Vytížení CPU na 100%, svchost.exe

Zpráva

Rihi · #16 Příspěvek od **Rihi** » 05 led 2010 15:45

Dobré odpoledne,
dnes dopoledne to bylo dosti hektické, takže log přikládám až nyní. K těm dalším krokům - nebyla jsem si jistá, jestli aplikace doběhla v pořádku, když byl nutný restart natvrdo.

ComboFix jsem stáhla a spustila pod svým účtem (účet mám jako správce a jiný v počítači ani není), protože při pokusu spustit to jako Administrátor bylo vyžadováno heslo, které tam ale nikdy nikdo nedal, takže žádné neexistuje...)
Rezidentní štíty jsem snad povypínala. Po restartu bylo požadováno nainstalování konzole pro zotavení (jak jste psal), ale počítač nebyl schopen připojit se k internetu, takže si konzoli nemohl stáhnout.

Zde log
ComboFix 10-01-04.01 - Dana 05.01.2010 15:21:17.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.681 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dana\Plocha\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\desktop

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-04 22:29 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 22:29 . 2010-01-04 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 22:29 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 22:05 . 2010-01-04 22:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-04 21:14 . 2010-01-04 21:14 -------- d-----w- C:\_OTM
2010-01-04 20:38 . 2010-01-04 22:24 -------- d-----w- c:\program files\trend micro
2010-01-04 20:38 . 2010-01-04 20:39 -------- d-----w- C:\rsit
2009-12-27 20:54 . 2009-12-27 20:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 22:06 . 2006-08-16 16:59 -------- d-----w- c:\program files\Google
2010-01-04 17:08 . 2006-08-07 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-24 06:26 . 2007-09-05 05:43 14134958 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-12-19 19:18 . 2009-12-19 19:19 574464 ----a-w- c:\windows\Internet Logs\xDBD3.tmp
2009-12-19 19:16 . 2009-12-19 19:19 2524672 ----a-w- c:\windows\Internet Logs\xDBD2.tmp
2009-12-03 12:17 . 2008-10-17 19:01 1289 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-30 13:29 . 2009-11-30 13:31 177664 ----a-w- c:\windows\Internet Logs\xDBD1.tmp
2009-11-30 13:21 . 2009-11-30 13:31 2515968 ----a-w- c:\windows\Internet Logs\xDBD0.tmp
2009-11-29 21:40 . 2009-11-29 21:40 -------- d-----w- c:\program files\Common Files\Skype
2009-11-29 21:40 . 2009-03-09 21:26 -------- d-----r- c:\program files\Skype
2009-11-24 11:06 . 2009-11-24 11:08 16896 ----a-w- c:\windows\Internet Logs\xDBCF.tmp
2009-11-24 11:06 . 2009-11-24 11:08 2503168 ----a-w- c:\windows\Internet Logs\xDBCE.tmp
2009-11-24 11:02 . 2009-11-24 11:05 16896 ----a-w- c:\windows\Internet Logs\xDBCD.tmp
2009-11-24 11:02 . 2009-11-24 11:05 2503168 ----a-w- c:\windows\Internet Logs\xDBCB.tmp
2009-11-24 11:00 . 2009-11-24 11:02 17408 ----a-w- c:\windows\Internet Logs\xDBCA.tmp
2009-11-24 11:00 . 2009-11-24 11:02 2503168 ----a-w- c:\windows\Internet Logs\xDBC9.tmp
2009-11-24 10:57 . 2009-11-24 10:59 41984 ----a-w- c:\windows\Internet Logs\xDBC8.tmp
2009-11-24 10:40 . 2009-11-24 10:59 2503168 ----a-w- c:\windows\Internet Logs\xDBC7.tmp
2009-11-23 18:04 . 2009-11-23 18:05 64000 ----a-w- c:\windows\Internet Logs\xDBC6.tmp
2009-11-23 18:00 . 2009-11-23 18:05 2503168 ----a-w- c:\windows\Internet Logs\xDBC5.tmp
2009-11-20 14:42 . 2009-11-20 14:44 23552 ----a-w- c:\windows\Internet Logs\xDBC4.tmp
2009-11-20 14:32 . 2009-11-20 14:44 2503168 ----a-w- c:\windows\Internet Logs\xDBC3.tmp
2009-11-20 14:26 . 2009-11-20 14:28 19456 ----a-w- c:\windows\Internet Logs\xDBC1.tmp
2009-11-20 14:23 . 2009-11-20 14:28 2503168 ----a-w- c:\windows\Internet Logs\xDBBF.tmp
2009-11-20 14:22 . 2009-11-20 14:23 17408 ----a-w- c:\windows\Internet Logs\xDBBE.tmp
2009-11-20 14:21 . 2009-11-20 14:23 2503168 ----a-w- c:\windows\Internet Logs\xDBBD.tmp
2009-11-20 14:19 . 2009-11-20 14:21 19456 ----a-w- c:\windows\Internet Logs\xDBBC.tmp
2009-11-20 14:18 . 2009-11-20 14:21 2503168 ----a-w- c:\windows\Internet Logs\xDBBB.tmp
2009-11-20 14:16 . 2009-11-20 14:17 57344 ----a-w- c:\windows\Internet Logs\xDBBA.tmp
2009-11-20 14:15 . 2009-11-20 14:17 2503168 ----a-w- c:\windows\Internet Logs\xDBB9.tmp
2009-11-20 14:07 . 2009-05-17 21:34 -------- d-----w- c:\program files\Cradle Of Rome
2009-11-19 18:58 . 2009-11-19 19:01 16896 ----a-w- c:\windows\Internet Logs\xDBB8.tmp
2009-11-19 18:48 . 2009-11-19 19:01 2502656 ----a-w- c:\windows\Internet Logs\xDBB7.tmp
2009-11-19 18:46 . 2009-11-19 18:48 35840 ----a-w- c:\windows\Internet Logs\xDBB5.tmp
2009-11-19 18:46 . 2009-11-19 18:48 2502656 ----a-w- c:\windows\Internet Logs\xDBB4.tmp
2009-11-18 19:45 . 2009-11-18 19:47 18432 ----a-w- c:\windows\Internet Logs\xDBB3.tmp
2009-11-18 19:45 . 2009-11-18 19:47 2504704 ----a-w- c:\windows\Internet Logs\xDBB2.tmp
2009-11-18 19:42 . 2009-11-18 19:44 20992 ----a-w- c:\windows\Internet Logs\xDBB0.tmp
2009-11-18 19:40 . 2009-11-18 19:44 2504704 ----a-w- c:\windows\Internet Logs\xDBAF.tmp
2009-11-18 19:37 . 2006-08-07 13:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-18 19:23 . 2009-11-18 19:25 2502656 ----a-w- c:\windows\Internet Logs\xDBAC.tmp
2009-11-18 19:23 . 2009-11-18 19:25 21504 ----a-w- c:\windows\Internet Logs\xDBAE.tmp
2009-11-18 18:46 . 2009-11-18 18:48 17920 ----a-w- c:\windows\Internet Logs\xDBAB.tmp
2009-11-18 18:46 . 2009-11-18 18:48 2502656 ----a-w- c:\windows\Internet Logs\xDBAA.tmp
2009-11-18 18:42 . 2009-11-18 18:45 2502656 ----a-w- c:\windows\Internet Logs\xDBA8.tmp
2009-11-18 18:42 . 2009-11-18 18:45 232448 ----a-w- c:\windows\Internet Logs\xDBA9.tmp
2009-11-18 18:01 . 2004-08-18 12:00 63148 ----a-w- c:\windows\system32\perfc005.dat
2009-11-18 18:01 . 2004-08-18 12:00 382548 ----a-w- c:\windows\system32\perfh005.dat
2009-11-17 18:49 . 2007-04-21 15:01 -------- d-----w- c:\program files\MSN Messenger
2009-11-17 18:26 . 2008-10-31 18:47 -------- d-----w- c:\program files\Sony Ericsson
2009-11-17 18:25 . 2008-10-31 18:47 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-11-15 09:11 . 2009-11-15 09:11 275 ----a-w- c:\windows\EReg077.dat
2009-11-10 17:54 . 2009-11-10 18:08 506880 ----a-w- c:\windows\Internet Logs\xDBA7.tmp
2009-11-10 17:44 . 2009-11-10 18:08 2501120 ----a-w- c:\windows\Internet Logs\xDBA6.tmp
2009-11-09 18:59 . 2008-02-10 18:59 -------- d-----w- c:\program files\LimeWire
2009-10-25 10:35 . 2009-10-25 10:39 2457088 ----a-w- c:\windows\Internet Logs\xDBA4.tmp
2009-10-25 10:35 . 2009-10-25 10:39 164864 ----a-w- c:\windows\Internet Logs\xDBA5.tmp
2009-10-20 19:11 . 2009-10-20 19:13 2454528 ----a-w- c:\windows\Internet Logs\xDBA2.tmp
2009-10-20 19:11 . 2009-10-20 19:14 53248 ----a-w- c:\windows\Internet Logs\xDBA3.tmp
2009-10-19 18:37 . 2009-10-19 18:40 156160 ----a-w- c:\windows\Internet Logs\xDBA1.tmp
2009-10-19 18:37 . 2009-10-19 18:40 2451456 ----a-w- c:\windows\Internet Logs\xDBA0.tmp
2009-10-14 17:48 . 2009-10-14 17:52 274944 ----a-w- c:\windows\Internet Logs\xDB9F.tmp
2009-10-14 17:48 . 2009-10-14 17:52 2445312 ----a-w- c:\windows\Internet Logs\xDB9E.tmp
2009-10-11 03:17 . 2008-12-02 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-10-11 21:28 . 2007-10-11 21:28 604 ---ha-w- c:\program files\STLL Notifier
2006-09-11 21:16 . 2006-09-11 21:16 5289878 ----a-w- c:\program files\Plus!.zip
2004-10-01 13:00 . 2006-08-16 15:24 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"nwiz"="nwiz.exe" [2005-07-20 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-04-19 935688]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-01-15 778240]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-09-03 442368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk.disabled
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
2003-12-03 15:18 155648 ----a-w- c:\windows\system32\stmctrl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-07-05 14:37 491008 ----a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FinePrint Dispatcher v5]
2004-09-03 22:18 442368 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-10-24 06:45 90112 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PowerBar"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"<NO NAME>"=
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [7.8.2006 14:27 60255]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.8.2006 15:56 685816]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S2 gupdate1c9eddd3eada760;Služba Google Update (gupdate1c9eddd3eada760);c:\program files\Google\Update\GoogleUpdate.exe [15.6.2009 18:17 133104]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 FUTUREX;FUTUREX;c:\program files\AIDA32 - Enterprise System Information\aida32.sys [17.9.2003 23:00 3908]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [7.8.2006 14:27 549421]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-01-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 17:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Dana\Data aplikací\Mozilla\Firefox\Profiles\eqspc0m7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Age of Empires - c:\program files\Microsoft Games\Age of Empires\Uninstal.exe
AddRemove-ICQ 5.1 čeština - c:\program files\ICQLite\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 15:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-01-05 15:36:28
ComboFix-quarantined-files.txt 2010-01-05 14:36

Před spuštěním: 2 873 094 144
Po spuštění: 2 835 714 048

- - End Of File - - FD4B509A6B053AF0CD303C0341BC6ADD

Unlimited_Killer

0K, skrz CF něco dočistíme

Vypadá to ale již 'bezvirově'

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"RemoteControl"=-
"HP Software Update"=-
"<NO NAME>"=-
"SunJavaUpdateSched"=-

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.

Obrázek

ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.

~~~

Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.

Rihi · #18 Příspěvek od **Rihi** » 05 led 2010 17:40

Taková zpráva potěší.

Zatím čekám a log pořád ne a ne vypadnout...

Unlimited_Killer

0K. Měl by vypadnout... Respektive - ComboFix svou práci dokončil? Jestli ano, log je v C:\Combofix\Combofix(1, 2...).txt

Nebo někde tam, CF jsem dlouho nepoužil

Rihi · #20 Příspěvek od **Rihi** » 05 led 2010 19:11

Domnívám se, že dokončil, ale momentálně mám hezky čistou Plochu pouze s obrázkem na pozadí a bez ikonek...
Ještě doplním: myškou lze pohybovat.

Unlimited_Killer

Měl by se restartovat PC, nějak Vám to CF nedělá, takže zkuste natvrdo...

Rihi · #22 Příspěvek od **Rihi** » 05 led 2010 19:40

Asi vím, kde byla chyba. Klasicky mezi židlí a klávesnicí.

Nějak mi nedošlo, že by bylo vhodné opět vypnout ZoneAlarm. Po restartu se log vytvořil už nez problémů

ComboFix 10-01-04.01 - Dana 05.01.2010 17:14:06.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.682 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dana\Plocha\CFScript.txt
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-04 22:29 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-04 22:29 . 2010-01-04 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 22:29 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 22:05 . 2010-01-04 22:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-04 21:14 . 2010-01-04 21:14 -------- d-----w- C:\_OTM
2010-01-04 20:38 . 2010-01-04 22:24 -------- d-----w- c:\program files\trend micro
2010-01-04 20:38 . 2010-01-04 20:39 -------- d-----w- C:\rsit
2009-12-27 20:54 . 2009-12-27 20:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 16:24 . 2010-01-05 18:31 1371648 ----a-w- c:\windows\Internet Logs\xDBD5.tmp
2010-01-05 16:24 . 2010-01-05 18:31 2567168 ----a-w- c:\windows\Internet Logs\xDBD4.tmp
2010-01-04 22:06 . 2006-08-16 16:59 -------- d-----w- c:\program files\Google
2010-01-04 17:08 . 2006-08-07 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-24 06:26 . 2007-09-05 05:43 14134958 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-12-19 19:18 . 2009-12-19 19:19 574464 ----a-w- c:\windows\Internet Logs\xDBD3.tmp
2009-12-19 19:16 . 2009-12-19 19:19 2524672 ----a-w- c:\windows\Internet Logs\xDBD2.tmp
2009-12-03 12:17 . 2008-10-17 19:01 1289 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-30 13:29 . 2009-11-30 13:31 177664 ----a-w- c:\windows\Internet Logs\xDBD1.tmp
2009-11-30 13:21 . 2009-11-30 13:31 2515968 ----a-w- c:\windows\Internet Logs\xDBD0.tmp
2009-11-29 21:40 . 2009-11-29 21:40 -------- d-----w- c:\program files\Common Files\Skype
2009-11-29 21:40 . 2009-03-09 21:26 -------- d-----r- c:\program files\Skype
2009-11-24 11:06 . 2009-11-24 11:08 16896 ----a-w- c:\windows\Internet Logs\xDBCF.tmp
2009-11-24 11:06 . 2009-11-24 11:08 2503168 ----a-w- c:\windows\Internet Logs\xDBCE.tmp
2009-11-24 11:02 . 2009-11-24 11:05 16896 ----a-w- c:\windows\Internet Logs\xDBCD.tmp
2009-11-24 11:02 . 2009-11-24 11:05 2503168 ----a-w- c:\windows\Internet Logs\xDBCB.tmp
2009-11-24 11:00 . 2009-11-24 11:02 17408 ----a-w- c:\windows\Internet Logs\xDBCA.tmp
2009-11-24 11:00 . 2009-11-24 11:02 2503168 ----a-w- c:\windows\Internet Logs\xDBC9.tmp
2009-11-24 10:57 . 2009-11-24 10:59 41984 ----a-w- c:\windows\Internet Logs\xDBC8.tmp
2009-11-24 10:40 . 2009-11-24 10:59 2503168 ----a-w- c:\windows\Internet Logs\xDBC7.tmp
2009-11-23 18:04 . 2009-11-23 18:05 64000 ----a-w- c:\windows\Internet Logs\xDBC6.tmp
2009-11-23 18:00 . 2009-11-23 18:05 2503168 ----a-w- c:\windows\Internet Logs\xDBC5.tmp
2009-11-20 14:42 . 2009-11-20 14:44 23552 ----a-w- c:\windows\Internet Logs\xDBC4.tmp
2009-11-20 14:32 . 2009-11-20 14:44 2503168 ----a-w- c:\windows\Internet Logs\xDBC3.tmp
2009-11-20 14:26 . 2009-11-20 14:28 19456 ----a-w- c:\windows\Internet Logs\xDBC1.tmp
2009-11-20 14:23 . 2009-11-20 14:28 2503168 ----a-w- c:\windows\Internet Logs\xDBBF.tmp
2009-11-20 14:22 . 2009-11-20 14:23 17408 ----a-w- c:\windows\Internet Logs\xDBBE.tmp
2009-11-20 14:21 . 2009-11-20 14:23 2503168 ----a-w- c:\windows\Internet Logs\xDBBD.tmp
2009-11-20 14:19 . 2009-11-20 14:21 19456 ----a-w- c:\windows\Internet Logs\xDBBC.tmp
2009-11-20 14:18 . 2009-11-20 14:21 2503168 ----a-w- c:\windows\Internet Logs\xDBBB.tmp
2009-11-20 14:16 . 2009-11-20 14:17 57344 ----a-w- c:\windows\Internet Logs\xDBBA.tmp
2009-11-20 14:15 . 2009-11-20 14:17 2503168 ----a-w- c:\windows\Internet Logs\xDBB9.tmp
2009-11-20 14:07 . 2009-05-17 21:34 -------- d-----w- c:\program files\Cradle Of Rome
2009-11-19 18:58 . 2009-11-19 19:01 16896 ----a-w- c:\windows\Internet Logs\xDBB8.tmp
2009-11-19 18:48 . 2009-11-19 19:01 2502656 ----a-w- c:\windows\Internet Logs\xDBB7.tmp
2009-11-19 18:46 . 2009-11-19 18:48 35840 ----a-w- c:\windows\Internet Logs\xDBB5.tmp
2009-11-19 18:46 . 2009-11-19 18:48 2502656 ----a-w- c:\windows\Internet Logs\xDBB4.tmp
2009-11-18 19:45 . 2009-11-18 19:47 18432 ----a-w- c:\windows\Internet Logs\xDBB3.tmp
2009-11-18 19:45 . 2009-11-18 19:47 2504704 ----a-w- c:\windows\Internet Logs\xDBB2.tmp
2009-11-18 19:42 . 2009-11-18 19:44 20992 ----a-w- c:\windows\Internet Logs\xDBB0.tmp
2009-11-18 19:40 . 2009-11-18 19:44 2504704 ----a-w- c:\windows\Internet Logs\xDBAF.tmp
2009-11-18 19:37 . 2006-08-07 13:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-18 19:23 . 2009-11-18 19:25 2502656 ----a-w- c:\windows\Internet Logs\xDBAC.tmp
2009-11-18 19:23 . 2009-11-18 19:25 21504 ----a-w- c:\windows\Internet Logs\xDBAE.tmp
2009-11-18 18:46 . 2009-11-18 18:48 17920 ----a-w- c:\windows\Internet Logs\xDBAB.tmp
2009-11-18 18:46 . 2009-11-18 18:48 2502656 ----a-w- c:\windows\Internet Logs\xDBAA.tmp
2009-11-18 18:42 . 2009-11-18 18:45 2502656 ----a-w- c:\windows\Internet Logs\xDBA8.tmp
2009-11-18 18:42 . 2009-11-18 18:45 232448 ----a-w- c:\windows\Internet Logs\xDBA9.tmp
2009-11-18 18:01 . 2004-08-18 12:00 63148 ----a-w- c:\windows\system32\perfc005.dat
2009-11-18 18:01 . 2004-08-18 12:00 382548 ----a-w- c:\windows\system32\perfh005.dat
2009-11-17 18:49 . 2007-04-21 15:01 -------- d-----w- c:\program files\MSN Messenger
2009-11-17 18:26 . 2008-10-31 18:47 -------- d-----w- c:\program files\Sony Ericsson
2009-11-17 18:25 . 2008-10-31 18:47 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-11-15 09:11 . 2009-11-15 09:11 275 ----a-w- c:\windows\EReg077.dat
2009-11-10 17:54 . 2009-11-10 18:08 506880 ----a-w- c:\windows\Internet Logs\xDBA7.tmp
2009-11-10 17:44 . 2009-11-10 18:08 2501120 ----a-w- c:\windows\Internet Logs\xDBA6.tmp
2009-11-09 18:59 . 2008-02-10 18:59 -------- d-----w- c:\program files\LimeWire
2009-10-25 10:35 . 2009-10-25 10:39 2457088 ----a-w- c:\windows\Internet Logs\xDBA4.tmp
2009-10-25 10:35 . 2009-10-25 10:39 164864 ----a-w- c:\windows\Internet Logs\xDBA5.tmp
2009-10-20 19:11 . 2009-10-20 19:13 2454528 ----a-w- c:\windows\Internet Logs\xDBA2.tmp
2009-10-20 19:11 . 2009-10-20 19:14 53248 ----a-w- c:\windows\Internet Logs\xDBA3.tmp
2009-10-19 18:37 . 2009-10-19 18:40 156160 ----a-w- c:\windows\Internet Logs\xDBA1.tmp
2009-10-19 18:37 . 2009-10-19 18:40 2451456 ----a-w- c:\windows\Internet Logs\xDBA0.tmp
2009-10-14 17:48 . 2009-10-14 17:52 274944 ----a-w- c:\windows\Internet Logs\xDB9F.tmp
2009-10-14 17:48 . 2009-10-14 17:52 2445312 ----a-w- c:\windows\Internet Logs\xDB9E.tmp
2009-10-11 03:17 . 2008-12-02 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-10-11 21:28 . 2007-10-11 21:28 604 ---ha-w- c:\program files\STLL Notifier
2006-09-11 21:16 . 2006-09-11 21:16 5289878 ----a-w- c:\program files\Plus!.zip
2004-10-01 13:00 . 2006-08-16 15:24 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"nwiz"="nwiz.exe" [2005-07-20 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-04-19 935688]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-01-15 778240]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-09-03 442368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk.disabled]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk.disabled
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
2003-12-03 15:18 155648 ----a-w- c:\windows\system32\stmctrl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-07-05 14:37 491008 ----a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FinePrint Dispatcher v5]
2004-09-03 22:18 442368 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-10-24 06:45 90112 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PowerBar"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"WinampAgent"=c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.8.2006 15:56 685816]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [7.8.2006 14:27 60255]
S2 gupdate1c9eddd3eada760;Služba Google Update (gupdate1c9eddd3eada760);c:\program files\Google\Update\GoogleUpdate.exe [15.6.2009 18:17 133104]
S3 FUTUREX;FUTUREX;c:\program files\AIDA32 - Enterprise System Information\aida32.sys [17.9.2003 23:00 3908]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [7.8.2006 14:27 549421]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-01-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 17:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Dana\Data aplikací\Mozilla\Firefox\Profiles\eqspc0m7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 19:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86FD21E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74e0f28
\Driver\ACPI -> ACPI.sys @ 0xf7271cb8
\Driver\atapi -> atapi.sys @ 0xf7206b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 19:38:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 18:37
ComboFix2.txt 2010-01-05 14:36

Před spuštěním: 2 838 896 640
Po spuštění: 2 786 074 624

- - End Of File - - 7E01438366549A4E04C437809B3C45D7

Rihi · #23 Příspěvek od **Rihi** » 05 led 2010 19:49

A ještě log z MBAM

Malwarebytes' Anti-Malware 1.43
Verze databáze: 3494
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.1.2010 19:47:37
mbam-log-2010-01-05 (19-47-37).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 117432
Uplynulý čas: 5 minute(s), 29 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Unlimited_Killer

0K.

Používáte Daemon či Alcohol (emulátory mechanik). Pokud ne, ještě něco prošetříme.

~~~

Stáhněte OTM na Plochu. Spusťte ho dvojklikem na OTM.exe, pokud máte Vistu, pravým tlačítkem na soubor -> Run as Administrator [spustit jako administrátor].
Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:processes
explorer.exe

:files
c:\windows\Internet Logs\*.tmp /s

:commands
[emptytemp]
[reboot]

Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra. Pokud se zobrazí hláška k restartování, klikněte na Yes. Po restartu log najdete v C:\_OTM\MovedFiles

Rihi · #25 Příspěvek od **Rihi** » 05 led 2010 20:21

Daemon by tady někdy být měl, i když jsm ho před časem vypnula, aby se sám při startu nezkoušel (tedy myslím:-D) a další virtuální mechaniku jsem používala přes Power ISO.

Log z OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\windows\Internet Logs\xDB1.tmp moved successfully.
c:\windows\Internet Logs\xDB10.tmp moved successfully.
c:\windows\Internet Logs\xDB11.tmp moved successfully.
c:\windows\Internet Logs\xDB11A.tmp moved successfully.
c:\windows\Internet Logs\xDB12.tmp moved successfully.
c:\windows\Internet Logs\xDB13.tmp moved successfully.
c:\windows\Internet Logs\xDB14.tmp moved successfully.
c:\windows\Internet Logs\xDB144.tmp moved successfully.
c:\windows\Internet Logs\xDB15.tmp moved successfully.
c:\windows\Internet Logs\xDB16.tmp moved successfully.
c:\windows\Internet Logs\xDB163.tmp moved successfully.
c:\windows\Internet Logs\xDB17.tmp moved successfully.
c:\windows\Internet Logs\xDB18.tmp moved successfully.
c:\windows\Internet Logs\xDB19.tmp moved successfully.
c:\windows\Internet Logs\xDB1A.tmp moved successfully.
c:\windows\Internet Logs\xDB1B.tmp moved successfully.
c:\windows\Internet Logs\xDB1C.tmp moved successfully.
c:\windows\Internet Logs\xDB1D.tmp moved successfully.
c:\windows\Internet Logs\xDB1E.tmp moved successfully.
c:\windows\Internet Logs\xDB1F.tmp moved successfully.
c:\windows\Internet Logs\xDB2.tmp moved successfully.
c:\windows\Internet Logs\xDB20.tmp moved successfully.
c:\windows\Internet Logs\xDB21.tmp moved successfully.
c:\windows\Internet Logs\xDB219.tmp moved successfully.
c:\windows\Internet Logs\xDB22.tmp moved successfully.
c:\windows\Internet Logs\xDB23.tmp moved successfully.
c:\windows\Internet Logs\xDB24.tmp moved successfully.
c:\windows\Internet Logs\xDB25.tmp moved successfully.
c:\windows\Internet Logs\xDB26.tmp moved successfully.
c:\windows\Internet Logs\xDB27.tmp moved successfully.
c:\windows\Internet Logs\xDB28.tmp moved successfully.
c:\windows\Internet Logs\xDB29.tmp moved successfully.
c:\windows\Internet Logs\xDB2A.tmp moved successfully.
c:\windows\Internet Logs\xDB2A5.tmp moved successfully.
c:\windows\Internet Logs\xDB2B.tmp moved successfully.
c:\windows\Internet Logs\xDB2C.tmp moved successfully.
c:\windows\Internet Logs\xDB2D.tmp moved successfully.
c:\windows\Internet Logs\xDB2E.tmp moved successfully.
c:\windows\Internet Logs\xDB2F.tmp moved successfully.
c:\windows\Internet Logs\xDB3.tmp moved successfully.
c:\windows\Internet Logs\xDB30.tmp moved successfully.
c:\windows\Internet Logs\xDB31.tmp moved successfully.
c:\windows\Internet Logs\xDB32.tmp moved successfully.
c:\windows\Internet Logs\xDB33.tmp moved successfully.
c:\windows\Internet Logs\xDB34.tmp moved successfully.
c:\windows\Internet Logs\xDB35.tmp moved successfully.
c:\windows\Internet Logs\xDB36.tmp moved successfully.
c:\windows\Internet Logs\xDB37.tmp moved successfully.
c:\windows\Internet Logs\xDB38.tmp moved successfully.
c:\windows\Internet Logs\xDB39.tmp moved successfully.
c:\windows\Internet Logs\xDB3A.tmp moved successfully.
c:\windows\Internet Logs\xDB3B.tmp moved successfully.
c:\windows\Internet Logs\xDB3C.tmp moved successfully.
c:\windows\Internet Logs\xDB3D.tmp moved successfully.
c:\windows\Internet Logs\xDB3E.tmp moved successfully.
c:\windows\Internet Logs\xDB3F.tmp moved successfully.
c:\windows\Internet Logs\xDB4.tmp moved successfully.
c:\windows\Internet Logs\xDB40.tmp moved successfully.
c:\windows\Internet Logs\xDB41.tmp moved successfully.
c:\windows\Internet Logs\xDB42.tmp moved successfully.
c:\windows\Internet Logs\xDB43.tmp moved successfully.
c:\windows\Internet Logs\xDB44.tmp moved successfully.
c:\windows\Internet Logs\xDB45.tmp moved successfully.
c:\windows\Internet Logs\xDB46.tmp moved successfully.
c:\windows\Internet Logs\xDB47.tmp moved successfully.
c:\windows\Internet Logs\xDB48.tmp moved successfully.
c:\windows\Internet Logs\xDB49.tmp moved successfully.
c:\windows\Internet Logs\xDB4A.tmp moved successfully.
c:\windows\Internet Logs\xDB4B.tmp moved successfully.
c:\windows\Internet Logs\xDB4C.tmp moved successfully.
c:\windows\Internet Logs\xDB4D.tmp moved successfully.
c:\windows\Internet Logs\xDB4E.tmp moved successfully.
c:\windows\Internet Logs\xDB4F.tmp moved successfully.
c:\windows\Internet Logs\xDB5.tmp moved successfully.
c:\windows\Internet Logs\xDB50.tmp moved successfully.
c:\windows\Internet Logs\xDB51.tmp moved successfully.
c:\windows\Internet Logs\xDB52.tmp moved successfully.
c:\windows\Internet Logs\xDB53.tmp moved successfully.
c:\windows\Internet Logs\xDB54.tmp moved successfully.
c:\windows\Internet Logs\xDB55.tmp moved successfully.
c:\windows\Internet Logs\xDB56.tmp moved successfully.
c:\windows\Internet Logs\xDB57.tmp moved successfully.
c:\windows\Internet Logs\xDB58.tmp moved successfully.
c:\windows\Internet Logs\xDB59.tmp moved successfully.
c:\windows\Internet Logs\xDB5A.tmp moved successfully.
c:\windows\Internet Logs\xDB5B.tmp moved successfully.
c:\windows\Internet Logs\xDB5C.tmp moved successfully.
c:\windows\Internet Logs\xDB5D.tmp moved successfully.
c:\windows\Internet Logs\xDB5E.tmp moved successfully.
c:\windows\Internet Logs\xDB5F.tmp moved successfully.
c:\windows\Internet Logs\xDB6.tmp moved successfully.
c:\windows\Internet Logs\xDB60.tmp moved successfully.
c:\windows\Internet Logs\xDB61.tmp moved successfully.
c:\windows\Internet Logs\xDB62.tmp moved successfully.
c:\windows\Internet Logs\xDB63.tmp moved successfully.
c:\windows\Internet Logs\xDB64.tmp moved successfully.
c:\windows\Internet Logs\xDB65.tmp moved successfully.
c:\windows\Internet Logs\xDB66.tmp moved successfully.
c:\windows\Internet Logs\xDB67.tmp moved successfully.
c:\windows\Internet Logs\xDB68.tmp moved successfully.
c:\windows\Internet Logs\xDB69.tmp moved successfully.
c:\windows\Internet Logs\xDB6A.tmp moved successfully.
c:\windows\Internet Logs\xDB6B.tmp moved successfully.
c:\windows\Internet Logs\xDB6C.tmp moved successfully.
c:\windows\Internet Logs\xDB6D.tmp moved successfully.
c:\windows\Internet Logs\xDB6E.tmp moved successfully.
c:\windows\Internet Logs\xDB6F.tmp moved successfully.
c:\windows\Internet Logs\xDB7.tmp moved successfully.
c:\windows\Internet Logs\xDB70.tmp moved successfully.
c:\windows\Internet Logs\xDB71.tmp moved successfully.
c:\windows\Internet Logs\xDB72.tmp moved successfully.
c:\windows\Internet Logs\xDB73.tmp moved successfully.
c:\windows\Internet Logs\xDB74.tmp moved successfully.
c:\windows\Internet Logs\xDB75.tmp moved successfully.
c:\windows\Internet Logs\xDB76.tmp moved successfully.
c:\windows\Internet Logs\xDB77.tmp moved successfully.
c:\windows\Internet Logs\xDB78.tmp moved successfully.
c:\windows\Internet Logs\xDB79.tmp moved successfully.
c:\windows\Internet Logs\xDB7A.tmp moved successfully.
c:\windows\Internet Logs\xDB7B.tmp moved successfully.
c:\windows\Internet Logs\xDB7C.tmp moved successfully.
c:\windows\Internet Logs\xDB7D.tmp moved successfully.
c:\windows\Internet Logs\xDB7E.tmp moved successfully.
c:\windows\Internet Logs\xDB7F.tmp moved successfully.
c:\windows\Internet Logs\xDB8.tmp moved successfully.
c:\windows\Internet Logs\xDB80.tmp moved successfully.
c:\windows\Internet Logs\xDB81.tmp moved successfully.
c:\windows\Internet Logs\xDB82.tmp moved successfully.
c:\windows\Internet Logs\xDB83.tmp moved successfully.
c:\windows\Internet Logs\xDB84.tmp moved successfully.
c:\windows\Internet Logs\xDB85.tmp moved successfully.
c:\windows\Internet Logs\xDB86.tmp moved successfully.
c:\windows\Internet Logs\xDB87.tmp moved successfully.
c:\windows\Internet Logs\xDB88.tmp moved successfully.
c:\windows\Internet Logs\xDB89.tmp moved successfully.
c:\windows\Internet Logs\xDB8A.tmp moved successfully.
c:\windows\Internet Logs\xDB8B.tmp moved successfully.
c:\windows\Internet Logs\xDB8C.tmp moved successfully.
c:\windows\Internet Logs\xDB8D.tmp moved successfully.
c:\windows\Internet Logs\xDB8E.tmp moved successfully.
c:\windows\Internet Logs\xDB8F.tmp moved successfully.
c:\windows\Internet Logs\xDB9.tmp moved successfully.
c:\windows\Internet Logs\xDB90.tmp moved successfully.
c:\windows\Internet Logs\xDB91.tmp moved successfully.
c:\windows\Internet Logs\xDB92.tmp moved successfully.
c:\windows\Internet Logs\xDB93.tmp moved successfully.
c:\windows\Internet Logs\xDB94.tmp moved successfully.
c:\windows\Internet Logs\xDB95.tmp moved successfully.
c:\windows\Internet Logs\xDB96.tmp moved successfully.
c:\windows\Internet Logs\xDB97.tmp moved successfully.
c:\windows\Internet Logs\xDB98.tmp moved successfully.
c:\windows\Internet Logs\xDB99.tmp moved successfully.
c:\windows\Internet Logs\xDB9A.tmp moved successfully.
c:\windows\Internet Logs\xDB9B.tmp moved successfully.
c:\windows\Internet Logs\xDB9C.tmp moved successfully.
c:\windows\Internet Logs\xDB9D.tmp moved successfully.
c:\windows\Internet Logs\xDB9E.tmp moved successfully.
c:\windows\Internet Logs\xDB9F.tmp moved successfully.
c:\windows\Internet Logs\xDBA.tmp moved successfully.
c:\windows\Internet Logs\xDBA0.tmp moved successfully.
c:\windows\Internet Logs\xDBA1.tmp moved successfully.
c:\windows\Internet Logs\xDBA2.tmp moved successfully.
c:\windows\Internet Logs\xDBA3.tmp moved successfully.
c:\windows\Internet Logs\xDBA4.tmp moved successfully.
c:\windows\Internet Logs\xDBA5.tmp moved successfully.
c:\windows\Internet Logs\xDBA6.tmp moved successfully.
c:\windows\Internet Logs\xDBA7.tmp moved successfully.
c:\windows\Internet Logs\xDBA8.tmp moved successfully.
c:\windows\Internet Logs\xDBA9.tmp moved successfully.
c:\windows\Internet Logs\xDBAA.tmp moved successfully.
c:\windows\Internet Logs\xDBAB.tmp moved successfully.
c:\windows\Internet Logs\xDBAC.tmp moved successfully.
c:\windows\Internet Logs\xDBAD.tmp moved successfully.
c:\windows\Internet Logs\xDBAE.tmp moved successfully.
c:\windows\Internet Logs\xDBAF.tmp moved successfully.
c:\windows\Internet Logs\xDBB.tmp moved successfully.
c:\windows\Internet Logs\xDBB0.tmp moved successfully.
c:\windows\Internet Logs\xDBB1.tmp moved successfully.
c:\windows\Internet Logs\xDBB2.tmp moved successfully.
c:\windows\Internet Logs\xDBB3.tmp moved successfully.
c:\windows\Internet Logs\xDBB4.tmp moved successfully.
c:\windows\Internet Logs\xDBB5.tmp moved successfully.
c:\windows\Internet Logs\xDBB6.tmp moved successfully.
c:\windows\Internet Logs\xDBB7.tmp moved successfully.
c:\windows\Internet Logs\xDBB8.tmp moved successfully.
c:\windows\Internet Logs\xDBB9.tmp moved successfully.
c:\windows\Internet Logs\xDBBA.tmp moved successfully.
c:\windows\Internet Logs\xDBBB.tmp moved successfully.
c:\windows\Internet Logs\xDBBC.tmp moved successfully.
c:\windows\Internet Logs\xDBBD.tmp moved successfully.
c:\windows\Internet Logs\xDBBE.tmp moved successfully.
c:\windows\Internet Logs\xDBBF.tmp moved successfully.
c:\windows\Internet Logs\xDBC.tmp moved successfully.
c:\windows\Internet Logs\xDBC0.tmp moved successfully.
c:\windows\Internet Logs\xDBC1.tmp moved successfully.
c:\windows\Internet Logs\xDBC2.tmp moved successfully.
c:\windows\Internet Logs\xDBC3.tmp moved successfully.
c:\windows\Internet Logs\xDBC4.tmp moved successfully.
c:\windows\Internet Logs\xDBC5.tmp moved successfully.
c:\windows\Internet Logs\xDBC6.tmp moved successfully.
c:\windows\Internet Logs\xDBC7.tmp moved successfully.
c:\windows\Internet Logs\xDBC8.tmp moved successfully.
c:\windows\Internet Logs\xDBC9.tmp moved successfully.
c:\windows\Internet Logs\xDBCA.tmp moved successfully.
c:\windows\Internet Logs\xDBCB.tmp moved successfully.
c:\windows\Internet Logs\xDBCC.tmp moved successfully.
c:\windows\Internet Logs\xDBCD.tmp moved successfully.
c:\windows\Internet Logs\xDBCE.tmp moved successfully.
c:\windows\Internet Logs\xDBCF.tmp moved successfully.
c:\windows\Internet Logs\xDBD.tmp moved successfully.
c:\windows\Internet Logs\xDBD0.tmp moved successfully.
c:\windows\Internet Logs\xDBD1.tmp moved successfully.
c:\windows\Internet Logs\xDBD2.tmp moved successfully.
c:\windows\Internet Logs\xDBD3.tmp moved successfully.
c:\windows\Internet Logs\xDBD4.tmp moved successfully.
c:\windows\Internet Logs\xDBD5.tmp moved successfully.
c:\windows\Internet Logs\xDBD8.tmp moved successfully.
c:\windows\Internet Logs\xDBD9.tmp moved successfully.
c:\windows\Internet Logs\xDBE.tmp moved successfully.
c:\windows\Internet Logs\xDBF.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 82703531 bytes
->Opera cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 79,00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 01052010_201252

Files moved on Reboot...

Registry entries deleted on Reboot...

Unlimited_Killer

Nevadí, že ej vypnut po startu, jen v logu vidím

Kód: Vybrat vše

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86FD21E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74e0f28
\Driver\ACPI -> ACPI.sys @ 0xf7271cb8
\Driver\atapi -> atapi.sys @ 0xf7206b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
user & kernel MBR OK

a může to být znepokojující, ale jen pokud emulátor nemáte.

Teď prosím o nový RSIT log.

Rihi · #27 Příspěvek od **Rihi** » 05 led 2010 20:29

V průběhu procesu proběhla hláška o odpojení mechanik, a tím, že tam nějaké virtuální mám, tak jsem to odsouhlasila.

RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dana at 2010-01-05 20:25:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (3%) free of 95 GB
Total RAM: 1023 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:13, on 5.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dana\Plocha\RSIT.exe
C:\Program Files\trend micro\Dana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3684920716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3690372135
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9eddd3eada760) (gupdate1c9eddd3eada760) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9299 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2006-02-14 1191424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-15 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2006-02-14 1191424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-20 86016]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2006-05-18 450560]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2005-04-19 935688]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-01-15 778240]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-05 491008]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2004-09-03 442368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
stmctrl.dll,TaskBar []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2002-07-05 491008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FinePrint Dispatcher v5]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2004-09-03 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk.disabled]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk.disabled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk.disabled]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk.disabled []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-01-05 20:13:02 ----SHD---- C:\RECYCLER
2010-01-05 19:38:07 ----A---- C:\ComboFix.txt
2010-01-05 15:17:27 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-05 15:17:27 ----A---- C:\WINDOWS\MBR.exe
2010-01-05 15:17:26 ----A---- C:\WINDOWS\zip.exe
2010-01-05 15:17:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-05 15:17:26 ----A---- C:\WINDOWS\SWSC.exe
2010-01-05 15:17:26 ----A---- C:\WINDOWS\SWREG.exe
2010-01-05 15:17:26 ----A---- C:\WINDOWS\sed.exe
2010-01-05 15:17:26 ----A---- C:\WINDOWS\PEV.exe
2010-01-05 15:17:26 ----A---- C:\WINDOWS\grep.exe
2010-01-05 15:17:04 ----D---- C:\WINDOWS\ERDNT
2010-01-05 15:15:13 ----D---- C:\Qoobox
2010-01-04 23:29:15 ----D---- C:\Documents and Settings\Dana\Data aplikací\Malwarebytes
2010-01-04 23:29:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-04 23:29:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-04 22:14:04 ----D---- C:\_OTM
2010-01-04 21:38:45 ----D---- C:\Program Files\trend micro
2010-01-04 21:38:35 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-01-05 20:19:26 ----D---- C:\Program Files\Mozilla Firefox
2010-01-05 20:19:09 ----D---- C:\WINDOWS\Temp
2010-01-05 20:18:28 ----SD---- C:\WINDOWS\Tasks
2010-01-05 20:12:55 ----D---- C:\WINDOWS\Internet Logs
2010-01-05 19:38:12 ----D---- C:\WINDOWS\system32\drivers
2010-01-05 19:35:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-05 19:31:45 ----D---- C:\WINDOWS\Prefetch
2010-01-05 19:31:37 ----D---- C:\WINDOWS
2010-01-05 19:31:37 ----A---- C:\WINDOWS\system.ini
2010-01-05 17:25:11 ----D---- C:\WINDOWS\system32
2010-01-05 17:25:11 ----D---- C:\WINDOWS\AppPatch
2010-01-05 17:25:10 ----D---- C:\Program Files\Common Files
2010-01-05 17:10:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-05 00:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2010-01-04 23:29:09 ----RD---- C:\Program Files
2010-01-04 23:06:38 ----SHD---- C:\WINDOWS\Installer
2010-01-04 23:06:38 ----D---- C:\Config.Msi
2010-01-04 23:06:18 ----D---- C:\Program Files\Google
2010-01-04 18:08:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-03 16:25:02 ----A---- C:\WINDOWS\WDICT32.INI
2010-01-03 11:08:49 ----D---- C:\Install
2010-01-02 19:50:04 ----A---- C:\WINDOWS\winzip32.ini
2010-01-02 19:50:04 ----A---- C:\WINDOWS\win.ini
2010-01-01 23:51:42 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-31 18:10:45 ----A---- C:\WINDOWS\cdplayer.ini
2009-12-24 01:53:19 ----D---- C:\Přenos
2009-12-14 16:58:10 ----D---- C:\Taťka
2009-12-10 15:37:18 ----D---- C:\WEPOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2005-04-19 279880]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-08-26 223128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FUTUREX;FUTUREX; \??\C:\Program Files\AIDA32 - Enterprise System Information\aida32.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-05-13 68204]
S3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-12-23 549421]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2005-01-04 65536]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-05-20 331776]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-20 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2005-04-19 1210112]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2005-01-04 1527893]
S2 gupdate1c9eddd3eada760;Služba Google Update (gupdate1c9eddd3eada760); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-15 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 183280]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-23 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Unlimited_Killer

0K, dokončíme to.

~~~

Otevřete soubor

Kód: Vybrat vše

C:\WINDOWS\winzip32.ini

v poznámkovém bloku a vkopírujte mi sem jeho obsah.

~~~

Odinstalujte ComboFix
Start >> Spustit >> vkopírujte do okénka:

Kód: Vybrat vše

ComboFix /Uninstall

>> stiskněte Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.

~~~

Spusťte opět OTM, ale tentokrát klikněte na 'CleanUp!' [vizte obrázek].

~~~

Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.

Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.

Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.

CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

~~~

Po těchto mým 'zákrocích' Vám nebudou fungovat automatické aktualizace například Javy (spouštěly se zbytečně hned po startu systému a zatěžovaly RAM).
Proto doporučuji stáhnout si prográmek jménem FileHippo Update Checker, který stačit jednou týdně spustit a přehledně Vám zobrazí, který software je neaktuální.

~~~

Zkuste defragmentovat disk. Buď pomocí integrovaného Windowsáckého nástroje (není moc dobrý), nebo například přes Defraggler. Dobré zkušenosti mám taky s jednoduchým JKDefrag, který se nemusí instalovat.

~~~

Jako bonus můžete přihodit nový RSIT log.

Rihi · #29 Příspěvek od **Rihi** » 05 led 2010 20:57

[WinZip]
font=F6FFFFFF0000000000000000000000009001000000000000000000004D532053616E7320536572696600000000000000000000000000000000000000F2
Setup=0
Opts=01000000000000000E000100010000000000010000000000000000000000010000000100000001000000010000000000000000000000010000000000000000001400010000000100010001006301000000010000000000000000000000000000000100000000000000000000000000000000000100000001000000010000000100000001000000000000002203000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000010000000100000000000000010000000100000001000000C5
AlwaysOnTop=0
ReuseWindows=1
SpanDefault=0
ExtractSkipOlder=0
CheckOutIconOnly=1
Wizard=0
Display=1280,1024
Main=0,268,152,790,513
ViewerFont=0C00000008000000000000000000000090010000000000FF010202315465726D696E616C00000000000000000000000000000000000000000000000016
FilterIndex=1
[Programs]
zip2exe_init=1
zip2exe=C:\Program Files\WinZip\WZSEPE32.EXE
viewer=C:\WINDOWS\NOTEPAD.EXE
scanp=
scanicon=0
vviewer=C:\WINDOWS\NOTEPAD.EXE
[fm]
assoc=1
include=1
start=0
shlExt=1
[wzshlext]
ShellExtensionSubMenu=0
MenuBitmaps=1
[rrs]
Days=123
Date=01/02/10
Opened=391
[directories]
zDefDir=0
DefDir=C:\Documents and Settings\Dana\Plocha
gzExtractTo=0
ExtractTo=C:\DOCUME~1\Dana\LOCALS~1\Temp\
gzAddDir=0
AddDir=
ZipTempRemovableOnly=0
ZipTemp=C:\DOCUME~1\Dana\LOCALS~1\Temp
CheckOutBase=
[WIZARD]
ModeSwitchDlg=1
AutoAddDir=8120
Overwrite=0
ShowIcon=1
AllowFloppyInFavorites=0
ExtractTo=c:\unzipped
[extract]
extract1=C:\Program Files\TheOracle10
extract2=C:\Program Files\Br na do budoucnosti
extract3=D:\m
extract4=C:\Documents and Settings\Dana\Plocha\snd
extract5=C:\Program Files\Karaoke player
[filemenu]
filemenu1=C:\Documents and Settings\Dana\Local Settings\Temp\instruktazni_dopis_pro_studenty.zip
filemenu2=C:\Documents and Settings\Dana\Local Settings\Temp\zaverecna_souv._ped._praxe.zip
filemenu3=C:\Program Files\QIP\Users\214490445\RcvdFiles\445056010_Jirka @}-_--\Tvorba www str nek.zip
filemenu4=C:\Documents and Settings\Dana\Plocha\anatomie 2.zip

Unlimited_Killer

Je to 0K.
Teď ostatní kroky (defragmentaci můžete nechat až po RSIT logu - je na dlouho).
Udělejte vše před defragmentací a dejte nový RSIT log.

VIRY.CZ

Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe

Re: Vytížení CPU na 100%, svchost.exe