Neskutečně zasekané a spomalené PC

[WiZARD_]

Dobrý den, už několik týdnu mě trápí můj počítač. Internet je strašně pomalý a celý počítač se seká. Nyní mi ani nejde Combofix (vyskočí upozornění, že dále není bezpečné pokračovat a celé se to zruší). Chci moc poprosit o radu.

Předem díky!

[chodnik74]

Dobrý večer
Momentálně má věšteckou kouli náš Rudy,takže nevím čím to může být Pro začátek mi vložte log z RSIT,návod vás povede: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

[WiZARD_]

Po kliknutí na link: Server nenalezen

[chodnik74]

32bit:
http://images.malwareremoval.com/random/RSIT.exe

64bit:
http://images.malwareremoval.com/random/RSITx64.exe

program vám vyhodí log,ten mi sem vložte

[WiZARD_]

Chápu, ale tyhle odkazy mi nefungují...

[chodnik74]

Zkuste v nouzovém režimu( při startu pc mačkejte F8)

[chodnik74]

Předpokládám,že máte funkční internet,pokud ne,je potřeba natahat programy přes jiné pc,pomocí třeba flash disku..

[WiZARD_]

Tak, v nouzovém režimu se mi to podařilo stáhnout, ale nejde spustit, píše že: není platná aplikace typu Win32

[chodnik74]

Jdou vám spouštět exe programy?


Stáhněte program exeHelper.com

• Spuste program jako správce(pravým klikem myši spustit jako správce )
• Program vytvoří log exehelperlog.txt a ten sem vložte

[WiZARD_]

Jdou, počítač funguje v tomhle ohledu normálně. Jenom je extrémně zasekanej a spomalenej...

[chodnik74]

Zkuste program uvedený výše,poté RSIT a vymyslíme co dále

[WiZARD_]

exeHelper by Raktor
Build 20100414
Run at 20:50:07 on 09/11/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

[chodnik74]

a nyní RSIT zkuste jak jsem psal...

[WiZARD_]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Viti at 2011-09-11 21:03:04
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 265 MB (1%) free of 38 GB
Total RAM: 511 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:03:16, on 11.9.2011
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
H:\Downloads\Mozilla\exeHelper.com
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\system32\cmd.exe
H:\Downloads\Mozilla\RSIT.exe
C:\Program Files\trend micro\Viti.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Viti\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Viti\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows LoL Layer] hzuxsbi.exe
O4 - HKLM\..\Run: [Windows System Update Tools] upds.exe
O4 - HKLM\..\Run: [Windows Updates] bqpldgv.exe
O4 - HKLM\..\Run: [windows updatess] svchots.exe
O4 - HKLM\..\Run: [Microsoft System Service] globalpatch.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] hzuxsbi.exe
O4 - HKLM\..\RunServices: [Windows System Update Tools] upds.exe
O4 - HKLM\..\RunServices: [windows updatess] svchots.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] globalpatch.exe
O4 - HKLM\..\RunOnce: [windows updatess] svchots.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [mxClock] C:\DOCUME~1\Viti\LOCALS~1\Temp\Rar$EX00.375\maydesign mxClock\mxClock.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Windows LoL Layer] hzuxsbi.exe
O4 - HKCU\..\Run: [Windows Updates] bqpldgv.exe
O4 - HKCU\..\Run: [windows updatess] svchots.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows LoL Layer] hzuxsbi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Updates] bqpldgv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [windows updatess] svchots.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ICQ6.5.lnk = C:\Program Files\ICQ6.5\ICQ.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Service Starter: Service (SRVStarter_Service) - Eng. Usama El-Mokadem - C:\WINDOWS\System32\Startsrv.exe
O23 - Service: windows updatess (System Administrattor) - OldMan's Tales - C:\WINDOWS\System32\svchots.exe
O23 - Service: Windows Hosts Controller - Unknown owner - C:\WINDOWS\Fonts\unwise_.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINDOWS\system32\csrsc.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8950 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Viti\Data aplikací\Mozilla\Firefox\Profiles\vt4rufzo.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.0, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, extension@virtusdesigns.com:3.6.6, {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02, smartwebprinting@hp.com:4.5, {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17, nasanightlaunch@example.com:0.6.20101009, {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22, {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.1&q="

"smartwebprinting@hp.com"=H:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Viti\Data aplikací\Mozilla\Firefox\Profiles\vt4rufzo.default\extensions\
extension@virtusdesigns.com
nostmp
videodowloader@videodownloader.net
{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
{36C13C8F-54F1-412e-8177-2E411719162D}
{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
{64e8cc5b-20db-4212-8320-178fc5ae71f7}
{74b288e6-77b6-41c7-8138-bb81f4539689}
{800b5000-a755-47e1-992b-48a1c1357f07}
{a02c0c70-605c-11da-8cd6-0800200c9a66}
{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Documents and Settings\Viti\Data aplikací\Mozilla\Firefox\Profiles\vt4rufzo.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-27.xml
icqplugin-28.xml
icqplugin-29.xml
icqplugin-3.xml
icqplugin-30.xml
icqplugin-31.xml
icqplugin-32.xml
icqplugin-33.xml
icqplugin-34.xml
icqplugin-35.xml
icqplugin-36.xml
icqplugin-37.xml
icqplugin-38.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Viti\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-12 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - Rightdown Software SearchBar - C:\Program Files\Rightdown Software SearchBar\rssb.dll [2007-03-02 339968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-10-22 7700480]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 163840]
"365dní"= []
"365dni"= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"WMC_AutoUpdate"= []
"Internet Connection Wizard Setup Tool"=C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe []
"HP Software Update"=H:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Windows LoL Layer"=C:\WINDOWS\system32\hzuxsbi.exe [2002-09-20 464896]
"Windows System Update Tools"=C:\WINDOWS\system32\upds.exe [2011-06-14 926720]
"Windows Updates"=C:\WINDOWS\system32\bqpldgv.exe [2002-09-20 106496]
"windows updatess"=C:\WINDOWS\system32\svchots.exe [2011-08-25 150528]
"Microsoft System Service"=C:\WINDOWS\system32\globalpatch.exe [2011-08-11 223232]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"windows updatess"=C:\WINDOWS\system32\svchots.exe [2011-08-25 150528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2002-08-20 1519645]
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe -nosplash -minimized []
"Start WingMan Profiler"= []
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-09-20 20480]
"mxClock"=C:\DOCUME~1\Viti\LOCALS~1\Temp\Rar$EX00.375\maydesign mxClock\mxClock.exe []
"LClock"=C:\Program Files\LClock\lclock.exe []
"ViStart"=C:\Program Files\ViStart\ViStart.exe []
"ViOrb"=C:\Program Files\ViOrb\ViOrb.exe []
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]
"Windows LoL Layer"=C:\WINDOWS\system32\hzuxsbi.exe [2002-09-20 464896]
"Windows Updates"=C:\WINDOWS\system32\bqpldgv.exe [2002-09-20 106496]
"windows updatess"=C:\WINDOWS\system32\svchots.exe [2011-08-25 150528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ICQ6.5.lnk - C:\Program Files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
crypts.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]
cryptnet32.dll []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutorun"=67108863
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\upds.exe"="C:\WINDOWS\System32\upds.exe:*:Enabled:Windows System Update Tools"
"unwise_.exe"="unwise_.exe:*:Enabled:SYSTEM"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\System32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\System32\vp6vfw.dll
"msacm.lhacm"=lhacm.acm
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"msacm.vorbis"=vorbis.acm
"VIDC.WMV3"=wmv9vcm.dll
"midi2"=xgusb.cpl
"midi3"=xgusb.cpl

======List of files/folders created in the last 1 month======

2011-09-11 21:03:05 ----D---- C:\Program Files\trend micro
2011-09-11 21:03:04 ----D---- C:\rsit
2011-09-11 20:26:59 ----SD---- C:\32788R22FWJFW
2011-09-11 20:17:14 ----SHD---- C:\WINDOWS\CSC
2011-09-11 20:17:04 ----A---- C:\WINDOWS\ntbtlog.txt
2011-09-07 00:40:37 ----ASH---- C:\WINDOWS\System32\irdvxc.exe
2011-09-07 00:39:54 ----ASH---- C:\WINDOWS\System32\.exe
2011-09-06 23:53:48 ----A---- C:\WINDOWS\System32\ftpupd.exe
2011-09-04 09:22:12 ----A---- C:\WINDOWS\System32\winlolx.exe
2011-08-28 21:43:33 ----A---- C:\WINDOWS\System32\pws.cmd
2011-08-28 08:57:16 ----A---- C:\Setupz.exe
2011-08-23 08:52:05 ----AH---- C:\Documents and Settings\Viti\Data aplikací\Bh8HEGhGffH2.txJgIfiKafIij1.txt
2011-08-14 09:01:10 ----AH---- C:\WINDOWS\System32\Bh8HEGhGffH2.txJgIfiKafIij1.txt
2011-08-14 09:01:05 ----A---- C:\WINDOWS\System32\svchots.exe

======List of files/folders modified in the last 1 month======

2011-09-11 21:03:05 ----RD---- C:\Program Files
2011-09-11 20:30:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-11 20:20:55 ----D---- C:\WINDOWS\Temp
2011-09-11 20:20:38 ----A---- C:\WINDOWS\System32\drenxr.dll
2011-09-11 20:20:37 ----D---- C:\WINDOWS\System32\config
2011-09-11 20:20:34 ----D---- C:\WINDOWS\Debug
2011-09-11 20:17:14 ----D---- C:\WINDOWS
2011-09-11 19:21:05 ----D---- C:\WINDOWS\System32\CatRoot2
2011-09-11 19:19:44 ----SHD---- C:\WINDOWS\Installer
2011-09-11 19:19:43 ----D---- C:\WINDOWS\System32\drivers
2011-09-11 19:19:41 ----HD---- C:\Config.Msi
2011-09-11 19:19:05 ----HD---- C:\WINDOWS\inf
2011-09-11 19:18:41 ----D---- C:\WINDOWS\Prefetch
2011-09-10 23:48:19 ----D---- C:\Program Files\Mozilla Firefox
2011-09-10 08:04:47 ----D---- C:\WINDOWS\system32
2011-09-09 18:36:08 ----D---- C:\Program Files\Any Audio Converter
2011-09-08 22:50:18 ----RD---- C:\WINDOWS\Web
2011-09-08 22:48:23 ----D---- C:\WINDOWS\System32\oobe
2011-09-08 22:45:09 ----D---- C:\WINDOWS\Help
2011-09-08 22:42:57 ----D---- C:\Program Files\WinRAR
2011-09-08 22:42:45 ----D---- C:\Program Files\TubeSucker
2011-09-08 22:42:44 ----D---- C:\Program Files\TrackMania Sunrise
2011-09-08 22:40:31 ----D---- C:\Program Files\PhotoFiltre
2011-09-08 22:40:25 ----D---- C:\Program Files\NetMeeting
2011-09-03 09:29:59 ----D---- C:\WINDOWS\Minidump
2011-08-28 21:43:29 ----A---- C:\Setup.exe
2011-08-28 15:02:49 ----RSHDC---- C:\WINDOWS\System32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MMRTKRNL;MMRTKRNL; C:\WINDOWS\system32\drivers\mmrtkrnl.sys [2005-01-11 92672]
R0 nvata;nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [2005-08-18 93568]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2002-08-29 55680]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-01-27 717296]
R0 VClone;VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [2004-12-13 22656]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S0 ElbyVCD;ElbyVCD; C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys []
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2001-10-24 13952]
S2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\Aspi32.sys [1997-12-23 23936]
S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
S2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-09-20 57344]
S3 catchme;catchme; \??\C:\DOCUME~1\Viti\LOCALS~1\Temp\catchme.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2007-03-15 17480]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-09-20 57984]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
S3 StarOpen;StarOpen; C:\WINDOWS\System32\drivers\StarOpen.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2002-06-20 13920]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 YMIDUSB;Yamaha Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2009-08-04 18560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2001-10-25 19968]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
S2 MSDisk;Network helper Service; C:\WINDOWS\System32\irdvxc.exe [2011-09-07 1015808]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2001-10-25 19968]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-10-22 168002]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe EXEC /i PEV -rtd C:\* -output:C:\ComboFix\temp2401 []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2001-10-25 19968]
S2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S2 SRVStarter_Service;Service Starter: Service; C:\WINDOWS\System32\Startsrv.exe [2007-03-23 56552]
S2 System Administrattor;windows updatess; C:\WINDOWS\System32\svchots.exe [2011-08-25 150528]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 46080]
S2 Windows Hosts Controller;Windows Hosts Controller; C:\WINDOWS\Fonts\unwise_.exe [2011-06-14 149503]
S2 WinSpoolSvc;Windows Spool Services; C:\WINDOWS\system32\csrsc.exe [2011-06-13 61440]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-08-09 79872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1536092]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2001-10-25 19968]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 77824]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7528529]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 74304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 320064]

-----------------EOF-----------------

[chodnik74]

Ojoj,máme zavirovaný počítač..pracujte stále v nouzovém režimu,dám vám sem úkol,ale na výsledek mrknu až zítra,dneska už jdu spat,takže vám přeji dobrou noc


Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )