----w- c:\program files\AbleMP3
2010-10-16 22:43 . 2010-10-16 22:43 295424 ----a-w- c:\windows\system32\bwmedia1.dll
2010-10-16 22:43 . 2010-10-16 22:43 150016 ----a-w- c:\windows\system32\bwmedia.dll
2010-10-16 22:43 . 2010-10-16 22:43 -------- d-----w- c:\program files\MP3 Wave Converter
2010-10-15 01:06 . 2010-10-15 01:06 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 21:13 . 2010-10-15 09:50 -------- d-----w- C:\ApolloDVD
2010-10-14 21:10 . 2010-10-23 22:22 -------- d-----w- c:\program files\NO1 DVD Audio Ripper
2010-10-14 20:52 . 2010-10-14 20:53 -------- d-----w- c:\program files\DVD Audio Extractor
2010-10-14 19:50 . 2010-10-14 19:52 -------- d-----w- c:\documents and settings\BOBO\Application Data\RipIt4Me
2010-10-14 17:33 . 2010-10-15 09:47 -------- d-----w- C:\Hackeri-Hackers-1995
2010-10-14 16:31 . 2010-10-14 16:31 -------- d-----w- c:\documents and settings\BOBO\Application Data\DVDFab
2010-10-14 16:28 . 2010-10-24 14:53 -------- d-----w- c:\program files\DVDFab 8
2010-10-14 01:01 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 22:01 . 2010-10-13 22:02 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-10-13 11:47 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 11:47 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 11:45 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 17:07 . 2010-10-20 22:04 -------- d-----w- c:\program files\Redsystem
2010-10-12 14:22 . 2010-10-12 14:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-12 06:56 . 2010-10-30 00:07 -------- d-----w- C:\Win XP_cz
2010-10-10 05:14 . 2010-10-28 04:48 -------- d-----w- C:\MyAudio
2010-10-09 11:17 . 2010-10-09 11:17 -------- d-----w- c:\documents and settings\BOBO\Local Settings\Application Data\Downloaded Installations
2010-10-09 10:37 . 2010-10-09 10:37 -------- d-----w- c:\program files\Mirillis
2010-10-09 08:44 . 2001-12-20 20:48 -------- d-----w- c:\program files\I
2010-10-09 06:31 . 2010-10-09 06:31 -------- d-----w- c:\program files\CoreCodec
2010-10-09 04:16 . 2010-10-09 04:16 -------- d-----w- c:\program files\Haali
2010-10-09 04:16 . 2010-10-09 04:16 -------- d-----w- c:\documents and settings\BOBO\Application Data\ImgBurn
2010-10-09 04:06 . 2010-10-09 04:06 -------- d-----w- c:\program files\H.264 Encoder
2010-10-09 03:59 . 2010-10-09 03:59 -------- d-----w- c:\program files\MediaInfo
2010-10-06 12:06 . 2010-10-06 12:06 -------- d-----w- c:\documents and settings\BOBO\Application Data\Syntrillium
2010-10-06 12:04 . 2010-10-06 12:07 -------- d-----w- c:\program files\coolpro2
2010-10-06 07:45 . 2010-10-06 07:53 -------- d-----w- c:\program files\WMV to AVI MPEG DVD WMV Converter
2010-10-05 23:14 . 2010-10-05 23:14 -------- d-----w- c:\documents and settings\BOBO\Application Data\LEAPS
2010-10-05 23:13 . 2010-10-05 23:13 -------- d-----w- c:\documents and settings\BOBO\Application Data\Pegasys Inc
2010-10-05 23:12 . 2010-10-05 23:11 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-10-05 23:12 . 2010-10-05 23:11 33408 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2010-10-05 23:12 . 2010-10-05 23:11 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-10-05 23:11 . 2010-10-05 23:11 151552 ----a-r- c:\documents and settings\BOBO\Application Data\Microsoft\Installer\{4EF35707-7052-4331-B8FD-549DB3922AD7}\NewShortcut5_02EC20FD1D074CA3AB9B9EEED76503F0.exe
2010-10-05 23:11 . 2010-10-05 23:11 151552 ----a-r- c:\documents and settings\BOBO\Application Data\Microsoft\Installer\{4EF35707-7052-4331-B8FD-549DB3922AD7}\NewShortcut1_02EC20FD1D074CA3AB9B9EEED76503F0.exe
2010-10-05 23:11 . 2010-10-05 23:11 -------- d-----w- c:\program files\Pegasys Inc
2010-10-04 05:56 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\gdiplus.dll
2010-10-03 07:39 . 2010-10-03 07:39 -------- d-----w- c:\program files\Jufsoft
2010-10-01 19:37 . 2010-10-01 19:37 -------- d-----w- C:\Sexualni manual zeny
2010-10-01 13:39 . 2010-10-08 17:24 -------- d-----w- c:\program files\RapidShareManager
2010-10-01 12:23 . 2010-10-29 20:19 -------- d-----w- c:\documents and settings\BOBO\Application Data\ICQ
2010-09-30 16:49 . 2010-09-30 16:49 -------- d-----w- c:\program files\TimeAdjuster
2010-09-30 13:18 . 2010-10-23 22:03 -------- d-----w- c:\program files\AoA Audio Extractor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 16:28 . 2010-09-14 09:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-14 16:28 . 2010-09-14 09:22 47360 ----a-w- c:\documents and settings\BOBO\Application Data\pcouffin.sys
2010-09-18 10:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-02 13:22 . 2010-09-06 15:36 76896 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 06:25 . 2010-09-07 09:52 47616 ----a-w- c:\program files\cache.dll
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-08-23 13:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 13:28 . 2010-08-23 13:28 315392 ----a-w- c:\windows\HideWin.exe
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\vsosdk ----

2010-10-24 14:40 . 2010-10-24 14:40 47 ----a-w- c:\documents and settings\All Users\Application Data\vsosdk\008A5F11983668DF3C24E976CC3CDBC1C5AC3861CF0636B914F987D502711C5F.vsoact


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-09-02 13:22 70264 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 13:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-25 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
2007-04-08 16:44 303104 ----a-w- c:\program files\Essentials Codec Pack\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 21:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Revo Uninstaller]
2010-10-19 07:26 3139000 ----a-w- c:\program files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-02-26 07:03 16125440 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-01 09:06 2397424 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"clr_optimization_v4.0.30319_32"=2 (0x2)
"ClipSrv"=3 (0x3)
"xmlprov"=3 (0x3)
"WPFFontCache_v0400"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WinRM"=3 (0x3)
"WebClient"=3 (0x3)
"W32Time"=3 (0x3)
"VSS"=3 (0x3)
"UMWdf"=3 (0x3)
"TrkWks"=3 (0x3)
"SwPrv"=3 (0x3)
"Spooler"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"PolicyAgent"=3 (0x3)
"NtmsSvc"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"LmHosts"=3 (0x3)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"Dot3svc"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
"WSearch"=2 (0x2)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\BOBO\\Application Data\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP3\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6.9.2010 17:36 76896]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [4.5.2010 8:36 129928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30.4.2010 13:47 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [27.5.2010 18:39 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [30.4.2010 13:46 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [30.4.2010 13:46 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12.5.2010 10:58 110920]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10.6.2004 0:14 328320]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [29.10.2010 10:15 93848]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28.2.2006 14:00 14336]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\User_Feed_Synchronization-{DF11BF71-AC8F-4B9D-A266-D43B15436CCC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-25 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\BOBO\Application Data\Mozilla\Firefox\Profiles\0f3wpv1u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\BOBO\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 02:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
.
Completion time: 2010-10-30 02:28:09
ComboFix-quarantined-files.txt 2010-10-30 00:28
ComboFix2.txt 2010-10-29 20:29

Pre-Run: 7 568 080 896 bytes free
Post-Run: 7 551 991 808 voľných bajtov

- - End Of File - - 36A97CEB26FA9D417BD00387E5E3D2CB



Vrustotal:

http://www.virustotal.com/file-scan/rep ... 1288397490


C:\Win XP_cz toto Windows XP ako ISO

c:\program files\I to je aspi driver. Dík

[memphisto]

Můžeš ještě odinstalovat Spybota. Máš Panda a je zbytečné, aby se bili.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+nový HJT

Jsou nějaké problémy?

[bobak11]

Zdravím všetko som urobil, potom restart. Vypnutei nastalo 33 s po zvuk. signále. A pri starte to trvalo 30 s po bootovacej obrazovke.
Teda ide len o modré obrazovky. Mne sa zdá, že mi tam beží moc programov. Tu je správca hneď po štarte:


A tu log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:01, on 30.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe

--
End of file - 4380 bytes

A ešte sa chcem spýtať aký firewal najmenej zťažuje comp. Myslím aby bral čo najmenej ramky. Skúšal som nejaké ale neviem.
Sunbelt mi blokoval aj niektoré adresy iný zase žral pamäť. Dík

[memphisto]

Logy vypadají ok. Pro zrychlení startu použij Start Up. Firewall používám tenhle. Sice je skoro pořád vypnutý, ale je tam