VIRY.CZ

ComboFix 11-03-01.03 - Tomášek a Marcelka 02.03.2011 17:53:17.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2039.1114 [GMT 1:00]
Spuštěný z: c:\users\Tomášek a Marcelka\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Tomášek a Marcelka\AppData\Local\localesentCMP
c:\windows\ST6UNST.000
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-02 do 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-03-02 17:00 . 2011-03-02 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 15:08 . 2011-03-01 15:08 -------- d-----w- C:\_OTL
2011-03-01 14:51 . 2011-03-01 14:56 -------- d-----w- C:\UsbFix
2011-03-01 10:35 . 2011-03-01 10:40 -------- d-----w- c:\program files\trend micro
2011-03-01 10:35 . 2011-03-01 10:36 -------- d-----w- C:\rsit
2011-03-01 06:55 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4045898B-CD37-423C-9A46-EE6512C4A52B}\mpengine.dll
2011-02-23 08:30 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-23 08:30 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-23 08:30 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-23 08:30 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-23 08:30 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-23 08:30 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-23 08:30 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-23 08:30 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-02-23 08:30 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-02-23 08:30 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-02-23 08:30 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-02-23 08:30 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-02-23 08:29 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-02-23 08:29 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-23 08:29 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-23 08:29 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-23 08:29 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-23 08:29 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-23 08:29 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-21 20:38 . 2011-02-21 20:51 66532 ----a-w- C:\config.bin
2011-02-20 09:15 . 2011-02-20 09:15 2347 ----a-w- c:\windows\system32\WdiSHost.exe
2011-02-19 09:20 . 2011-02-19 09:20 -------- d-----w- c:\program files\Tibor
2011-02-19 09:05 . 2011-02-21 19:44 -------- d-----w- c:\program files\Paint.NET
2011-02-17 17:03 . 2011-02-17 17:04 -------- d-----w- c:\program files\Heroes of Hellas 2 Olympia
2011-02-15 16:11 . 2011-02-15 16:11 -------- d-----w- c:\programdata\Big Fish Games
2011-02-12 14:07 . 2011-02-12 14:56 -------- d-----w- c:\program files\Harry Potter and The Goblet of Fire
2011-02-09 23:50 . 2011-02-12 14:11 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Local\Electronic Arts
2011-02-09 18:12 . 2011-02-12 14:58 -------- d-----w- c:\program files\Electronic Arts
2011-02-04 16:39 . 2011-02-04 16:40 -------- d-----w- c:\program files\ICQ7.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 14:56 . 2011-03-01 14:56 442056 ----a-w- C:\UsbFix_Upload_Me_HORÁKOVO.zip
2011-02-02 16:11 . 2009-10-03 16:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-14 14:44 . 2011-01-14 14:44 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-30 21:03 . 2010-12-30 21:05 720896 ----a-w- c:\windows\iun6002ev.exe
2010-12-28 15:55 . 2011-01-11 20:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-21 14:04 . 2010-12-21 14:04 137144 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-12-21 14:04 . 2010-12-21 14:04 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-12-21 12:47 . 2010-12-21 12:47 95384 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-12-18 21:41 . 2007-10-19 23:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-18 18:53 . 2007-08-09 18:31 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-14 14:49 . 2011-01-11 20:03 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-03 23:29 . 2010-01-02 20:10 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-12-03 23:29 . 2010-01-02 20:10 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-12-03 23:29 . 2010-01-02 20:10 12067 ----atw- c:\windows\system32\SIntf16.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunMMD]
2009-11-13 10:24 49152 ----a-w- c:\program files\Mio\MMD2\RunMMD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup]
2010-12-18 04:47 13312 ----a-w- c:\windows\System32\msfeedssync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-13 717296]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-20 507136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2011-01-06 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2011-01-31 11:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page =
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: {8B69AFF1-A684-4EE2-B2C1-43291F41029B} = 10.255.255.10,10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-KeepSake SK - c:\program files\Wicked Studios\Keepsake\Uninstall KeepSake_sK.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 18:01
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2419466016-3890592263-3983030451-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e6,94,6e,fd,4c,54,ad,dd,08,04,84,89,86,42,05,30,7d,21,aa,69,82,cd,95,
c8,67,5d,2b,a3,9f,dc,e0,88,45,3e,1d,72,b4,de,db,fd,f3,90,43,7a,cb,41,b8,9f,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-2419466016-3890592263-3983030451-1000\Software\SecuROM\License information*]
"datasecu"=hex:16,2f,08,6b,84,41,0b,12,2e,b5,62,fe,76,51,49,95,50,38,64,fd,e7,
1f,09,72,52,b4,36,71,cf,65,79,e8,cc,a2,4c,c9,80,69,6f,5e,86,e0,c2,39,eb,ba,\
"rkeysecu"=hex:b4,ab,45,e7,e2,bb,82,26,83,fc,92,bd,ab,01,4d,72

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-03-02 18:04:12
ComboFix-quarantined-files.txt 2011-03-02 17:03

Před spuštěním: Volných bajtů: 149 918 670 848
Po spuštění: Volných bajtů: 149 902 970 880

- - End Of File - - 6CDA653C035CEF1980D5B867630F0CD2

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

RegLock::
[HKEY_USERS\S-1-5-21-2419466016-3890592263-3983030451-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 11-03-02.04 - Tomášek a Marcelka 03.03.2011 10:23:47.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2039.1239 [GMT 1:00]
Spuštěný z: c:\users\Tomášek a Marcelka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tomášek a Marcelka\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-02-03 do 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-03-03 09:31 . 2011-03-03 09:34 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Local\temp
2011-03-03 09:31 . 2011-03-03 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 15:08 . 2011-03-01 15:08 -------- d-----w- C:\_OTL
2011-03-01 14:51 . 2011-03-01 14:56 -------- d-----w- C:\UsbFix
2011-03-01 10:35 . 2011-03-01 10:40 -------- d-----w- c:\program files\trend micro
2011-03-01 10:35 . 2011-03-01 10:36 -------- d-----w- C:\rsit
2011-03-01 06:55 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4045898B-CD37-423C-9A46-EE6512C4A52B}\mpengine.dll
2011-02-23 08:30 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-23 08:30 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-23 08:30 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-23 08:30 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-23 08:30 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-23 08:30 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-23 08:30 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-23 08:30 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-02-23 08:30 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-02-23 08:30 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-02-23 08:30 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-02-23 08:30 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-02-23 08:29 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-02-23 08:29 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-23 08:29 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-23 08:29 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-23 08:29 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-23 08:29 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-23 08:29 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-21 20:38 . 2011-02-21 20:51 66532 ----a-w- C:\config.bin
2011-02-20 09:15 . 2011-02-20 09:15 2347 ----a-w- c:\windows\system32\WdiSHost.exe
2011-02-19 09:20 . 2011-02-19 09:20 -------- d-----w- c:\program files\Tibor
2011-02-19 09:05 . 2011-02-21 19:44 -------- d-----w- c:\program files\Paint.NET
2011-02-17 17:03 . 2011-02-17 17:04 -------- d-----w- c:\program files\Heroes of Hellas 2 Olympia
2011-02-15 16:11 . 2011-02-15 16:11 -------- d-----w- c:\programdata\Big Fish Games
2011-02-12 14:07 . 2011-02-12 14:56 -------- d-----w- c:\program files\Harry Potter and The Goblet of Fire
2011-02-09 23:50 . 2011-02-12 14:11 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Local\Electronic Arts
2011-02-09 18:12 . 2011-02-12 14:58 -------- d-----w- c:\program files\Electronic Arts
2011-02-04 16:39 . 2011-02-04 16:40 -------- d-----w- c:\program files\ICQ7.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 14:56 . 2011-03-01 14:56 442056 ----a-w- C:\UsbFix_Upload_Me_HORÁKOVO.zip
2011-02-02 16:11 . 2009-10-03 16:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-14 14:44 . 2011-01-14 14:44 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-30 21:03 . 2010-12-30 21:05 720896 ----a-w- c:\windows\iun6002ev.exe
2010-12-28 15:55 . 2011-01-11 20:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-21 14:04 . 2010-12-21 14:04 137144 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-12-21 14:04 . 2010-12-21 14:04 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-12-21 12:47 . 2010-12-21 12:47 95384 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-12-18 21:41 . 2007-10-19 23:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-18 18:53 . 2007-08-09 18:31 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-14 14:49 . 2011-01-11 20:03 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-03 23:29 . 2010-01-02 20:10 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-12-03 23:29 . 2010-01-02 20:10 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-12-03 23:29 . 2010-01-02 20:10 12067 ----atw- c:\windows\system32\SIntf16.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunMMD]
2009-11-13 10:24 49152 ----a-w- c:\program files\Mio\MMD2\RunMMD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup]
2010-12-18 04:47 13312 ----a-w- c:\windows\System32\msfeedssync.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-13 717296]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-20 507136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2011-01-06 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2011-01-31 11:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page =
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: {8B69AFF1-A684-4EE2-B2C1-43291F41029B} = 10.255.255.10,10.255.255.20
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-03 10:36
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2419466016-3890592263-3983030451-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e6,94,6e,fd,4c,54,ad,dd,08,04,84,89,86,42,05,30,7d,21,aa,69,82,cd,95,
c8,67,5d,2b,a3,9f,dc,e0,88,45,3e,1d,72,b4,de,db,fd,f3,90,43,7a,cb,41,b8,9f,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-2419466016-3890592263-3983030451-1000\Software\SecuROM\License information*]
"datasecu"=hex:16,2f,08,6b,84,41,0b,12,2e,b5,62,fe,76,51,49,95,50,38,64,fd,e7,
1f,09,72,52,b4,36,71,cf,65,79,e8,cc,a2,4c,c9,80,69,6f,5e,86,e0,c2,39,eb,ba,\
"rkeysecu"=hex:b4,ab,45,e7,e2,bb,82,26,83,fc,92,bd,ab,01,4d,72
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-03 10:41:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-03 09:41
ComboFix2.txt 2011-03-02 17:04

Před spuštěním: Volných bajtů: 148 217 081 856
Po spuštění: Volných bajtů: 148 127 952 896

- - End Of File - - 6E2DE958C4D2107DE2F26552D84FE0A5

Log vypada cisty, jak se chova PC

Zdravím, kamarád to ještě pomocí nějakého prográmku vyčistil a zdá se, že je vše ok. Díky moc, díky, díky

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Počítač se seká, je pomalý

Re: Počítač se seká, je pomalý

Re: Počítač se seká, je pomalý

Re: Počítač se seká, je pomalý

Re: Počítač se seká, je pomalý

Re: Počítač se seká, je pomalý

Re: Počítač se seká, je pomalý