Pomalý PC po startu, vypínání antiviru, zbytečné procesy

[miima]

Po startu PC a přihlášení uživatele je PC přibližně 5 minut extrémně pomalý - běží několik aplikací které zabírají výkon procesoru a paměti na 100%. Při tom se občas zobrazí hláška že je vypnutý antivir a PC není chráněn. Prosím o kontrolu logu a případné doporučení které aplikace a procesy odstranit - odinstalovat - zakázat. Klidně prosím také doporučení který instalovaný SW je dle vašeho názoru zbytečný a co raději doporučujete jako alternativu.
Předem díky.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal at 2010-07-20 11:55:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 6 GB (3%) free of 238 GB
Total RAM: 1023 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:47, on 20.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\PnkBstrA.exe
d:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Michal\Plocha\RSIT.exe
D:\Program Files\trend micro\Michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "D:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Aplikace Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - d:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9503 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1303643608-839522115-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1303643608-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2007-05-06 77824]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"IntelliPoint"=D:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-05 461584]
"ccApp"=D:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-27 48728]
"vptray"=D:\PROGRA~1\SYMANT~1\VPTray.exe [2005-06-13 85088]
"AppleSyncNotifier"=D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Acrobat Speed Launcher"=D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"DivXUpdate"=D:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=D:\Documents and Settings\Michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-07-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
D:\WINDOWS\system32\NavLogon.dll [2005-06-13 43616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\GAMES\ZOO Tycoon 2\zt.exe"="D:\GAMES\ZOO Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\GAMES\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\GAMES\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Strong DC++ 205\StrongDC.exe"="D:\Program Files\Strong DC++ 205\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Program Files\Strong DC\StrongDC.exe"="D:\Program Files\Strong DC\StrongDC.exe:*:Enabled:StrongDC++"
"D:\DOCUME~1\Michal\LOCALS~1\Temp\_tc\Install.exe"="D:\DOCUME~1\Michal\LOCALS~1\Temp\_tc\Install.exe:*:Enabled:Windows Messanger"
"D:\\3kQBghwpv.exe"="D:\\3kQBghwpv.exe:*:Enabled:Windows Messanger"
"D:\GAMES\Anno 1701\Anno1701.exe"="D:\GAMES\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"D:\WINDOWS\system32\PnkBstrA.exe"="D:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\WINDOWS\system32\PnkBstrB.exe"="D:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\GAMES\Call of Duty - World at War\CoDWaWmp.exe"="D:\GAMES\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\GAMES\Call of Duty - World at War\CoDWaW.exe"="D:\GAMES\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-20 11:55:45 ----D---- D:\Program Files\trend micro
2010-07-20 11:55:44 ----D---- D:\rsit
2010-07-20 10:43:32 ----HDC---- D:\WINDOWS\$NtUninstallKB961118$
2010-07-20 10:39:33 ----SHD---- D:\Config.Msi
2010-07-19 12:28:41 ----D---- D:\Documents and Settings\All Users\Data aplikací\Protexis
2010-07-19 12:28:37 ----D---- D:\Documents and Settings\Michal\Data aplikací\Corel
2010-07-19 12:23:38 ----D---- D:\Program Files\Microsoft SDKs
2010-07-19 12:23:37 ----D---- D:\Program Files\Microsoft Visual Studio 9.0
2010-07-19 12:23:36 ----D---- D:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-07-19 12:23:18 ----D---- D:\Program Files\gs
2010-07-19 12:22:57 ----D---- D:\Program Files\Common Files\Corel
2010-07-19 12:22:34 ----D---- D:\Program Files\Common Files\Protexis
2010-07-19 12:22:33 ----D---- D:\Documents and Settings\All Users\Data aplikací\Corel
2010-07-19 11:43:19 ----N---- D:\WINDOWS\system32\spmsg2.dll
2010-07-19 11:43:17 ----HDC---- D:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-07-19 11:41:02 ----D---- D:\WINDOWS\system32\XPSViewer
2010-07-19 11:40:58 ----D---- D:\Program Files\MSBuild
2010-07-19 11:40:57 ----D---- D:\WINDOWS\system32\en-US
2010-07-19 11:40:50 ----D---- D:\Program Files\Reference Assemblies
2010-07-19 11:40:14 ----N---- D:\WINDOWS\system32\xpsshhdr.dll
2010-07-19 11:40:14 ----N---- D:\WINDOWS\system32\prntvpt.dll
2010-07-19 11:40:13 ----N---- D:\WINDOWS\system32\xpssvcs.dll
2010-07-19 11:33:51 ----D---- D:\Program Files\Corel
2010-07-19 11:09:06 ----D---- D:\Program Files\Common Files\Adobe AIR
2010-07-15 15:50:45 ----D---- D:\Program Files\CCleaner
2010-07-15 15:42:06 ----HDC---- D:\WINDOWS\$NtUninstallKB2229593$
2010-07-15 15:36:48 ----D---- D:\WINDOWS\system32\NtmsData
2010-07-01 22:41:43 ----D---- D:\PFiles
2010-06-21 03:31:17 ----D---- D:\iTunes

======List of files/folders modified in the last 1 months======

2010-07-20 11:55:45 ----RD---- D:\Program Files
2010-07-20 11:38:25 ----D---- D:\WINDOWS\Microsoft.NET
2010-07-20 11:36:21 ----RSD---- D:\WINDOWS\assembly
2010-07-20 11:36:17 ----D---- D:\Program Files\Symantec AntiVirus
2010-07-20 11:34:24 ----D---- D:\WINDOWS\Temp
2010-07-20 11:26:59 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-07-20 11:12:38 ----D---- D:\WINDOWS\Prefetch
2010-07-20 11:11:52 ----D---- D:\WINDOWS
2010-07-20 10:46:06 ----D---- D:\WINDOWS\system32
2010-07-20 10:46:06 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-07-20 10:45:58 ----D---- D:\WINDOWS\WinSxS
2010-07-20 10:44:43 ----SHD---- D:\WINDOWS\Installer
2010-07-20 10:44:12 ----HD---- D:\WINDOWS\inf
2010-07-20 10:44:08 ----D---- D:\WINDOWS\system32\CatRoot2
2010-07-20 10:44:07 ----D---- D:\WINDOWS\system32\CatRoot
2010-07-20 10:43:43 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-07-20 01:55:34 ----A---- D:\WINDOWS\wincmd.ini
2010-07-20 01:27:07 ----A---- D:\WINDOWS\imsins.BAK
2010-07-20 01:13:11 ----RSD---- D:\WINDOWS\Fonts
2010-07-19 23:59:43 ----D---- D:\Documents and Settings\Michal\Data aplikací\Adobe
2010-07-19 23:42:13 ----D---- D:\INSTALL
2010-07-19 23:23:39 ----SD---- D:\Documents and Settings\Michal\Data aplikací\Microsoft
2010-07-19 12:25:17 ----SD---- D:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-07-19 12:24:00 ----D---- D:\Program Files\Common Files\Microsoft Shared
2010-07-19 12:22:57 ----D---- D:\Program Files\Common Files
2010-07-19 11:51:41 ----D---- D:\Documents and Settings\Michal\Data aplikací\Apple Computer
2010-07-19 11:40:30 ----D---- D:\WINDOWS\system32\spool
2010-07-19 11:11:36 ----D---- D:\Program Files\Adobe
2010-07-19 08:54:12 ----D---- D:\MOVIES
2010-07-18 15:44:12 ----D---- D:\MP3
2010-07-18 15:32:46 ----D---- D:\TEMP
2010-07-18 15:30:48 ----D---- D:\ISO
2010-07-17 20:59:42 ----A---- D:\WINDOWS\ODBC.INI
2010-07-15 16:01:03 ----D---- D:\Documents and Settings\All Users\Data aplikací\DivX
2010-07-15 16:00:23 ----D---- D:\Program Files\DivX
2010-07-15 15:41:55 ----HD---- D:\WINDOWS\$hf_mig$
2010-07-15 15:39:28 ----SD---- D:\WINDOWS\Tasks
2010-07-15 15:30:45 ----D---- D:\Program Files\ICQ6.5
2010-07-02 21:39:05 ----A---- D:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; D:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2007-05-06 682232]
R1 AmdK8;Ovladač procesoru AMD Athlon64; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 eeCtrl;Symantec Eraser Control driver; \??\D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\D:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\D:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; D:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-05-06 2297664]
R3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEARAspiWDM; D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; D:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100719.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100719.002\navex15.sys []
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; D:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; D:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 Point32;Microsoft IntelliPoint Filter Driver; D:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-02 21760]
R3 SymEvent;SymEvent; \??\D:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; D:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 auzwb031;auzwb031; D:\WINDOWS\system32\drivers\auzwb031.sys []
S3 EraserUtilDrv11010;EraserUtilDrv11010; \??\D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys []
S3 SPBBCDrv;SPBBCDrv; \??\D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-27 185944]
R2 ccSetMgr;Symantec Settings Manager; D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-27 161368]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 DefWatch;Aplikace Symantec AntiVirus Definition Watcher; D:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-06-13 19552]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2010-01-16 66872]
R2 PSI_SVC_2;Protexis Licensing V2; d:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R2 Symantec AntiVirus;Symantec AntiVirus; D:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-06-13 1715296]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;Stavová služba ASP.NET; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-27 83544]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-03 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; D:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-06-13 127584]
S3 SNDSrvc;Symantec Network Drivers Service; D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[riffman]

zdravim

stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[miima]

Tak tady to je:

ComboFix 10-07-19.02 - Michal 20.07.2010 12:40:32.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.613 [GMT 2:00]
Spuštěný z: d:\documents and settings\Michal\Plocha\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\melt.bat
d:\program files\Internet Explorer\SET218.tmp
d:\program files\Internet Explorer\SET219.tmp
d:\program files\Internet Explorer\SET21B.tmp
d:\program files\Internet Explorer\SET281.tmp
d:\program files\Internet Explorer\SET282.tmp
d:\program files\Internet Explorer\SET283.tmp
d:\windows\system32\_000007_.tmp.dll
d:\windows\system32\_000008_.tmp.dll
d:\windows\system32\_000009_.tmp.dll
d:\windows\system32\_000011_.tmp.dll
d:\windows\system32\_000012_.tmp.dll
d:\windows\system32\_000013_.tmp.dll
d:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-20 do 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-20 09:55 . 2010-07-20 09:55 -------- d-----w- d:\program files\trend micro
2010-07-20 09:55 . 2010-07-20 09:55 -------- d-----w- D:\rsit
2010-07-19 10:23 . 2010-07-19 10:23 -------- d-----w- d:\program files\Microsoft SDKs
2010-07-19 10:23 . 2010-07-19 10:23 -------- d-----w- d:\program files\Microsoft Visual Studio 9.0
2010-07-19 10:23 . 2010-07-19 10:23 -------- d-----w- d:\program files\gs
2010-07-19 10:22 . 2010-07-19 10:22 -------- d-----w- d:\program files\Common Files\Corel
2010-07-19 10:22 . 2010-07-19 10:22 -------- d-----w- d:\program files\Common Files\Protexis
2010-07-19 09:43 . 2006-06-29 11:07 14048 ------w- d:\windows\system32\spmsg2.dll
2010-07-19 09:41 . 2010-07-19 09:41 -------- d-----w- d:\windows\system32\XPSViewer
2010-07-19 09:40 . 2010-07-19 09:40 -------- d-----w- d:\program files\MSBuild
2010-07-19 09:40 . 2010-07-19 09:40 -------- d-----w- d:\program files\Reference Assemblies
2010-07-19 09:40 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-19 09:40 . 2008-07-06 12:06 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-19 09:40 . 2008-07-06 12:06 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2010-07-19 09:40 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\xpsshhdr.dll
2010-07-19 09:40 . 2008-07-06 12:06 117760 ------w- d:\windows\system32\prntvpt.dll
2010-07-19 09:40 . 2008-07-06 10:50 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-19 09:40 . 2008-07-06 10:50 597504 ------w- d:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-19 09:40 . 2008-07-06 12:06 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2010-07-19 09:40 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
2010-07-19 09:33 . 2010-07-19 10:16 -------- d-----w- d:\program files\Corel
2010-07-19 09:09 . 2010-07-19 09:09 -------- d-----w- d:\program files\Common Files\Adobe AIR
2010-07-16 12:08 . 2010-07-16 12:08 -------- d-sh--w- d:\documents and settings\Ivanka\IECompatCache
2010-07-15 13:50 . 2010-07-15 13:50 -------- d-----w- d:\program files\CCleaner
2010-07-15 13:36 . 2010-07-15 13:37 -------- d-----w- d:\windows\system32\NtmsData
2010-07-15 13:26 . 2010-06-14 14:31 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe
2010-07-01 20:41 . 2010-07-01 20:41 -------- d-----w- D:\PFiles
2010-06-21 01:31 . 2010-06-26 17:35 -------- d-----w- D:\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 10:30 . 2008-05-01 12:43 -------- d-----w- d:\program files\Symantec AntiVirus
2010-07-20 08:46 . 2001-10-25 14:00 83742 ----a-w- d:\windows\system32\perfc005.dat
2010-07-20 08:46 . 2001-10-25 14:00 441086 ----a-w- d:\windows\system32\perfh005.dat
2010-07-15 14:00 . 2007-05-19 12:10 -------- d-----w- d:\program files\DivX
2010-07-15 13:30 . 2009-07-09 09:37 -------- d-----w- d:\program files\ICQ6.5
2010-06-14 14:31 . 2007-04-01 15:49 744448 ----a-w- d:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-22 08:45 . 2009-04-29 12:31 -------- d-----w- d:\program files\Common Files\DivX Shared
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- d:\windows\system32\wininet.dll
2010-05-02 08:09 . 2007-04-01 16:57 1851264 ----a-w- d:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-05-06 77824]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-27 48728]
"vptray"="d:\progra~1\SYMANT~1\VPTray.exe" [2005-06-13 85088]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\GAMES\\ZOO Tycoon 2\\zt.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\GAMES\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Strong DC\\StrongDC.exe"=
"d:\\\\3kQBghwpv.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\GAMES\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\GAMES\\Call of Duty - World at War\\CoDWaW.exe"=

R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;d:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [1.4.2007 20:02 100032]
S3 SavRoam;SAVRoam;d:\program files\Symantec AntiVirus\SavRoam.exe [13.6.2005 16:29 127584]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [6.5.2007 23:42 682232]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - EraserUtilDrv11010
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - d:\documents and settings\Michal\Local Settings\Temporary Internet Files\Content.IE5\NKXVFEB0\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 12:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1303643608-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,18,ab,be,66,af,10,5a,fe,06,3c,85,5b,c0,16,27,2b,a4,b3,10,5a,55,b0,
f5,da,08,77,fb,a0,60,aa,64,55,bc,dd,c1,5b,0f,d6,52,51,1b,f6,34,68,5c,1b,fc,\
"??"=hex:16,9b,92,89,c1,af,52,94,f7,47,23,98,c8,7c,c9,16

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-07-20 12:48:39
ComboFix-quarantined-files.txt 2010-07-20 10:48

Před spuštěním: 6 356 692 992
Po spuštění: 6 939 234 304

- - End Of File - - 40642D4572892DB024237B6B2BC270F3

[riffman]

d:\3kQBghwpv.exe otestujte na VIRUSTOTALu

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet, najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor, ignorujte pripadne hlasky, ze soubor byl jiz testovan a provedte sken znova; dejte skenerum nejakych deset minut; vysledek sem vlozte at uz zkopirovanim textu, nebo pripadne vlozenim odkazu po ukonceni skenu)

[miima]

Bohuzel www.virustotal.com nejede (tedy na mem pc). Co ted?

[riffman]

tak jinak

http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

stahnout, nainstalovat, spustit sken, nic nemazat, nacpat sem log

[miima]

Tak dle MBAM čisto:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4329

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.7.2010 13:28:02
mbam-log-2010-07-20 (13-28-02).txt

Typ skenu: Rychlý sken
Skenované objekty: 143953
Uplynulý čas: 6 minuta(y), 22 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[riffman]

Combofix predtim nasel a smazal nejake svinstvo, jak to ted vypada se strojem?

[miima]

Po restartu a přihlášení uživatele systém naběhl rychleji, ale i přesto se na chvilku sám od sebe vypnul a potom zase zapnul antivir a některé procesy vytěžují procesor - viz printscreen. Největší zátěží jsou procesy Rtvscan.exe a DoScan.exe - to jsou procesy Antiviru?

[riffman]

ano, tyhle procesy souvisi se Symantecem

provadel jste nejake cisteni disku a registru?

[miima]

Cisteni registru v posledni dobe (1 rok) zadne.
Disk jsem take zadnym nastrojem necistil, pouze v poslednich 3 dnech jsem ruzne presouval a kopiroval vetsi mnozstvi ruznych souboru (cca 80GB) z jednoho disku na druhy a treti (externi usb - momentalne nepripojeny).

[riffman]

smazte nepotrebne soubory:

- bud rucne v Tempech a Temporary Internet Files
- nebo pomoci Ccleaneru

navod prosty:

polozka Cleaner - zde vycistite stroj od nepotrebnych souboru vcetne vysypani Kose a vymazu docasnych souboru prohlizecu vcetne Cookies
polozka Issues - zde vycistite registry; pred aplikaci doporucuji jejich zalohu, kterou Ccleaner pred Fix Registry nabizi; cisteni registru je treba nekolikrat za sebou zopakovat!

vycistit stroj muzete i CleanUpem

pripadne muzete pouzit i jine uklidove programy, dulezite je vycistit stroj od balastu a smazat neplatne klice v registrech

[levhart48]

Zdravím, měl jsem úplně stejný problém.. Stáhl jsem si tedy také ComboFix a podle návodu použil, teď tu mám ale textový soubor ComboFix.txt a nejsem si jist jestli mi program odstranil vše, vkládám sem tedy celý text a žádám o radu..:

ComboFix 15-10-06.01 - legend_killer . 10. 2015 19:49:21.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3976.1486 [GMT 2:00]
Spuštěný z: c:\users\xxx.xxx\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxx.xxx\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\XXX~1.LEG\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-10 do 2015-10-10 )))))))))))))))))))))))))))))))
.
.
2015-10-10 18:01 . 2015-10-10 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-10 14:06 . 2015-10-10 14:06 -------- d-----w- c:\users\Public\Speedup Sessions
2015-10-06 19:05 . 2015-10-06 19:32 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\Avira
2015-10-06 19:03 . 2015-10-07 16:53 74440 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-10-06 19:03 . 2015-10-07 16:53 137800 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-10-06 19:03 . 2015-10-06 19:28 148632 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-10-06 19:03 . 2015-02-04 15:51 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-10-06 19:03 . 2015-10-10 14:25 -------- d-----w- c:\program files (x86)\Avira
2015-10-04 19:25 . 2015-10-04 19:25 -------- d-----w- c:\users\xxx.xxx\AppData\Local\Apps
2015-10-04 19:25 . 2015-10-04 19:26 -------- d-----w- c:\users\xxx.xxx\AppData\Local\Deployment
2015-10-04 17:35 . 2015-10-04 17:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F21111-7394-43C4-BC6E-578841D86666}\offreg.3040.dll
2015-10-04 17:32 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F21111-7394-43C4-BC6E-578841D86666}\mpengine.dll
2015-10-04 12:37 . 2015-10-04 15:13 -------- d-----w- c:\users\Jan
2015-10-02 16:09 . 2015-10-04 17:17 -------- d-----w- c:\program files (x86)\Total Video Player
2015-10-02 16:09 . 2015-10-02 16:09 -------- d-----w- c:\users\xxx.xxx\AppData\Local\IsolatedStorage
2015-10-02 16:08 . 2015-10-04 18:10 -------- d-----w- c:\programdata\Norton
2015-10-02 16:07 . 2015-10-04 17:23 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\ImperiaOnline
2015-09-28 11:23 . 2015-08-05 13:52 1624576 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-28 11:23 . 2015-08-05 13:52 1326080 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-09-28 11:23 . 2015-08-05 13:52 1278976 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-09-28 11:23 . 2015-08-05 13:52 1313792 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-09-28 11:23 . 2015-08-05 15:03 1032704 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2015-09-27 12:20 . 2015-10-04 17:23 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\Audacity
2015-09-27 12:19 . 2015-09-27 12:20 -------- d-----w- c:\program files (x86)\Audacity
2015-09-27 09:46 . 2015-09-27 09:46 -------- d-----w- c:\users\xxx.xxx\AppData\Local\globalUpdate
2015-09-27 09:46 . 2015-09-27 09:46 -------- d-----w- c:\program files (x86)\Seznam.cz
2015-09-27 09:44 . 2015-10-04 17:24 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\Seznam.cz
2015-09-27 08:45 . 2015-09-27 08:45 -------- d-----w- c:\programdata\IObit
2015-09-27 08:45 . 2015-01-10 13:32 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2015-09-27 08:45 . 2014-06-04 13:17 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2015-09-27 08:45 . 2014-06-04 13:17 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2015-09-27 08:45 . 2015-09-27 08:45 -------- d-----w- c:\program files (x86)\IObit
2015-09-27 08:45 . 2015-10-04 17:02 -------- d-----w- c:\users\xxx.xxx\AppData\Roaming\IObit
2015-09-27 08:39 . 2015-09-27 08:39 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-09-25 18:25 . 2015-10-04 17:23 -------- d-----w- c:\users\xxx.xxx\AppData\Local\UmmyVideoDownloader
2015-09-24 15:43 . 2015-06-24 13:00 1190000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{558D8B51-C1E1-499D-9266-3952EAFE5BE6}\gapaengine.dll
2015-09-23 13:10 . 2015-09-12 13:29 148480 ----a-w- c:\windows\system32\poqexec.exe
2015-09-23 13:10 . 2015-09-12 13:29 144896 ----a-w- c:\windows\system32\tssdisai.dll
2015-09-23 13:10 . 2015-09-12 13:29 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2015-09-23 13:10 . 2015-09-12 13:29 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2015-09-23 13:10 . 2015-09-12 13:29 135680 ----a-w- c:\windows\system32\appserverai.dll
2015-09-23 07:30 . 2015-09-23 07:30 52872 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-09-18 18:58 . 2015-09-18 18:58 -------- d-----w- c:\users\xxx.xxx\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-17 21:07 . 2014-12-10 21:30 811472 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-17 21:07 . 2014-12-10 21:30 177616 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-02 13:49 . 2015-09-09 11:48 2341376 ----a-w- c:\windows\system32\msxml6.dll
2015-09-02 13:49 . 2015-09-09 11:48 1850880 ----a-w- c:\windows\system32\msxml3.dll
2015-09-02 13:48 . 2015-09-09 11:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 13:38 . 2015-09-09 11:48 1744384 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-09-02 13:38 . 2015-09-09 11:48 1422336 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-09-02 13:38 . 2015-09-09 11:47 35328 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-01 23:25 . 2015-09-09 11:47 4065280 ----a-w- c:\windows\system32\win32k.sys
2015-08-28 21:59 . 2015-09-09 11:47 304128 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:41 . 2015-09-09 11:47 366592 ----a-w- c:\windows\system32\atmfd.dll
2015-08-26 16:37 . 2013-06-28 14:44 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-08-22 14:40 . 2015-09-09 11:42 1763328 ----a-w- c:\windows\SysWow64\wininet.dll
2015-08-22 14:40 . 2015-09-09 11:42 525312 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-08-22 14:40 . 2015-09-09 11:42 2865664 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-08-22 14:40 . 2015-09-09 11:42 737280 ----a-w- c:\windows\SysWow64\inetcomm.dll
2015-08-22 13:51 . 2015-09-09 11:42 2239488 ----a-w- c:\windows\system32\wininet.dll
2015-08-22 13:51 . 2015-09-09 11:42 603136 ----a-w- c:\windows\system32\vbscript.dll
2015-08-22 13:51 . 2015-09-09 11:42 1409024 ----a-w- c:\windows\system32\urlmon.dll
2015-08-22 13:50 . 2015-09-09 11:42 19291648 ----a-w- c:\windows\system32\mshtml.dll
2015-08-22 13:50 . 2015-09-09 11:42 603136 ----a-w- c:\windows\system32\msfeeds.dll
2015-08-22 13:50 . 2015-09-09 11:42 857600 ----a-w- c:\windows\system32\jscript.dll
2015-08-22 13:50 . 2015-09-09 11:42 3959808 ----a-w- c:\windows\system32\jscript9.dll
2015-08-22 13:50 . 2015-09-09 11:42 15415808 ----a-w- c:\windows\system32\ieframe.dll
2015-08-22 13:50 . 2015-09-09 11:42 949760 ----a-w- c:\windows\system32\inetcomm.dll
2015-08-22 13:50 . 2015-09-09 11:42 2657280 ----a-w- c:\windows\system32\iertutil.dll
2015-08-13 10:49 . 2015-08-19 20:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-13 10:44 . 2015-08-19 20:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-05 13:52 . 2015-09-09 11:48 1287680 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-04 14:42 . 2015-09-09 11:48 1229824 ----a-w- c:\windows\SysWow64\Windows.UI.Immersive.dll
2015-08-04 14:42 . 2015-09-09 11:48 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2015-08-04 14:42 . 2015-09-09 11:48 356352 ----a-w- c:\windows\SysWow64\SettingSync.dll
2015-08-04 14:42 . 2015-09-09 11:48 100864 ----a-w- c:\windows\SysWow64\SettingSyncInfo.dll
2015-08-04 14:42 . 2015-09-09 11:48 2038784 ----a-w- c:\windows\SysWow64\authui.dll
2015-08-04 13:54 . 2015-09-09 11:48 1399808 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2015-08-04 13:54 . 2015-09-09 11:48 10116608 ----a-w- c:\windows\system32\twinui.dll
2015-08-04 13:53 . 2015-09-09 11:48 449024 ----a-w- c:\windows\system32\SettingSync.dll
2015-08-04 13:53 . 2015-09-09 11:48 128512 ----a-w- c:\windows\system32\SettingSyncInfo.dll
2015-08-04 13:53 . 2015-09-09 11:48 2307584 ----a-w- c:\windows\system32\authui.dll
2015-08-01 16:21 . 2015-09-09 11:48 73352 ----a-w- c:\windows\system32\appidapi.dll
2015-08-01 15:22 . 2015-09-09 11:48 63992 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-08-01 13:56 . 2015-09-09 11:48 139776 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-08-01 13:56 . 2015-09-09 11:48 18432 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-08-01 13:56 . 2015-09-09 11:48 39424 ----a-w- c:\windows\system32\appidsvc.dll
2015-07-30 13:11 . 2015-08-12 15:55 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:10 . 2015-08-12 15:55 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-29 14:45 . 2015-08-12 15:56 1412608 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-29 13:52 . 2015-08-12 15:56 1280000 ----a-w- c:\windows\system32\FntCache.dll
2015-07-29 13:52 . 2015-08-12 15:56 1840640 ----a-w- c:\windows\system32\DWrite.dll
2015-07-28 16:25 . 2015-08-12 15:56 25776 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 14:13 . 2015-08-12 15:56 774144 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 14:13 . 2015-08-12 15:56 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 14:13 . 2015-08-12 15:56 437248 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 14:13 . 2015-08-12 15:56 1116160 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 14:13 . 2015-08-12 15:56 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 13:12 . 2015-08-12 15:56 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-15 16:09 . 2015-08-12 15:55 6969688 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-15 16:09 . 2015-08-12 15:55 95064 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 16:06 . 2015-08-12 15:55 1824296 ----a-w- c:\windows\system32\ntdll.dll
2015-07-15 13:49 . 2015-08-12 15:55 1410000 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-07-15 13:29 . 2015-08-12 15:55 1333248 ----a-w- c:\windows\system32\sysmain.dll
2015-07-13 21:05 . 2015-08-12 15:57 48128 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-13 21:05 . 2015-08-12 15:57 54272 ----a-w- c:\windows\system32\basesrv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
2015-04-14 13:14 38104 ----a-w- c:\program files (x86)\PDF Architect 3\creator-ie-helper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2DFF3579-5AA7-45B9-9328-1D38EA230861}"= "c:\program files (x86)\PDF Architect 3\creator-ie-plugin.dll" [2015-04-14 496344]
.
[HKEY_CLASSES_ROOT\clsid\{2dff3579-5aa7-45b9-9328-1d38ea230861}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{882BBDC8-4C5D-46A7-8333-5F4E819666F4}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\xxx.xxx\AppData\Local\Akamai\netsession_win.exe" [2015-07-23 4691384]
"cz.seznam.software.autoupdate"="c:\users\xxx.xxx\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\xxx.xxx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguix.exe" [2015-09-22 1125800]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-02-19 3710416]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2013-07-18 683656]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2015-09-07 523144]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-10-07 782520]
"Speedup_umh"="c:\program files (x86)\Avira\AviraSpeedup\Speedup_umh.exe" [2015-09-10 194216]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-08-13 66936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-08-01 21:56 75680 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files (x86)\iSafe\iSafeKrnlR3.sys;c:\program files (x86)\iSafe\iSafeKrnlR3.sys [x]
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe [x]
R3 PDF Architect 3;PDF Architect 3;c:\program files (x86)\PDF Architect 3\ws.exe;c:\program files (x86)\PDF Architect 3\ws.exe [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R4 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
R4 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 PDF Architect 3 Creator;PDF Architect 3 Creator;c:\program files (x86)\PDF Architect 3\creator-ws.exe;c:\program files (x86)\PDF Architect 3\creator-ws.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys;c:\windows\SYSNATIVE\drivers\jmcr.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsServiceDriver;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\System32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-04 19:26 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-28 15:56]
.
2015-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-04 19:26]
.
2015-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-04 19:26]
.
2015-10-09 c:\windows\Tasks\HPCeeScheduleForlegend_killer.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-07-10 1664000]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://safesearch.avira.com/#web/result?source=art&q=
uDefault_Search_URL = https://safesearch.avira.com/#web/result?source=art&q=
mDefault_Search_URL = https://safesearch.avira.com/#web/result?source=art&q=
mDefault_Page_URL = https://safesearch.avira.com/#web/result?source=art&q=
mStart Page = https://safesearch.avira.com/#web/result?source=art&q=
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://safesearch.avira.com/#web/result?source=art&q=
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files (x86)\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.77.221.1 10.109.255.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-installed components - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
c:\program files (x86)\Avira\Launcher\Avira.Systray.exe
.
**************************************************************************
.
Celkový čas: 2015-10-10 20:12:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-10-10 18:12
.
Před spuštěním: 639 128 489 984 bytes free
Po spuštění: 638 370 304 000 bytes free
.
- - End Of File - - 539CACCA497FD4BB23735E487A9A4643

[cernohous13]

Zdravím,

přilepit se na řešení starší než pět let není dobrý nápad

a kdybys přečetl nejdřív něco ze zdejších pravidel tak bys našel

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je! Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád či nějaký rádoby odborný web. Naše fórum je jediné z CZ\SK antivirových fór, které má právo luštit logy z ComboFixu a máme též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

Takže si založ nové téma zde http://forum.viry.cz/viewforum.php?f=13
a dej tam log podle návodu zde http://forum.viry.cz/viewtopic.php?f=13&t=130786

tam už si tě někdo všimne a poradí