prosím o kontrolu logu

[kk]

Problém byl že neustálé ubývalo místa na disku c,a to třeba až 2gb za dva dny,a počítač byl hrozně pomalý,po vyčistění s combofixem je už snad vše v pořádku,jen nevím jak zjistit nové soubory za poslední dny a jak se jich zbavit ani nevím kolik gb zbytečných a kde to vůbec je,díky za radu,tady je log-

ogfile of HijackThis v1.99.1
Scan saved at 10:16:43, on 3.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\AOL\1189183504\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jirka\Plocha\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1189183504\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://vitejte.razdva.cz/cgi-bin/autore ... ANGUAGE=cz
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{339A31B9-D184-4D62-9916-3B362C7A75BA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{339A31B9-D184-4D62-9916-3B362C7A75BA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{339A31B9-D184-4D62-9916-3B362C7A75BA}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SCfortify (ServiceAceSpy) - Unknown owner - C:\WINDOWS\system32\SCForte.exe (file missing)
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

[earl]

Zdravim,

HjT je zastaraly,priste zacnete logem z RSITu.

Odinstalujte Spy Emergency.

Pouzil jste ComboFix,takze

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:



pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120



odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Po ukonceni vsech procedur ->

:arrow:Doinstalujte Service Pack 3

[kk]

tady je log-

ComboFix 10-02-02.04 - Jirka 03.02.2010 11:47:35.17.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.503.198 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100203-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spy Emergency *disabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-01 08:35 . 2010-02-01 08:35 1152 ----a-w- c:\windows\system32\windrv.sys
2010-01-31 15:50 . 2010-02-01 08:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 15:50 . 2009-11-12 15:35 4736 ----a-w- c:\windows\system32\drivers\null_flt.sys
2010-01-19 18:52 . 2010-01-19 18:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-18 18:34 . 2010-01-18 18:34 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-17 16:31 . 2010-01-17 16:31 -------- d-----w- c:\windows\Profiles
2010-01-17 15:41 . 2010-01-17 15:41 -------- d-----w- c:\windows\system32\Adobe
2010-01-17 08:19 . 2010-01-19 17:06 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-16 20:49 . 2010-01-17 16:31 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-16 17:48 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-16 17:48 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-16 17:48 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-16 17:48 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-16 17:48 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-16 17:48 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-16 17:48 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-16 17:48 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-16 17:47 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-16 11:48 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-16 11:48 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-16 11:48 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-16 11:48 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-16 11:48 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-01-16 11:48 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-16 11:44 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-16 11:43 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-16 11:43 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-16 11:43 . 2010-01-16 17:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-16 09:06 . 2009-03-04 13:38 40960 ----a-w- c:\windows\system32\Crypt.dll
2010-01-16 09:06 . 2009-03-04 13:38 141072 ----a-w- c:\windows\system32\XZip.dll
2010-01-16 09:06 . 2008-11-10 21:17 147456 ----a-w- c:\windows\system32\tgsdkx.dll
2010-01-16 09:06 . 2008-10-08 04:18 379904 ----a-w- c:\windows\system32\tgsdk.dll
2010-01-16 09:06 . 2009-03-04 13:38 309328 ----a-w- c:\windows\system32\AddEmail.dll
2010-01-16 09:06 . 2010-01-31 14:49 -------- d-----w- c:\windows\system32\GroupPolicies
2010-01-16 07:40 . 2010-01-16 07:40 70 ----a-w- c:\windows\update6.dat
2010-01-15 11:18 . 2010-01-15 11:18 69 ----a-w- c:\windows\update5.dat
2010-01-09 17:04 . 2000-06-26 10:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-01-09 17:04 . 2004-07-26 16:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-01-09 17:04 . 2004-07-26 16:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-01-09 17:04 . 2004-07-26 16:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-01-09 17:04 . 2004-07-26 16:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-01-09 17:04 . 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 16:27 . 2006-07-07 07:23 -------- d-----w- c:\program files\CodecInstaller
2010-01-31 15:44 . 2006-07-07 07:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 20:16 . 2007-01-20 07:27 -------- d-----w- c:\program files\CyberLink DVD Solution
2010-01-19 17:06 . 2006-07-10 17:32 -------- d-----w- c:\program files\ICQLite
2010-01-19 17:06 . 2006-07-10 19:16 -------- d-----w- c:\program files\eMule
2010-01-17 16:29 . 2006-10-29 08:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-16 20:40 . 2008-01-29 20:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-16 11:34 . 2007-02-10 20:18 -------- d-----w- c:\program files\Ashampoo
2010-01-11 10:18 . 2006-07-07 07:42 -------- d-----w- c:\program files\Ahead
2010-01-05 14:27 . 2009-01-19 15:36 -------- d-----w- c:\program files\ESET
2009-12-30 10:43 . 2001-10-25 14:00 574314 ----a-w- c:\windows\system32\perfh005.dat
2009-12-30 10:43 . 2001-10-25 14:00 122714 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 17:54 . 2006-07-20 15:08 -------- d-----w- c:\program files\ICQ
2009-12-25 09:18 . 2009-12-25 09:18 -------- d-----w- c:\program files\A4Tech
2009-12-22 05:42 . 2004-08-17 13:49 663040 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-21 16:46 . 2004-08-17 13:49 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2004-10-01 14:00 . 2006-11-03 03:45 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 68856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"HostManager"="c:\program files\Common Files\AOL\1189183504\ee\AOLSoftware.exe" [2006-04-13 50792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\QIP\\qip.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16.1.2010 12:43 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.1.2010 18:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.1.2010 18:48 20560]
R2 null_flt;null_flt;c:\windows\system32\drivers\null_flt.sys [26.1.2010 16:50 4736]
S2 ServiceAceSpy;SCfortify;c:\windows\system32\SCForte.exe --> c:\windows\system32\SCForte.exe [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [6.3.2007 9:49 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe" --> c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
TCP: {339A31B9-D184-4D62-9916-3B362C7A75BA} = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 12:01
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(504)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Celkový čas: 2010-02-03 12:07:59
ComboFix-quarantined-files.txt 2010-02-03 11:07
ComboFix2.txt 2010-02-02 09:18
ComboFix3.txt 2008-02-06 14:28
ComboFix4.txt 2008-02-06 14:16
ComboFix5.txt 2010-02-03 10:46

Před spuštěním: 8 989 708 288
Po spuštění: 8 957 009 920

- - End Of File - - F5883FCD75C8AF54DAA54E5A1DC3C430

[earl]

Log zkontroluji po 23 hod.

[earl]

Mate v pc tri antispywary - Spy Emergency,Spybot - Search & Destroy a Spyware Doctor.Spy Emergency a Spybot odinstalujte a ponechte pouze Spyware Doctor.

Navic mate v pc Avast a NOD32 - opet jeden antivir odinstalujte,popr.smazte slozky nepouzivaneho softu,at v tom logu nemam zmatek

otestujte na VIRUSTOTALu

c:\windows\system32\windrv.sys

c:\windows\system32\drivers\null_flt.sys

c:\windows\system32\SCForte.exe

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

[kk]

Soubor windrv.sys přijatý 2010.02.04 07:54:37 (UTC)
Současný stav: Dokončeno
Výsledek: 0/40 (0%)
Soubor null_flt.sys přijatý 2010.02.04 07:59:28 (UTC)
Současný stav: Dokončeno
Výsledek: 0/40 (0%)
soubor sc forte exe. jsem nikde nenašel,už před pár dny jsem ho smazal

[earl]

Pokud mate odinstalovan ten Spy Emergency a Spybot a nainstalovan Service Pack 3 tak je to vse.

Jak se chova pc?

[kk]

vypadá že dobře,ale co ty gb zbytečné,které se tam stáhly,nejde to nějak odstranit,nedá se poznat nějak nové soubory za poslední dny?

[earl]

Nejjednodussi bude peclive projit disk C slozku po slozce a zjistit velikosti.

Pak mi sem napiste nazvy tech nejvetsich a ja vam reknu,co je mozne odstranit.

Zakladni vec je to,aby uzivatel vedel,kde co na disku ma.