Prosím o kontrolu logu.

[motji]

otestujte na www.virustotal.com
C:\WINDOWS\System32\drivers\dwshd.sys

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky


zkoušela jste ten postup z tohoto odkazu?
http://www.utorrent.cz/help/half-open.php

[Yanina]

Dobrý den.Nejde mi to otestovať, súbor nebol nalezen.Zmenila som ten počet limitov na 100.Teraz chcem úplne odinštalovať mozillu, nod32, lebo nejak blbnú, treba ich ukončovať pri reštart/vyp a aj utorrent, ak tam ešte zostali nejaké jeho fragmenty.Ešte by ma zaujímali tie bežiace procesy po štarte, alebo ako sa to volá, počítaču trvá veľmi dlho kým sa "rozbehne", nie že by to bol nejaký mladík, ale aj tak sa mi zdá, že mu to trvá nejako dlho.Ako to vyriešiť?

[motji]

Takže to pomohlo? Už jde internet rychleji?
Nod přeinstalujte, Mozzilu zatím nechte, je lepší než IE. A nevím jak Vy, ale než vypnu počítač, tak povypínám programy jako Mozilla, skype a pod, jinak to dlouho trvá.

Ještě pár věcí opravíme. Co chcete vypnout po startu:
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe


tohle bych Vám vypnula, aby se to nespouštěl po startu, jen když Vy budete chtít.

[Yanina]

Ja som to zásadné zabudla napísať, net stále zle..Teraz som skúšala "pingnúť" facebook, od 130 do 150 ms..ja som rozmýšlala, či to nebude nejakým scriptmi, alebo aj neviem, chcela som mozillu nakomplet zmazať a potom na novo nainštalovať, asi by to nepomohlo, len sa chytám slamky. :)Ano, ano, chela by som to vypnúť.

[motji]

Já se obávám že pomůže jen totální reinstal Podle toho co jsem našla, to měl dělal soubor, co jsme ho měnili, ale ten je vyměněný a problémy jsou pořád .
Napište mi co smažeme po tom startu, večer ještě kompletně dočistíme počítač, zkusíme opravu přes win xp manager a pokud to nepomůže, tak už nevím

[Yanina]

Zmažme všetko čo môžme. No, je to nemilé, čo už....

[motji]

U mozilly si uložte záložky, pokud nějaké máte
záložky - knihovna stránek - import a záloha

A pak přes Revo uninstaler odinstalujte Mozillu, pročištěte registry CCleanerem a Mozillu znovu nainstalujte.


Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[Yanina]

Ok, idem na to.

[Yanina]

Ok, idem na to.

[Yanina]

ComboFix 10-02-12.01 - Gretka 16.02.2010 20:16:46.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.103 [GMT 1:00]
Running from: c:\documents and settings\Gretka\Dokumenty\Preberanie\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-16 18:59 . 2010-02-16 18:59 16384 ----atw- c:\temp\Perflib_Perfdata_1584.dat
2010-02-16 18:59 . 2010-02-16 18:59 16384 ----atw- c:\temp\Perflib_Perfdata_1574.dat
2010-02-16 18:56 . 2010-02-16 18:56 16384 ----atw- c:\temp\Perflib_Perfdata_728.dat
2010-02-16 18:39 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-16 16:27 . 2010-02-16 16:27 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-16 16:27 . 2010-02-16 19:23 -------- d-----w- c:\temp\DriverAgent
2010-02-16 12:22 . 2010-02-16 19:23 -------- d-----w- c:\temp\plugtmp
2010-02-16 01:22 . 2010-02-16 19:23 -------- d-----w- c:\temp\Google Toolbar
2010-02-16 01:08 . 2010-02-16 01:09 -------- d-----w- c:\program files\trend micro
2010-02-16 01:08 . 2010-02-16 01:09 -------- d-----w- C:\rsit
2010-02-16 01:08 . 2010-02-16 01:08 -------- d-----w- c:\temp\Comodo
2010-02-15 20:20 . 2009-08-17 14:26 361600 ------w- C:\tcpip.sys
2010-02-15 20:20 . 2009-08-17 14:26 182656 ------w- C:\ndis.sys
2010-02-14 18:58 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\37670712.sys
2010-02-14 18:58 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3767071.sys
2010-02-14 18:58 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\37670711.sys
2010-02-14 17:47 . 2010-02-14 17:45 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-14 17:47 . 2010-02-14 17:45 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-14 17:47 . 2010-02-14 17:45 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-14 17:47 . 2010-02-14 17:45 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-14 17:46 . 2010-02-14 17:46 -------- d-----w- c:\program files\COMODO
2010-02-14 14:51 . 2010-02-14 14:51 -------- d-----w- c:\windows\ie8updates
2010-02-14 14:49 . 2010-02-14 14:49 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-02-14 12:55 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-14 12:55 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-14 12:53 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-14 12:50 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-14 12:50 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-14 12:48 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-14 12:48 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-02-14 12:48 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-02-14 12:48 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-02-14 12:48 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-02-14 12:48 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-02-14 12:48 . 2009-06-25 08:27 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-02-14 12:48 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-14 12:47 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-02-14 12:47 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-14 12:43 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-14 12:37 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-13 14:52 . 2010-02-13 14:53 -------- d-----w- c:\program files\Ultimate Process Manager
2010-02-13 00:39 . 2010-02-13 00:39 -------- d-----w- c:\program files\Languages
2010-02-13 00:39 . 2010-02-13 00:39 -------- d-----w- c:\program files\Helps
2010-02-12 22:46 . 2010-02-16 18:39 -------- d-----w- c:\program files\VS Revo Group
2010-02-11 22:23 . 2010-02-11 22:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-11 22:23 . 2010-02-11 22:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-11 22:23 . 2010-02-11 22:23 -------- d---a-w- c:\windows\logo_1.exe
2010-02-11 22:21 . 2010-02-11 22:21 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-11 15:14 . 2010-02-11 15:14 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-02-11 15:14 . 2010-02-11 15:14 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-02-10 00:56 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 00:56 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 00:56 . 2010-02-10 00:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 21:41 . 2010-01-28 17:42 -------- d-----w- c:\program files\SopCast
2010-01-27 19:29 . 2010-01-27 19:30 -------- dc-h--w- c:\windows\ie8
2010-01-20 20:59 . 2010-01-20 21:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-20 20:58 . 2010-01-20 20:59 -------- d-----w- c:\program files\Quick Hit
2010-01-20 20:55 . 2010-01-20 21:00 -------- d--h--w- c:\program files\Zero G Registry
2010-01-20 20:55 . 2010-01-20 20:55 -------- d-----w- c:\program files\Quick Hit Football
2010-01-20 20:55 . 2010-01-20 20:55 -------- d--h--w- c:\documents and settings\Gretka\InstallAnywhere

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 12:40 . 2003-04-16 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-15 01:44 . 2006-01-11 07:53 -------- d-----w- c:\program files\ESET
2010-02-14 15:24 . 2003-04-16 12:00 90526 ----a-w- c:\windows\system32\perfc005.dat
2010-02-14 15:24 . 2003-04-16 12:00 452932 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 15:19 . 2008-09-03 05:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-14 14:45 . 2010-02-14 14:45 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2010-02-13 17:55 . 2006-01-10 07:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 00:34 . 2006-01-10 07:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 22:37 . 2006-01-10 08:11 -------- d-----w- c:\program files\Java
2010-02-11 19:00 . 2008-01-08 08:01 -------- d-----w- c:\program files\Opera
2010-02-09 22:04 . 2006-01-10 07:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-27 22:05 . 2006-01-10 08:11 -------- d-----w- c:\program files\Common Files\Java
2010-01-17 19:42 . 2006-01-10 08:08 -------- d-----w- c:\program files\Advanced Disk Catalog
2010-01-14 20:18 . 2010-01-14 20:18 1124 ----a-w- c:\windows\system32\ezdigsgn.dat
2010-01-14 18:55 . 2010-01-14 18:55 -------- d-----w- c:\program files\Common Files\Skype
2010-01-14 18:55 . 2006-09-23 15:18 -------- d-----r- c:\program files\Skype
2010-01-13 21:14 . 2006-01-12 21:49 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-13 21:14 . 2006-01-10 07:55 -------- d-----w- c:\program files\Ahead
2010-01-09 21:56 . 2010-01-05 17:17 -------- d-----w- c:\program files\Sandboxie
2009-12-31 16:50 . 2003-04-16 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 13:26 . 2006-01-10 08:06 -------- d-----w- c:\program files\Winamp
2009-12-21 19:08 . 2003-04-16 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 16:14 . 2008-12-04 16:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 07:42 . 2006-01-09 14:03 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-04 18:22 . 2003-04-16 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 16:09 . 2003-04-16 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2003-04-16 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2003-04-16 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2001-10-24 12:24 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2003-04-16 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2004-03-11 12:27 . 2008-01-12 11:31 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2010-02-16 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2009-08-17 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-04-05 26624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-22 122880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-14 1800464]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Gretka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AvRack\\rtlrack.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3902:TCP"= 3902:TCP:*:Disabled:SopClient
"3902:UDP"= 3902:UDP:*:Disabled:sopcast.exe
"3903:TCP"= 3903:TCP:*:Disabled:sop

R0 37670712;37670712 Boot Guard Driver;c:\windows\system32\drivers\37670712.sys [14.2.2010 19:58 37392]
R1 37670711;37670711;c:\windows\system32\drivers\37670711.sys [14.2.2010 19:58 128016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [14.2.2010 18:47 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [14.2.2010 18:47 25160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 cpuz132;cpuz132;\??\c:\temp\cpuz132\cpuz132_x32.sys --> c:\temp\cpuz132\cpuz132_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [16.2.2010 17:27 23456]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [16.2.2010 19:39 27064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2006 17:50 717296]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{7e6a20fb-153f-402c-a84b-1a64e1955d3d} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{cc963627-b1dc-40e0-b52a-cf21ee748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{cc963627-b1dc-40e0-b52a-cf21ee748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{cc963627-b1dc-40e0-b52a-cf21ee748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{cc963627-b1dc-40e0-b52a-cf21ee748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Gretka\Data aplikací\Mozilla\Firefox\Profiles\50rimjrn.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 20:24
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1960408961-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-117609710-1960408961-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-117609710-1960408961-725345543-1003)
@Allowed: (Read) (S-1-5-21-117609710-1960408961-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3656)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-16 20:28:08
ComboFix-quarantined-files.txt 2010-02-16 19:28

Pre-Run: Volných bajtů: 39 419 678 720
Post-Run: Volných bajtů: 39 389 663 232

- - End Of File - - 79562B21E89E44BC1A20E262AAADDB1C

[motji]

Znáte ArcSoft Connection Service? Můžu to odstranit ze spouštění po startu?

[Yanina]

Nepoznám to.Kludne odstánte všetko čo sa odstrániť može.

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Restore::
c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=-
"ISUSScheduler"=-
"ArcSoft Connection Service"=-
"SunJavaUpdateSched"=-
"Google Quick Search Box"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"=-
"swg"=-
"WMPNSCFG"=-

File::
C:\Documents and Settings\Gretka\Nabídka Start\ProgramyC:\Documents and Settings\Gretka\Nabídka Start\Programy\Po spuštění\_uninst_setup_9.0.0.722_14.02.2010_19-27.exe.lnk
C:\Temp\_uninst_setup_9.0.0.722_14.02.2010_19-27.exe.bat
C:\WINDOWS\VDLL.DLL
C:\WINDOWS\RUNDL132.EXE
C:\WINDOWS\logo_1.exe
C:\WINDOWS\system32\eEmpty.exe
C:\mwav.exe.dlm
C:\Resume download for mwav.exe.html
C:\WINDOWS\system32\DRIVERS\37670711.sys
C:\WINDOWS\system32\DRIVERS\37670712.sys
C:\WINDOWS\System32\drivers\dwshd.sys

Driver::
dwshd
37670711
37670712

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Jděte přes Start –spustit – napište – services.msc – ok – najít službu
Google Software Updater
Bonjour Service
- Klikněte na ni pravým myšítkem, zvolte vlastnosti,na další kartě nejprve službu zastavte tlačítkem zastavit, a u položky Typ spouštění zvolit Zakázáno

Kdybych Vám odstranila něco, co potřebujete, tak si to prosím přeinstalujte .

[Yanina]

Chápem čo je všetko, ale aj toto? To je to, čo sme včera inštalovali, však?
c:\windows\system32\drivers\tcpip.sys

[motji]

Zkusíme to znovu vyměnit