Velké zpomalení internetu

[Siban]

Načítání stránky trvá kolem 1 min. Avast našel několik souborů inf. viry typu Win 32., bohužel více jsem si nepoznamenal. Po vymazání inf. souborů přestal fungovat nástroj obnovení systému, rychlost internetu beze změny. Spy Bot našel Win32.Wemon.sh. Po odstranění, připojení na net (rychlost beze změny) a nové kontrole se objevuje stále znovu. Protože nejsem žádný odborník, prosím o kontrolu logu a případnou pomoc.

Logfile of random's system information tool 1.08 (written by random/random)
Run by oem at 2010-08-10 21:48:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (56%) free of 40 GB
Total RAM: 1022 MB (11% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Registry Reviver-oem-Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-08 155648]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"FinePrint Dispatcher v4"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe [2002-10-30 364544]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\oem\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
Reminder-cor40212.lnk - C:\Program Files\Corel\Graphics9\Register\Remind32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AtapiDrv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AtapiDrv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\qip\qip8000cz\qip.exe"="C:\Program Files\qip\qip8000cz\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\qip\qip.exe"="C:\Program Files\qip\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sony Ericsson\Update Service\ma3platform.exe"="C:\Program Files\Sony Ericsson\Update Service\ma3platform.exe:*:Enabled:ma3platform"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""
""=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-10 21:48:17 ----D---- C:\Program Files\trend micro
2010-08-10 21:48:16 ----D---- C:\rsit
2010-08-09 21:17:12 ----D---- C:\Documents and Settings\oem\Data aplikací\Spyware Terminator
2010-08-09 21:17:12 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-08-09 21:17:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-08-07 11:38:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-07 11:15:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-06 22:13:05 ----D---- C:\Documents and Settings\oem\Data aplikací\TrojanHunter
2010-08-06 20:19:23 ----R---- C:\WINDOWS\system32\streamhlp.dll
2010-08-06 20:19:23 ----D---- C:\Program Files\TrojanHunter 5.3
2010-08-02 20:39:22 ----R---- C:\WINDOWS\system32\dartsock.dll
2010-08-02 20:39:22 ----R---- C:\WINDOWS\system32\DartSnmp.dll
2010-08-02 20:39:22 ----A---- C:\WINDOWS\system32\ASUSW32N50.dll
2010-08-02 20:39:22 ----A---- C:\WINDOWS\system32\ASNDIS5.sys
2010-08-02 20:39:20 ----D---- C:\Program Files\ASUS
2010-07-29 22:15:22 ----A---- C:\WINDOWS\system32\userinit.exe
2010-07-15 07:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

======List of files/folders modified in the last 1 months======

2010-08-10 21:48:17 ----D---- C:\Program Files
2010-08-10 20:46:46 ----D---- C:\WINDOWS\Temp
2010-08-10 20:39:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-10 20:35:42 ----SD---- C:\WINDOWS\Tasks
2010-08-10 20:31:31 ----D---- C:\Documents and Settings\oem\Data aplikací\OpenOffice.org2
2010-08-10 20:29:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-10 18:49:42 ----D---- C:\WINDOWS\Prefetch
2010-08-10 18:44:16 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-10 06:38:17 ----D---- C:\Program Files\Mozilla Firefox
2010-08-09 21:17:13 ----D---- C:\WINDOWS\system32\drivers
2010-08-09 21:17:13 ----D---- C:\Program Files\Spyware Terminator
2010-08-09 20:35:55 ----D---- C:\WINDOWS
2010-08-09 20:29:02 ----D---- C:\Program Files\Seznam.cz
2010-08-07 16:57:17 ----HD---- C:\WINDOWS\inf
2010-08-07 14:11:22 ----D---- C:\Program Files\SpeedFan
2010-08-07 13:40:46 ----D---- C:\WINDOWS\pss
2010-08-07 13:40:45 ----SH---- C:\boot.ini
2010-08-07 13:40:45 ----A---- C:\WINDOWS\win.ini
2010-08-07 13:40:45 ----A---- C:\WINDOWS\system.ini
2010-08-06 20:19:23 ----D---- C:\WINDOWS\system32
2010-08-02 20:40:43 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-02 20:39:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-01 23:00:19 ----D---- C:\WINDOWS\Help
2010-08-01 22:18:51 ----SHD---- C:\WINDOWS\Installer
2010-08-01 22:18:49 ----D---- C:\Config.Msi
2010-07-30 20:13:22 ----D---- C:\Documents and Settings\oem\Data aplikací\esmska
2010-07-29 22:18:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-15 20:36:47 ----D---- C:\WINDOWS\Debug
2010-07-15 16:29:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-07-15 16:28:52 ----D---- C:\Program Files\DivX
2010-07-15 07:30:42 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-04-23 47360]
R3 RT2400;ASUS Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-08 51712]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S1 AtapiDrv;AtapiDrv; C:\WINDOWS\system32\drivers\AtapiDrv.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-09 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Siban]

Děkuji za rychlou reakci. Bohužel se nedostanu k počítači dříve než večer. Dále mám potíž s požadovaným logem z ComboFixu. Po spuštění vypíše hlášku, že "počítač nemá instalovánu konzoli zotavení". Dále pokračuje, že "stáhne potřebné soubory". Jenomže potom následuje hláška "chyba - potřebné soubory se nepodařilo stáhnout, budu pokračovat ve skenování". Potom už jen bliká kurzor v modrém okně za konstatováním "provádím scan couborů", jenomže se zřejmě nic neděje. Po hodině jsem i já laik pochopil, že je něco špatně . Byl bych vděčný za nějakou radu, jak postupovat dále.

[Rudy]

1. CF musíte spustit v profilu s plnými právy (admin).
2. Pokud by nadále hlásil chybu, zkuste to v nouz. režimu.

[Siban]

Moc se omlouvám za svoji neznalost, ale Vaše pokyny jsou poněkud za hranicemi mých zkušeností a znalostí.
Ad 1) - Já jsem jediný uživatel s admin. právy, proto mi není jasné, jak jinak se přihlásit.
Tady na webu jsem se dočetl, že je možné, aby konzole zotavení nebyla instalovaná. Takže se dodatečně instaluje z instalačního CD. Je to možné?
Ad2) - V nouzovém režimu jsem nikdy nepracoval, takže bych potřeboval trochu podrobnější popis.

[Rudy]

Při startu PC těsně před skončením úvodních postů tiskněte F8. Objeví se menu, v němž se budete pohybovat kurzorovým šipkami. Označíte "Stav nouz s prací v síti" a stskněte >Enter<. PC nastartuje do nouz. režimu.

[Siban]

Tak jsem to konečně zvládl. Přikládám log ComboFix.

ComboFix 10-08-11.04 - oem 11.08.2010 23:39:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.611 [GMT 2:00]
Spuštěný z: h:\luboš\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\oem\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\oem\Plocha\Asusek ovladače\utility\MultiFrame_XP_070922\Desktop_.ini
c:\program files\Internet Explorer\SET380.tmp
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\userinitxx.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATAPIDRV
-------\Service_AtapiDrv


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-11 do 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-10 19:48 . 2010-08-10 19:48 -------- d-----w- c:\program files\trend micro
2010-08-10 19:48 . 2010-08-10 19:48 -------- d-----w- C:\rsit
2010-08-09 19:17 . 2010-08-09 19:17 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-07 09:38 . 2010-08-07 09:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-06 18:19 . 2010-08-07 12:16 -------- d-----w- c:\program files\TrojanHunter 5.3
2010-08-02 18:39 . 2002-09-09 19:01 61440 ----a-w- c:\windows\system32\ASUSW32N50.dll
2010-08-02 18:39 . 2002-09-09 17:54 16269 ----a-w- c:\windows\system32\ASNDIS5.sys
2010-08-02 18:39 . 2001-12-21 12:35 212992 ------r- c:\windows\system32\dartsock.dll
2010-08-02 18:39 . 2001-02-27 07:13 176128 ------r- c:\windows\system32\DartSnmp.dll
2010-08-02 18:39 . 2010-08-02 18:39 -------- d-----w- c:\program files\ASUS
2010-08-02 15:07 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-29 20:15 . 2008-04-14 03:22 26112 -c--a-w- c:\windows\system32\dllcache\userinit.exe
2010-07-29 20:15 . 2008-04-14 03:22 26112 ----a-w- c:\windows\system32\userinit.exe
2010-07-14 05:13 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 21:08 . 2006-03-02 12:00 80968 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 21:08 . 2006-03-02 12:00 435768 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 19:17 . 2007-02-25 11:17 -------- d-----w- c:\program files\Spyware Terminator
2010-08-09 18:29 . 2009-07-13 18:40 -------- d-----w- c:\program files\Seznam.cz
2010-08-07 12:11 . 2006-12-22 12:47 -------- d-----w- c:\program files\SpeedFan
2010-08-02 18:39 . 2006-12-20 14:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 18:38 . 2010-04-24 06:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 14:28 . 2006-12-21 14:42 -------- d-----w- c:\program files\DivX
2010-07-07 14:07 . 2007-02-03 13:56 -------- d-----w- c:\program files\Google
2010-06-28 20:57 . 2006-12-21 18:02 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-17 16:49 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-02 19:08 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2006-12-21 18:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2006-12-21 17:13 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2006-12-21 17:13 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-04-02 19:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2006-12-21 17:13 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-14 20:55 . 2009-10-19 18:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-14 14:31 . 2006-12-20 02:11 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-24 16:59 . 2010-05-24 16:59 127181 ----a-w- c:\windows\MeterBasic Uninstaller.exe
2008-03-11 17:46 . 2008-03-11 17:46 17067560 ----a-w- c:\program files\DivXInstaller.exe
2008-03-11 17:01 . 2008-03-11 17:01 192512 ----a-w- c:\program files\divx511bundle.zip
2008-03-05 15:45 . 2008-03-05 15:45 25787976 ----a-w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2007-02-02 18:15 . 2007-02-02 18:15 1761127 ----a-w- c:\program files\XMLViewer.zip
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-08 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe" [2002-10-30 364544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\oem\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-12-2 393216]
Reminder-cor40212.lnk - c:\program files\Corel\Graphics9\Register\Remind32.exe [2007-1-13 67584]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-12-21 102400]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.1.2010 18:23 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.4.2008 21:08 165456]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [27.4.2009 17:04 270888]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.8.2010 21:17 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 21:08 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.7.2008 17:41 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 13:17 1181328]
R3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [1.3.2004 19:31 51712]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [27.4.2009 17:04 65576]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-11 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:23]

2010-08-11 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:23]

2010-08-11 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:23]

2010-08-11 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:23]

2010-08-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:23]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: vfn.cz\access
Trusted Zone: vfn.cz\webaccess
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://195.113.70.98/+CSCOL+/relayp.cab
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ujbi3ras.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ujbi3ras.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-AtapiDrv.sys
AddRemove-HijackThis - c:\docume~1\oem\LOCALS~1\Temp\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 23:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="369FD52733C1AC6B2282F160DFC2F2178577BF5919BDBD766061691B31899E0430009393D2C1EEB19BDD0DFADABA6E14785359C482072D98180C7CA65690CA54EA2F29A47BBBFE5EED872F3750A3F9366EC5427DCCD810C116CB0C803DBEB358510E930450ECC45BF97FF0E8E5AAAC61DC92D120C0F1C7EE05C54B30F784A745E14383C1C3179BB8B20E2147FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555FEBC9E127BECC74C9E871E37A8546297D7B35B4194F253F56CB055A69ADDEF328F2363799912CED2D06259325F23DC2B6AA0120411655082561B49C6ED2BEDBBB6E64CF8611921268F45F140637E5AC0CE0A6C0CA5C74AAB2590603C177A5D0FAC44545CB5471C22E338ED6DAAA1C43E754A7C423EF846034DDA57E517EA81818916081F4B1CE088A9C646ECBF0F38EE9B3E4BAF5B1A7EF994C9E449025E50D1B7BDE7DBEB5BC07E1003EA94C18B057FD748D2050E92E0E992B0AF0C7E7D739F749BE8D5738E450E99803BDE619F2F03124D0194FE8B8F0D37E3D37CCA32CBEF541A7570D402A92421D80FE7E598707009383BD36A745D03433F620836ACE9A83DA4EA3594445D13CF2731732989B4A24B76D5DF9D7E564F4DA15E44A4DE14996AA9174F4C2B038E260EDCE619441CD53EF79EF6FB20B6593EED3FE78F81C571E99D4292294DF2B1F8B146CA3AE47C2F1BB3527BFE1371EBD389F250820F2EC420F824726B08B8F7EEB913CE9F465DB2EE24A574AFD5A937A0E057FC9DC52E0CC1B56A87EAFB924504D3DDC4F50CFACC1AC43E0D2FAABB4E89E1C21116AA5EA45A53B4108E8B765D08AF33217A19C64BD01AB893AE17B2A8C9FEFA553382864DC8571AEA54600AE89E03167F7E17E4DE1C27A1FCF6E5D1A1EDADBDB452DA28AAC048219DCD65A9F6C0057B9CEAF32D2059767EDCE1250EF9576AB9BFE101734647B149D11FCBE37837F34F5AB7E0AC883916C570612710523C34942A6709508BB92402D404867EC2A58F6E3F7452A4F6C0976296750237B4278B64CB7BCA584AC3B2B016C64F6E0F7D1D2BF4C202882DC6903250B78F930A75F83721C9DF5A396AF4AEABCA2160FA86E4CB4959EB02D1F99A0947D26EEAA459060BC99327D96F8285494D05BC33875DB3092F02D2EC6F5BD2AEC3067F37B4D742D5092BC60CE7B98540D97DA6FB9A71D9123A9BBB59F4BEDB5C3724EAA5D44ABF7E47F922DB850C194A4F53A580FD862C0927186E0CB34D5AC3B2951A977E5F956011FC67678B4DE50F5536473EDDB38383517D78FDE103F8856C543AA29198DD4D94C3038222A499AB346CDAE1CBE6BB0B3C66ACDB1CB2E4B9C1EFBD11514C378828722BB2568CE1B1D7CEF4513F5DB61F8C"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1256)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\oodag.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Alwil Software\Avast5\setup\avast.setup
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2010-08-11 23:59:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-11 21:59

Před spuštěním: Volných bajtů: 23 382 122 496
Po spuštění: Volných bajtů: 23 337 164 800

- - End Of File - - AC6CEDBE9F34B03A32C67CB3F7852DAD

[Rudy]

Několik položek bylo smazáno, zbytek logu vypadá čistý. Nastala nějaká změna?

[Siban]

Ano, internet jede normálně. Velmi děkuji za Vaši účinnou pomoc.

Prosil bych, pokud je to možné, ještě kontrolu logu z ComboFixu druhého počítač doma, který byl s tím prvním na síti. Mám u něho také problém s inernetem. U něho se prozměnu internet po určité době sám odpojuje.

ComboFix 10-08-11.05 - Ejem 12.08.2010 17:49:12.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1278.826 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ejem\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ejem\System
c:\documents and settings\Ejem\System\win_qs8.jqx
c:\program files\1
c:\program files\1\EraserSetup32.exe
c:\program files\1\expertpdfv6_10_trial_UK.exe
c:\program files\1\ultra_mp4converter.exe
c:\program files\autorun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\Process.exe
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OSPPSVC
-------\Service_osppsvc


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-12 do 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-12 15:42 . 2010-08-12 15:42 -------- d-----w- c:\windows\LastGood.Tmp
2010-08-09 20:17 . 2010-08-09 20:17 -------- d-----w- c:\program files\Common Files\Skype
2010-08-09 20:16 . 2010-08-09 20:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-09 20:15 . 2010-08-09 20:15 -------- d-----w- c:\program files\Microsoft Works
2010-08-09 20:14 . 2010-08-09 20:14 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-08-09 20:14 . 2010-08-09 20:14 -------- d-----w- c:\program files\Microsoft.NET
2010-08-09 20:14 . 2010-08-09 20:14 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-08-06 15:31 . 2010-08-06 15:31 -------- d-----w- c:\program files\PowerArchiver
2010-07-14 06:38 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 16:58 . 2010-07-13 16:58 -------- d-----w- C:\FOUND.002

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 16:17 . 2010-08-09 20:06 16980 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1029.dat
2010-07-15 10:15 . 1979-12-31 22:00 85782 ----a-w- c:\windows\system32\perfc005.dat
2010-07-15 10:15 . 1979-12-31 22:00 443874 ----a-w- c:\windows\system32\perfh005.dat
2010-07-13 08:30 . 2010-07-13 08:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-06-28 20:57 . 2010-07-13 08:46 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-10-15 18:37 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-10-15 18:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-10-15 18:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-10-15 18:37 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-10-15 18:37 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-10-15 18:37 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-10-15 18:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-10-15 18:37 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-14 14:31 . 2004-09-17 10:10 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-05-25 21:12 . 2010-05-25 21:12 56184 ----a-w- c:\windows\system32\WBHELP2.DLL
2010-01-28 17:34 . 2010-01-28 17:33 22 ----a-w- c:\program files\InstSuccess.ini
2009-10-11 13:53 . 2009-10-11 13:53 1247 ----a-w- c:\program files\1Full Licence Key for BB FlashBack Express2009.txt
2009-01-09 07:12 . 2009-01-15 19:06 3550064 ----a-w- c:\program files\procexp.exe
2008-07-27 14:59 . 2008-07-27 14:57 7710016 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-06-18 20:24 . 2008-07-13 19:18 2506679 ----a-w- c:\program files\fc_setup.exe
2008-04-14 12:00 . 2008-06-03 19:43 6895 ----a-w- c:\program files\WINXP_LOGO_HORIZ_SM.GIF
2008-04-14 12:00 . 2008-06-03 19:42 322523176 ----a-w- c:\program files\WINDOWSXP-KB936929-SP3-X86-CSY.EXE
2008-04-14 12:00 . 2008-06-03 19:42 6244 ----a-w- c:\program files\FAQ.HTM
2008-04-14 12:00 . 2008-06-03 19:42 16129 ----a-w- c:\program files\READMESP.HTM
2008-04-14 12:00 . 2008-06-03 19:42 157696 ----a-w- c:\program files\SPWIZENG.DLL
2008-04-14 12:00 . 2008-06-03 19:42 18944 ----a-w- c:\program files\AUTORUN.EXE
2008-04-14 12:00 . 2008-06-03 19:42 1053696 ----a-w- c:\program files\AUTORUN.DLL
2007-08-31 04:36 . 2009-01-15 19:06 72138 ------w- c:\program files\procexp.chm
2006-07-28 07:32 . 2009-01-15 19:06 7005 ------w- c:\program files\Eula.txt
2008-11-24 08:40 . 2008-04-10 19:32 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 19:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-03-03 77824]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2009-03-24 11:11 21840 ------w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-02-08 19:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
2004-01-28 15:48 184320 ----a-w- c:\program files\Launch Manager\CTRLVOL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-08-24 05:45 1181064 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-03-29 09:08 61440 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2004-10-11 08:47 245760 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
2002-08-30 13:02 94208 ----a-w- c:\program files\Launch Manager\Powerkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-02-23 16:13 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 02:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-23 19:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-10-05 14:25 98394 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Stuffit Archive Name Service"=2 (0x2)
"ICQ Service"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"WinDefend"=2 (0x2)
"SeaPort"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=2 (0x2)
"Panasonic Trap Monitor Service"=2 (0x2)
"ose"=3 (0x3)
"OOD2000"=2 (0x2)
"OOCleverCacheAgent"=2 (0x2)
"NMSAccessU"=2 (0x2)
"MDM"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IS360service"=2 (0x2)
"iPod Service"=3 (0x3)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c9875b5822512c"=2 (0x2)
"GoogleDesktopManager-092308-165331"=3 (0x3)
"fsssvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"anbmService"=2 (0x2)
"a2free"=2 (0x2)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe
"ooccctrl.exe"=c:\program files\OO Software\CleverCache\ooccctrl.exe /tasktray
"rfagent"=c:\program files\RFA\rfagent.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"mspwr"=c:\windows\system32\PuXpMan2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Panasonic\\TrapMonitor\\Trapmnnt.exe"=
"c:\\Program Files\\Panasonic\\Panasonic-DMS\\LRecvTrap\\LRecvTrap.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [22.10.2008 21:08 40368]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [31.3.2009 7:43 206256]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.10.2008 20:37 165456]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [27.9.2008 20:05 2944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.10.2008 20:37 17744]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1.1.1980 200192]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [6.11.2008 21:00 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [6.11.2008 21:00 19392]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 mailKmd;mailKmd; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [25.2.2009 10:53 42304]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest\everesthome_build_0466\kerneld.wnt [15.8.2008 16:49 11520]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [2.4.2008 12:43 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [2.4.2008 12:43 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [2.4.2008 12:43 65152]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [11.4.2005 18:40 2343]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [1.4.2010 18:34 89256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [1.4.2010 18:34 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [1.4.2010 18:34 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [1.4.2010 18:34 115752]
S4 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2.2.2009 20:21 717320]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.4.2008 21:32 30192]
S4 gupdate1c9875b5822512c;Google Update Service (gupdate1c9875b5822512c);c:\program files\Google\Update\GoogleUpdate.exe [5.2.2009 7:31 133104]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4.11.2008 21:25 712048]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4.11.2008 21:25 712048]
S4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360SRV.EXE [2.10.2009 12:46 309008]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8.6.2008 20:51 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{16B0BFEF-9CD8-45B3-9954-8A3C34B7DF5D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: szn.cz\login
Trusted Zone: vfn.cz\access
Trusted Zone: vfn.cz\webaccess
FF - ProfilePath - c:\documents and settings\Ejem\Data aplikací\Mozilla\Firefox\Profiles\lbzvp0qv.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-PCMService - c:\program files\Arcade\PCMService.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
MSConfigStartUp-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 17:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest\everesthome_build_0466\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,d2,f9,2b,2d,21,7c,46,b5,d0,8c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,d2,f9,2b,2d,21,7c,46,b5,d0,8c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,d2,f9,2b,2d,21,7c,46,b5,d0,8c,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="01153BC86F68F3043B1B6E54A091FD04BFC18BC40DE7BF3123335D64CBB1B61F67271420A1810ABE89A4FE5D7AC1683C715A8DDE39CEB76819F6B4BBCEA4173B9B260B682B152EE0068C474CF515CDD9F85D8A62A194E129A078F3F9BE6B30107AA48C763155EADFE6CAFCA426F58DD50BCC1A2664FA130D0D6339E667C26EF913175C9F4D946378973D266F8FF1A16D900F288314EAB7F26346F5CB08885197A5D490408B4E4CAB38261FB92DBB12A1A6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B555245E4364A6E8DE0387ECD04E7522F2F0835586F6EF67C0E5E3F3F61E6914CD90D49BA8C04E38CC2E24CC688F377CF673903B30C3FCD1FD3BB2ADA336E7F10D0D671C8B4B662ECFF3D732F834D99397A18C116176EED6865F896CDA4A8A99CED88BEDE04BC27883AB3EF22AEC6A6871CD9610904A2A6E934336700748AC1A0F2056751F7956D6C15ED2B5A25F9512DE0238C4B5F4B4A2A28D65C98F0F4D900CC84067C2823AA1AA4EF87690A5ABBA837A5910CF9C399477972B5EE5718F33C8E5A5CFCB86AC3FA36E740623CE25A1C2A7CA255F5C87F517EE7FE8FA3ABD498CC3460D3C1D8C2ED4647086105C1B97462E3D8EEAC1130ECB533DF5452342B063E048519D4C5F00290EF8F00FC4CA03FA66C7A87C52F0B9A4BD25E8415CADD71BEEB1A5F9934ED8D1790011DD7196DE135D6324A0045CE772545875EA8A33C4C75670E16262A772426B5A063C40053A82537006E8C1361A4BF65F27C6462C0E41AFD4B6E89D591C335A42436F033EB483BBB0A66D6A7EE88BB5A6DA5B1B1260A0C992A62720FA3421725491400111879140CBB2C3D0DE7F4E56FC43B30886FCC5284307B735C3314B12120D7A73EF7B6F3D492B8D3C9F9D78521464DC03CC37D4806285B91E121C35CE61246F08F0EEA24319E5E8683215AED7851AE9724E78353D4F1E51916413296E0C9A73614CD372978D0AFE84284FDA494C11F23314BB117ED0A42736E24632EC3E0A5F95E1316CB05D16F631B7C5ABB947CA9195D01256930E40642A547B9F7A89DB8F2EB121E33D2358FE88BD881374B91D645C579E3B0793EB3CFDA58C07F9E4D1652AE3526A1D5C774913B7B9C8764B330EC09E9B348FD1F45FB7E8E5C082A77E457AC0855D636CEB8B52C81344F18709356E44537D9E9C0006CFD188676111CA9705B51255DA18827EB7B75E45CB5DF18585072797552D02ECB3B98A5B14C071C825D662B7FE8C5BE0A96FF94E1DA092AB994B8B420B1F4753449D16C14FBD02C92858F4277FD56C73047FDA253309645CB39709874873ED7C551E66037AF0618F4F94DB8CC2677D7C961B07539131B64DCD1AB9B1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2010-08-12 18:04:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-12 16:04

Před spuštěním: Volných bajtů: 18 003 886 080
Po spuštění: Volných bajtů: 17 872 224 256

- - End Of File - - 3431C9AFE8E8B948D21DC8886B2C253D

[Rudy]

Zde toho bylo víc, ale CF vše smazal. Zbytek logu vypadá čistý.

[Siban]

Vypadá to dobře, funguje normálně. Ještě jednou díky.

[Rudy]

Rádo se stalo!