VIRY.CZ

Už dva dny mám těžké problémy s PC, po naběhnutí Windows, respektivě po přihlášení do systému se celý počítač kousne -když je připojen k síti tak jednou ze dvou případů a když není tak vždycky- a už se s ním nedá nic dělat. Když se mi už konečně podaří se na účet dosta chvíli jede tak pětinovou rychlostí a potom se zcela nečekaně kousne po jakémkoliv kliknutí. Pokoušel jsem se udělat logy (HijackThis, ComboFix a UPM) ale všichni zamrzli během procesu...
Pokusím se ještě o ty logy ale kdyby se to nepovedlo, nevíte někdo co s tim ??

zdravím

pokuste se alespoň jeden log udělat v nouzovém režimu

Log se podařil (UPM) ztde je:

Windows XP SP 3 (build 2600)
Boot Mode: Safe
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 16. 5. 2010 15:38:24
================================================================

SmallARK
================================================================
[?]NtCreateKey -> spne.sys
[?]NtEnumerateKey -> spne.sys
[?]NtEnumerateValueKey -> spne.sys
[?]NtOpenKey -> spne.sys
[?]NtQueryKey -> spne.sys
[?]NtQueryValueKey -> spne.sys
[?]NtSetValueKey -> spne.sys

Běžící procesy
================================================================

Scanner
================================================================
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

Po spuštění
================================================================

HKCU Run
|_ [X][Raptr] D:\PROGRA~1\Raptr\RaptrStub.exe --startup (Soubor nenalezen)
|_ [R][Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
|_ [R][ICQ] D:\Program Files\ICQ 6.5\ICQ6.5\ICQ.exe silent
|_ [?][MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe
|_ [R][DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun
|_ [?][Hobbyist Software On-Off Helper] D:\Program Files\Off-Helper\Off-Helper.exe /server
|_ [?][M5T8QL3YW3] C:\DOCUME~1\Hokage\Local Settings\Temp\Qrl.exe

HKLM Run
|_ [X][DesktopMechanic] (Soubor nenalezen)
|_ [X][SigmatelSysTrayApp] sttray.exe (Soubor nenalezen)
|_ [?][TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
|_ [S][IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
|_ [?][MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
|_ [S][PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
|_ [S][PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
|_ [?][StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
|_ [?][SsAAD.exe] D:\PROGRA~1\SonicStage\SsAAD.exe
|_ [?][My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MyWebSearch\bar\1.bin\m3SrchMn.exe /m=2 /w /h
|_ [?][MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe
|_ [?][QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM Winlogon Notify
|_ [?][AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll

Po spuštění
|_ [?][CurseClientStartup.ccip] C:\Documents and Settings\Hokage\Nabídka Start\Programy\Po spuštění\CurseClientStartup.ccip
|_ [?][OpenOffice.org 3.1.lnk] C:\Program Files\OpenOffice.org 3\program\quickstart.exe

Job
|_ [X][PCConfidential.job] C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Soubor nenalezen)
|_ [X][RegPowerClean.job] C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe (Soubor nenalezen)
|_ [X][RPCReminder.job] C:\Program Files\Winferno\RegistryPowerCleaner\RPCReminder.exe (Soubor nenalezen)
|_ [?][{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job] C:\DOCUME~1\Hokage\Local Settings\Temp\Qrl.exe
|_ [?][{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job] C:\DOCUME~1\Hokage\Local Settings\Temp\Qrl.exe

HKLM BHO
|_ [?][{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}] C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
|_ [X][{64182481-4F71-486b-A045-B233BD0DA8FC}] C:\Program Files\facemoods.com\facemoods\1.3.43.0\escort.dll (Soubor nenalezen)
|_ [?][{A3CF7606-E683-4375-A372-96B75DA0AEF7}] C:\Program Files\Get Styles\enlbrdr.dll
|_ [?][{aac4043a-8832-4abe-9963-35377f30b8e6}] C:\Program Files\Castle_Age\tbCast.dll

HKCU IE WebBrowser Toolbar
|_ [?][{AAC4043A-8832-4ABE-9963-35377F30B8E6}] C:\Program Files\Castle_Age\tbCast.dll

HKLM IE Toolbar
|_ [X][{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}] C:\Program Files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll (Soubor nenalezen)
|_ [?][{aac4043a-8832-4abe-9963-35377f30b8e6}] C:\Program Files\Castle_Age\tbCast.dll

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Ati HotKey Poller
|_ Cesta: C:\WINDOWS\system32\Ati2evxx.exe
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI External Event Utility EXE Module
| |_ MD5: 454DFDC3D40B777455846E749D3B49FF
|
|_ Jméno: Ati HotKey Poller
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:

[?] ATI Smart
|_ Cesta: C:\WINDOWS\system32\ati2sgag.exe
| |_ Výrobce:
| |_ Popis: ATI Smart
| |_ MD5: EF94E95E9D5366A88275FBB15E9D6E74
|
|_ Jméno: ATI Smart
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:

[X] Služba Google Update (gupdate)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: gupdate
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS

[X] Java Quick Starter
|_ Cesta: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: JavaQuickStarterService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] McciCMService
|_ Cesta: C:\Program Files\Common Files\Motive\McciCMService.exe
| |_ Výrobce: Motive Communications, Inc.
| |_ Popis: mcci+McciCMService
| |_ MD5: 4F74184920B2D6E33024409B4C5C57C1
|
|_ Jméno: McciCMService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS

[?] My Web Search Service
|_ Cesta: C:\PROGRA~1\MyWebSearch\bar\1.bin\mwssvc.exe
| |_ Výrobce: MyWebSearch.com
| |_ Popis: My Web Search Bar
| |_ MD5: 319F6520EEACE462C0FBFEB6AB400332
|
|_ Jméno: MyWebSearchService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency:

[X] SSHNAS
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: BE4A520E29B6391F49E79CCC52044D93
|
|_ ServiceDLL: C:\WINDOWS\system32\sshnas21.dll
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 79F915499B7B94744DF03BCC295644B4
|
|_ Jméno: SSHNAS
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Share Process
|_ Dependency:

Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Intel(R) PRO Network Connection Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\e100b325.sys
| |_ Výrobce: Intel Corporation
| |_ Popis: Intel(R) PRO/100 Adapter NDIS 5.1 driver
| |_ MD5: D57A8FC800B501AC05B10D00F66D127A
|
|_ Jméno: E100B
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] PxHelp20
|_ Cesta: C:\WINDOWS\System32\Drivers\PxHelp20.sys
| |_ Výrobce: Sonic Solutions
| |_ Popis: Px Engine Device Driver for Windows 2000/XP
| |_ MD5: DB3B30C3A4CDCF07E164C14584D9D0F2
|
|_ Jméno: PxHelp20
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] sptd
|_ Cesta: C:\WINDOWS\System32\Drivers\sptd.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: sptd
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (956) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (4) Systém 10.0.0.2:139 LISTENING
TCP (0) 10.0.0.2:1240 TIME_WAIT
TCP (0) 10.0.0.2:1260 TIME_WAIT
TCP (0) 10.0.0.2:1267 TIME_WAIT
TCP (0) 10.0.0.2:1268 TIME_WAIT
TCP (0) 10.0.0.2:1269 TIME_WAIT
TCP (0) 10.0.0.2:1270 TIME_WAIT
TCP (0) 10.0.0.2:1271 TIME_WAIT
TCP (0) 10.0.0.2:1283 TIME_WAIT
TCP (0) 10.0.0.2:1307 TIME_WAIT
TCP (0) 10.0.0.2:1309 TIME_WAIT
TCP (0) 10.0.0.2:1311 TIME_WAIT
TCP (0) 10.0.0.2:1312 TIME_WAIT
TCP (0) 10.0.0.2:1313 TIME_WAIT
TCP (0) 10.0.0.2:1321 TIME_WAIT
TCP (0) 10.0.0.2:1323 TIME_WAIT
TCP (0) 10.0.0.2:1325 TIME_WAIT
TCP (0) 10.0.0.2:1326 TIME_WAIT
TCP (0) 10.0.0.2:1327 TIME_WAIT
TCP (1896) firefox.exe 10.0.0.2:1331 <-> 74.125.39.102:80 ESTABLISHED
TCP (0) 10.0.0.2:1333 TIME_WAIT
TCP (0) 10.0.0.2:1335 TIME_WAIT
TCP (0) 10.0.0.2:1336 TIME_WAIT
TCP (0) 10.0.0.2:1337 TIME_WAIT
TCP (0) 10.0.0.2:1346 TIME_WAIT
TCP (0) 10.0.0.2:1347 TIME_WAIT
TCP (0) 10.0.0.2:1348 TIME_WAIT
TCP (0) 10.0.0.2:1354 TIME_WAIT
TCP (0) 10.0.0.2:1355 TIME_WAIT
TCP (1996) UPM.exe 10.0.0.2:1362 <-> 199.7.52.190:80 ESTABLISHED
TCP (1896) firefox.exe 127.0.0.1:1025 <-> 127.0.0.1:1026 ESTABLISHED
TCP (1896) firefox.exe 127.0.0.1:1026 <-> 127.0.0.1:1025 ESTABLISHED
TCP (1896) firefox.exe 127.0.0.1:1028 <-> 127.0.0.1:1029 ESTABLISHED
UDP (4) Systém 0.0.0.0:445 <-> 127.0.0.1:1028 ESTABLISHED
UDP (4) Systém 10.0.0.2:137
UDP (4) Systém 10.0.0.2:138

Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] stlport_vc7145.dll
|_ Cesta: C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
|_ MD5: 5440850A0F7EEC7531369E067B6DBE80
|_ Výrobce: STLport Consulting, Inc.
|_ Procesy
|_ explorer.exe (1584)

[?] shlxthdl.dll
|_ Cesta: C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
|_ MD5: E18BABDDC3371D7629386ACC9EC148B7
|_ Výrobce: Sun Microsystems, Inc.
|_ Procesy
|_ explorer.exe (1584)

[?] softokn3.dll
|_ Cesta: D:\Program Files\FireFox\softokn3.dll
|_ MD5: A87B04299A14747BBCBE8CB4147612C2
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1896)

[?] npmywebs.dll
|_ Cesta: C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
|_ MD5: 386B162572FF2E7EA05A6EF29C737FE9
|_ Výrobce: MyWebSearch.com
|_ Procesy
|_ firefox.exe (1896)

[?] m3plugin.dll
|_ Cesta: C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
|_ MD5: 2EFFABE3E2094FA5A869A896F4FD2349
|_ Výrobce: MyWebSearch.com
|_ Procesy
|_ firefox.exe (1896)

[?] nssdbm3.dll
|_ Cesta: D:\Program Files\FireFox\nssdbm3.dll
|_ MD5: 52D4D6EC27A57313AB9F90E242C3CFA4
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1896)

[?] freebl3.dll
|_ Cesta: D:\Program Files\FireFox\freebl3.dll
|_ MD5: 462E2F4886A0B389D4FDA12A15F8219A
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1896)

[?] f3htmlmu.dll
|_ Cesta: C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
|_ MD5: 61059F5398A9C44D7097BE901BB83096
|_ Výrobce: FunWebProducts.com
|_ Procesy
|_ firefox.exe (1896)

================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

pokuste se v nouzovém režimu stáhnout a spustit alespoň Combofix a log mi sem pak hoďte

hned to bude...

Hotovo...

ComboFix 10-05-15.03 - Hokage . 05. 2010 16:32:28.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.815 [GMT 2:00]
Spuštěný z: c:\documents and settings\Hokage\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100512-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\MyWebSearch\bar\1.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.htmlx
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0006E717
c:\program files\MyWebSearch\bar\Cache\0006F2EE
c:\program files\MyWebSearch\bar\Cache\00070973
c:\program files\MyWebSearch\bar\Cache\00070ACB.bin
c:\program files\MyWebSearch\bar\Cache\00070D4C.bin
c:\program files\MyWebSearch\bar\Cache\00070F11.bin
c:\program files\MyWebSearch\bar\Cache\000710B7.bin
c:\program files\MyWebSearch\bar\Cache\0007121E.bin
c:\program files\MyWebSearch\bar\Cache\000719B0
c:\program files\MyWebSearch\bar\Cache\010D1D9D.bin
c:\program files\MyWebSearch\bar\Cache\010D1F43.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Qlazua.exe
c:\windows\system32\detoured.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Service_MyWebSearchService
-------\Service_SSHNAS

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-16 do 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-13 14:48 . 2010-05-13 15:13 -------- d-----w- c:\program files\Ultimate Process Manager
2010-05-05 12:24 . 2010-05-05 12:24 -------- d-----w- c:\windows\Sun
2010-05-04 20:09 . 2010-05-04 20:09 -------- d-----w- c:\program files\Common Files\Java
2010-05-04 20:05 . 2010-05-04 20:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 20:05 . 2010-05-04 20:05 -------- d-----w- c:\program files\Java
2010-04-28 14:48 . 2010-04-28 14:48 -------- d-----w- c:\program files\Regensoft
2010-04-28 14:48 . 2010-04-28 14:48 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-28 14:44 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-28 14:44 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-28 14:44 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-28 14:44 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-04-28 14:44 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-04-28 14:44 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-04-28 14:44 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-04-28 14:44 . 2010-04-16 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-23 07:02 . 2010-04-23 07:02 -------- d-----w- c:\program files\Microsoft Games
2010-04-21 13:02 . 2010-04-21 13:02 -------- d-----w- c:\program files\EA GAMES
2010-04-21 12:47 . 2010-04-21 12:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 19:48 . 2010-03-31 17:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-23 07:08 . 2010-01-04 22:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 18:04 . 2010-04-15 18:04 -------- d-----w- c:\program files\VS Revo Group
2010-04-06 17:26 . 2010-04-06 17:26 -------- d-----w- c:\program files\Get Styles
2010-04-05 19:36 . 2010-04-05 19:36 -------- d-----w- c:\program files\iPod
2010-04-05 19:36 . 2010-01-28 17:24 -------- d-----w- c:\program files\Common Files\Apple
2010-04-05 19:35 . 2010-04-05 19:35 -------- d-----w- c:\program files\Apple Software Update
2010-04-01 17:22 . 2010-04-01 17:22 -------- d-----w- c:\program files\QuickTime
2010-04-01 17:19 . 2010-04-01 17:19 -------- d-----w- c:\program files\Bonjour
2010-04-01 17:13 . 2010-04-01 17:13 -------- d-----w- c:\program files\Safari
2010-03-29 20:04 . 2010-02-09 14:48 34904 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-28 16:40 . 2006-03-02 12:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 16:40 . 2006-03-02 12:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 20:18 . 2010-03-22 20:18 201728 ----a-w- c:\windows\system32\CHUCK_Nerd_Herd.scr
2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2006-03-02 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{aac4043a-8832-4abe-9963-35377f30b8e6}"= "c:\program files\Castle_Age\tbCast.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{aac4043a-8832-4abe-9963-35377f30b8e6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aac4043a-8832-4abe-9963-35377f30b8e6}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Castle_Age\tbCast.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{aac4043a-8832-4abe-9963-35377f30b8e6}"= "c:\program files\Castle_Age\tbCast.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{aac4043a-8832-4abe-9963-35377f30b8e6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{AAC4043A-8832-4ABE-9963-35377F30B8E6}"= "c:\program files\Castle_Age\tbCast.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{aac4043a-8832-4abe-9963-35377f30b8e6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-15 39408]
"ICQ"="d:\program files\ICQ 6.5\ICQ6.5\ICQ.exe" [2010-01-03 172792]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-05-02 321328]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Hobbyist Software On-Off Helper"="d:\program files\Off-Helper\Off-Helper.exe" [2009-09-14 224768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"SsAAD.exe"="d:\progra~1\SonicStage\SsAAD.exe" [2005-06-03 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-03-25 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\M ma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

c:\documents and settings\Hokage\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-3-5 0]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\ICQ 6.5\\ICQ6.5\\ICQ.exe"=
"e:\\Šafík\\Šafík\\World of Warcraft-\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\Šafík\\Šafík\\World of Warcraft-\\Launcher.exe"=
"e:\\Šafík\\Šafík\\World of Warcraft-\\WoW-3.2.0.10192-to-3.3.0.10958-enUS-downloader.exe"=
"e:\\Šafík\\Šafík\\World of Warcraft-\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"d:\\Program Files\\Off-Helper\\Off-Helper.exe"=
"e:\\Šafík\\Šafík\\World of Warcraft-\\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe"=
"e:\\Šafík\\Šafík\\World of Warcraft-\\WoW-3.3.0.10958-to-3.3.0.11159-enUS-downloader.exe"=
"e:\\Šafík\\Šafík\\World of Warcraft-\\WoW-3.3.0.11159-to-3.3.2.11403-enUS-downloader.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"e:\\Program Files\\Defcon\\defcon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Documents and Settings\\Hokage\\Local Settings\\Apps\\2.0\\7JV77KB9.98R\\DE0HMOC4.AD8\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56336:TCP"= 56336:TCP:Pando Media Booster
"56336:UDP"= 56336:UDP:Pando Media Booster
"57844:TCP"= 57844:TCP:Pando Media Booster
"57844:UDP"= 57844:UDP:Pando Media Booster

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21. 4. 2010 14:47 691696]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5. 1. 2010 0:46 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5. 1. 2010 0:46 20560]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23. 2. 2010 23:54 135664]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15. 1. 2010 22:54 246520]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 21:54]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 21:54]

2010-05-12 c:\windows\Tasks\User_Feed_Synchronization-{57BF4B9A-2645-4999-9883-7C4D9D8F6CAB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZJxdm433YYCZ&ptb=AxlynAlJeuKkIMOCA8FqAQ&n=77cea082
uInternet Settings,ProxyOverride = *.local
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
DPF: {E1AC9563-A1E3-45B8-A5CE-5C19E34EC6AC} - hxxp://www.arirang.co.kr/AlwaysTop.cab
FF - ProfilePath - c:\documents and settings\Hokage\Data aplikací\Mozilla\Firefox\Profiles\q2qzbfcj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... searchfor=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\program files\FireFox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\FireFox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\FireFox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\FireFox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\FireFox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\FireFox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\FireFox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll
HKCU-Run-Raptr - d:\progra~1\Raptr\RaptrStub.exe
HKLM-Run-DesktopMechanic - (no file)
HKLM-Run-SigmatelSysTrayApp - sttray.exe
AddRemove-Atlantica Online - e:\ndoors\Atlantica\uninst.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.3.43.0\uninstall.exe
AddRemove-PCConfidential_is1 - c:\program files\Winferno\PC Confidential\unins000.exe
AddRemove-Raptr - d:\program files\Raptr\uninstall.exe
AddRemove-RegPowerClean_is1 - c:\program files\Winferno\RegistryPowerCleaner\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 16:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1300)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2010-05-16 16:45:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-16 14:45

Před spuštěním: Volných bajtů: 69 270 708 224
Po spuštění: Volných bajtů: 70 826 827 776

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 40A8817AB871FB6360C85E26079295F1

stáhněte GMER , rozbalte a spusťte

proběhne sken, po jehož ukončení se zobrazí výsledky

poté klikněte na Save a uložíte tak log, jehož obsah sem vložte

potom dle tohoto návodu absolvujte druhý sken a opět obsah logu sem

Dva najednou ??

nejdřív se vygeneruje první log, který mi sem vložíte a pak podle tohoto návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 uděláte druhý sken a vložíte mi sem druhý log

1.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-16 17:19:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Hokage\Local Settings\Temp\uwddyuod.sys

---- System - GMER 1.0.15 ----

SSDT spot.sys ZwEnumerateKey [0xF739ADA4]
SSDT spot.sys ZwEnumerateValueKey [0xF739B132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8637D1F8
Device \FileSystem\Fastfat \Fat 8602B500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

při tom 2. se to vždycky kousne...

zkoušel jste to v nouzovém režimu? pokud ne, učiňte tak

Mi ten druhý nejde poslat...ale už ho mám hotový

zkuste ho upnout do přílohy

Ani to nejde...zkusím to rozdělit na víc kusů

VIRY.CZ

Silné zamrzání PC...

Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...