Prosím o kontrolu - pomalé PC dcery

[Konrád]

Tak konečně to dojelo až do vytvoření logu:

ComboFix 11-04-07.08 - Míla 08.04.2011 19:09:51.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.447.225 [GMT 2:00]
Spuštěný z: c:\documents and settings\Míla\Plocha\Beruska.com
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Míla\Data aplikací\facemoods.com
c:\documents and settings\Míla\Data aplikací\PriceGong
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Míla\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\Míla\WINDOWS
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.8.1\uninstall.exe
c:\windows\daemon.dll
c:\windows\system32\midas.dll
c:\windows\system32\system.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-08 do 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-08 17:03 . 2011-04-08 17:03 -------- d-----w- c:\windows\LastGood
2011-04-07 17:21 . 2011-04-07 17:21 -------- d-----w- c:\documents and settings\Míla\Local Settings\Data aplikací\ESET
2011-04-07 17:21 . 2011-04-07 17:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-04-07 10:16 . 2011-04-07 10:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\clp
2011-04-07 10:14 . 2011-04-07 10:14 -------- d-----w- c:\program files\Common Files\Common Toolkit Suite
2011-04-07 10:14 . 2011-04-07 10:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Common Toolkit Suite
2011-04-07 10:12 . 2011-04-07 10:14 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{D81057B4-29EC-41EB-A123-4E4E49873404}
2011-04-07 10:12 . 2011-04-07 10:12 -------- d-----w- c:\documents and settings\Míla\Data aplikací\Fighters
2011-04-07 10:12 . 2011-04-07 10:12 -------- d-----w- c:\documents and settings\Míla\Local Settings\Data aplikací\PackageAware
2011-03-19 10:50 . 2010-02-02 13:19 1761128 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll
2011-03-19 10:50 . 2010-02-02 13:19 539496 ----a-w- c:\windows\system32\hpinksts8711.dll
2011-03-19 10:50 . 2010-02-02 13:19 272744 ----a-w- c:\windows\system32\hpinksts8711LM.dll
2011-03-19 10:50 . 2010-02-02 13:19 201728 ----a-w- c:\windows\system32\hpinkcoi8711.dll
2011-03-19 10:48 . 2011-03-19 10:48 -------- d-----w- c:\documents and settings\Míla\Local Settings\Data aplikací\HP
2011-03-16 14:02 . 2011-03-16 14:02 -------- d-----w- c:\program files\AVAST Software
2011-03-16 14:01 . 2011-04-07 14:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2007-01-22 09:38 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-01-22 09:38 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:55 . 2011-03-26 18:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-09-17 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-09-17 13:42 2736736 ----a-w- c:\program files\DVDVideoSoft\tbDVD1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-09-17 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-09-17 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-10-09 107864]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2006-03-23 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-24 274608]
"SWPROguard"="c:\program files\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-12-24 983688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-7-25 155648]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SRS - Street Racing Syndicate\\Bin\\SRS.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13836:TCP"= 13836:TCP:BitComet 13836 TCP
"13836:UDP"= 13836:UDP:BitComet 13836 UDP
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [24.9.2008 17:07 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [24.9.2008 17:07 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.6.2008 20:13 717296]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 AV Engine Scanning Service;AV Engine Scanning Service;c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe [24.12.2010 14:45 797848]
S2 AV Watch Service;AV Watch Service;c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe [24.12.2010 14:45 93328]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [14.4.2010 17:02 238952]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.11.2010 15:14 136176]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.11.2008 19:31 246520]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [24.12.2010 15:01 1141896]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [24.12.2010 14:45 10264]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [14.4.2010 17:02 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [14.4.2010 17:02 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [14.4.2010 17:02 121856]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-03 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-02-02 10:15]
.
2011-04-02 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-02-02 10:15]
.
2011-04-02 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-02-02 10:15]
.
2011-04-07 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-02-02 10:15]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 13:13]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 13:13]
.
2011-04-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-651377827-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-04-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-651377827-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=wtii5rw
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Míla\Data aplikací\Mozilla\Firefox\Profiles\z1ajjuz4.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodsTlbr.dll
HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-NPSStartup - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.8.1\uninstall.exe
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-Pizza Syndicate - c:\pizza syndicate\AUTORUN.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 19:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Watch Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Watch Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
Celkový čas: 2011-04-08 19:22:14
ComboFix-quarantined-files.txt 2011-04-08 17:21
.
Před spuštěním: 4 779 462 656
Po spuštění: 4 821 364 736
.
- - End Of File - - FBF1596159C3E6A127E90C97161C5187

[vyosek]

Odinstalujte SPYWAREfighter - neni to kvalitni bezp. program - po ukoceni leceni tam dame neco lepcejsiho

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  DirLook::
  C:\Documents and Settings\All Users\Data aplikací\{D81057B4-29EC-41EB-A123-4E4E49873404}
  
  Folder::
  c:\program files\SweetIM\Toolbars
  c:\program files\ICQ6Toolbar
  
  Driver::
  gupdate
  ICQ Service
  
  File::
  c:\program files\DVDVideoSoft\tbDVD1.dll
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725345543-651377827-839522115-1004.job
  C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-651377827-839522115-1004.job
  C:\WINDOWS\tasks\SLOW-PCfighter.job
  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
  "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"=-
  "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"=-
  "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "pdfSaver3"=-
  "PcSync"=-
  "AutoStartNPSAgent"=-
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NeroFilterCheck"=-
  "WinampAgent"=-
  "HP Software Update"=-
  "SunJavaUpdateSched"=-
  "PCSuiteTrayApplication"=-
  "DAEMON Tools-1033"=-
  "SweetIM"="-
  "TkBellExe"=-
  "SWPROguard"=-
  
  DDS::
  uStart Page = hxxp://start.facemoods.com/?a=wtii5rw
  mStart Page = hxxp://home.sweetim.com
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Míla\Data aplikací\Mozilla\Firefox\Profiles\z1ajjuz4.default\
  FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Konrád]

Tak poté, co jsem spustil Combofix, začal chvíli nabíhat, následně zčernala obrazovka a po dost dlouhé chvíli PC zrestartoval, naběhl, ale log nevypadl PC sice stále něco chroupe, ale u kurzoru žádné přesýpací hodiny. Mám stále čekat na log?

[vyosek]

Dejte mu jeste aspon 15 minut, je videt to okynko ComboFixu? Psal neco o tom ze pripravuje log?

[Konrád]

Právě že to okýnko Combofixu naběhlo jen na chvíli, stačil jen dát hlášku o přípravě nového bodu obnovení, ale než došlo na přípravu logu, zčernalo to, zrestartovalo, naběhlo ale po restartu už po okýnku CF ani stopa.

[Konrád]

Ještě mě napadlo jestli se po restartu znovu neaktivoval NOD32 a nemohlo to mít vliv.

[vyosek]

NOD by na to uz mit vliv nemel..

Restartujte PC opet do nouzoveho rezimu a pujdeme na to mazani jinak - CFko s Vasim PC jaksi nekamaradi

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
  "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"=-
  "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"=-
  "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "pdfSaver3"=-
  "PcSync"=-
  "AutoStartNPSAgent"=-
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NeroFilterCheck"=-
  "WinampAgent"=-
  "HP Software Update"=-
  "SunJavaUpdateSched"=-
  "PCSuiteTrayApplication"=-
  "DAEMON Tools-1033"=-
  "SweetIM"="-
  "TkBellExe"=-
  "SWPROguard"=-
  
  :services
  gupdate
  ICQ Service
  
  :files
  c:\program files\SweetIM\Toolbars
  c:\program files\ICQ6Toolbar
  c:\program files\DVDVideoSoft\tbDVD1.dll
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725345543-651377827-839522115-1004.job
  C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-651377827-839522115-1004.job
  C:\WINDOWS\tasks\SLOW-PCfighter.job
  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  C:\WINDOWS\tasks\At*.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[Konrád]

Začalo to pracovat, ale pak to nějak zamrzlo. V pravém poli jsou nějaké výsledky ale teď to nic nedělá a k restartu mne nic nevybízí...

[Konrád]

Možná, že to již doběhlo do konce (nad seznamem výsledků je anglicky napsáno, že všechny procesy byly "vyvražděny" )
Mám OTM ukončit? (EXITem)

[vyosek]

Ne to je jen zacatek...ted by mel teprve pracovat...pokud nic, tak restart PC do normalniho rezimu a snad to pujde tam...

[Konrád]

Dnes budu muset končit, ozval bych se zase zítra. Zatím to vypadá na tvrdé vypnutí PC. Uvidím jak to pojede po najetí do normálního stavu. Prozatím děkuji.

[Konrád]

Jen bych vás ještě poprosil o sdělení, zda tvrdým vypnutím něco nepošpatním. Děkuji.

[vyosek]

Spise nez vypnuti je doporucen restart - neni to moc koser ale tak nic jineho nezbyva...

Ja budu bohuzel dnes cely den mimo, budu tu az vecer...

[Konrád]

Tak ani v normálním režimu to log nevyplivlo. Nevěděl jsem, jestli jsem nebyl moc netrpělivý a neukončil jsem to předčasně, tak jsem to nechal běžet, ale ani po 2 hodinách nebyl jiný výsledek. V pravém panelu 8 výsledků a pak už nic.

Jinak jenom pro úplnost - po startu se nyní objevuje chybová hláška:

C/:WINDOWS/daemon.dll

Po kliknutí na "OK" normálně nabíhá.

[vyosek]

Dejte mi prosim novy log z RSIT, uvidime co vse CFko a OTM udelali...