VIRY.CZ

zdravim...mam probelm pri spusteni pc mi naskoci svshost.exe na 99% a pocitac je zpomalenej.....taky to najde skodlivej soubor kwfpepes.sys

zasilam log z RSIT a Combofix...prosim o kontrolu...diky...

RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by uzivatel at 2010-03-10 14:29:57
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (15%) free of 30 GB
Total RAM: 1919 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:38, on 10.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\uzivatel\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\uzivatel.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O4 - Startup: winesm32.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF9E6772-C21E-487F-98BA-C4EABEBCC425}: NameServer = 90.183.241.6,90.183.241.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe

--
End of file - 3847 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for uzivatel.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{3B189BC4-EF24-434F-906D-55B52C9E78F8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost"
"C:\WINDOWS\spooldr.exe"="C:\WINDOWS\spooldr.exe:*:Enabled:enable"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Codemasters\Colin McRae Rally 2005\CMR5.EXE"="C:\Program Files\Codemasters\Colin McRae Rally 2005\CMR5.EXE:*:Enabled:Colin McRae Rally 2005 Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 months======

2010-03-10 14:29:57 ----D---- C:\rsit
2010-03-10 09:31:04 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-03-10 14:30:02 ----D---- C:\WINDOWS\Prefetch
2010-03-10 14:27:41 ----D---- C:\Program Files\Mozilla Firefox
2010-03-10 14:26:07 ----D---- C:\WINDOWS\Temp
2010-03-10 13:19:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-10 13:19:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-10 09:35:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-10 09:31:04 ----RD---- C:\Program Files
2010-03-10 09:20:46 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Skype
2010-03-10 08:52:14 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\skypePM
2010-03-09 21:15:35 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\ICQ
2010-03-09 18:38:29 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-09 14:38:58 ----D---- C:\WINDOWS\system32\drivers
2010-03-09 14:38:56 ----D---- C:\WINDOWS\system32
2010-03-08 17:54:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-06 16:24:34 ----D---- C:\Program Files\Krtecek_2_0
2010-03-02 15:33:02 ----D---- C:\WINDOWS\system32\Macromed
2010-02-21 19:10:30 ----D---- C:\Program Files\Pět kouzelných amuletů

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470048]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-06-29 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-06-29 20480]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S2 asc3550u;asc3550u; C:\WINDOWS\system32\drivers\asc3550u.sys []
S2 poof;poof; \??\C:\WINDOWS\system32\poof []
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780}; \??\C:\WINDOWS\TEMP\A.tmp []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys []
S3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys []
S3 kprof;kprof; \??\C:\WINDOWS\system32\kprof []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-06-29 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-06-29 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VC5SecS;Virtual CD v5 Security service; C:\Program Files\HHVcdV5Sys\VC5SecS.exe [2003-02-14 147456]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

-----------------EOF-----------------

Combofix

info.txt logfile of random's system information tool 1.06 2010-03-10 14:31:14

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x9 -u
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x9 -u
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ABC Edice PC her - Ankh-->"C:\Program Files\ABC\Ankh\unins000.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Aktualizace systému Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0005 -removeonly
asterpiece Fishing 3-->"C:\Program Files\Play\Masterpiece Fishing 3\unins000.exe"
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bambulky 1.0-->"C:\Program Files\Bambulky\unins000.exe"
Bone - Out from Boneville-->"C:\Program Files\TopCD\Bone - Out from Boneville\unins000.exe"
Brána do budoucnosti-->C:\Program Files\Brana do budoucnosti\Odinstaluj.exe
BSPlayer-->"C:\Program Files\BSPlayer\uninstall.exe"
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Colin McRae Rally 2005-->C:\Program Files\InstallShield Installation Information\{15CEC2E1-16AF-11D9-88E4-0004769F25D1}\Setup.exe -runfromtemp -l0x0005 -removeonly
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
DATA BECKER Complete Home Designer 5.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DATA BECKER\Complete Home Designer\446832.isu"
Dobrý farmář-->C:\Program Files\Dobrý farmář\Uninstall.exe
Drawing for Children-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Drawing for Children\UnInst.log" "/APPNAME=Drawing for Children"
DVD X Player Professional V3.0-->"C:\Program Files\DVD X Studios\DVD X Player Professional 3.0\unins000.exe"
Eets: Hunger. It's Emotional.-->C:\Program Files\Klei Entertainment\Eets\uninst.exe
Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}\SETUP.EXE -runfromtemp -l0x0009 UNINST -removeonly
Epson Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\SETUP.EXE" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Epson Stylus SX110_TX110 Manual-->C:\Program Files\EPSON\TPMANUAL\ESSX110_TX110\ENG\USE_G\DOCUNINS.EXE
EPSON SX110 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSFBE.EXE /R /APD /P:"EPSON SX110 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
Everlight - Moc a kouzla Víl-->"C:\Program Files\Everlight - Moc a kouzla Víl\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
JPEG Resampler Vs 4.7-->"C:\Program Files\JPEG Resampler\unins000.exe"
Krteček 2.0.2-->"C:\Program Files\Krtecek_2_0\unins000.exe"
Liška Ryška - nová dobrodružství-->C:\Program Files\Liška Ryška - nová dobrodružství\Uninstall.exe
Medvěd Míša - Cesta kolem světa-->C:\Program Files\Medvěd Míša - Cesta kolem světa\uninstal.exe
Medvěd Míša ve vesmíru-->C:\Program Files\Medvěd Míša ve vesmíru\uninstal.exe
Mesto zabavy-->C:\Program Files\Mesto zabavy\Uninstall.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Monster Trux Extreme - Offroad Edition-->C:\DOCUME~1\ALLUSE~1\DATAAP~1\TARMAI~1\{09F55~1\Setup.exe /remove /q0
Montezumova pomsta-->C:\Program Files\Montezumova pomsta\Uninstall.exe
Mozilla Firefox (1.5)-->C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (cs)"
Myška Milo 2-->"C:\Program Files\MEDIA TRADE\Myska Milo 2\unins000.exe"
Nero 7 Ultra Edition-->MsiExec.exe /X{DB4C031D-B2F8-47F1-A274-59A8F3B61033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.0.52\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
PacQuest 3D-->C:\WINDOWS\unvise32.exe C:\Program Files\TerraGame\PacQuest 3D\uninstal.log
Pět kouzelných amuletů-->"C:\Program Files\Pět kouzelných amuletů\unins000.exe"
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Restaurace Medvěda Míši-->C:\Program Files\Restaurace Medvěda Míši\Uninstall.exe
RocketRacer-->C:\Program Files\RocketRacer\rocketracer_uninstall.exe C:\Program Files\RocketRacer
Sammy Suricate Full Version-->C:\PROGRA~1\SAMMYS~1\UNWISE.EXE C:\PROGRA~1\SAMMYS~1\INSTALL.LOG
Scooby-Doo (TM) - Přízrak tajemného rytíře-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C756A743-4105-49D0-A9C8-3DEDDD3FA505}\setup.exe" -l0x5
Scooby-Doo(TM), Case File #2 The Scary Stone Dragon-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Scooby-Doo\Scooby-Doo(TM), Case File #2 The Scary Stone Dragon\Uninstall.xml"
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Space Patrol-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Dream Cinema\Space Patrol\Uninst.isu"
SweetIM for Messenger 2.7-->MsiExec.exe /X{EC87E256-B0A4-4A41-8682-AB57FF21196D}
SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tarzan Action Game-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\TARZAN~1\DeIsL1.isu
Táta hrdina-->C:\Program Files\Táta hrdina\Uninstall.exe
The Sims-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu"
Trust DS-3200 Wireless Optical Slimline Deskset-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{761443B6-AB01-4052-8683-12F1C5A5A5E5}
Včeličky-->C:\Program Files\Včeličky\Uninstall.exe
Virtual CD v5-->MsiExec.exe /I{7F878808-B462-4A82-B956-452595F8B29A}
Výprava do Květinové země-->C:\Program Files\Výprava do Květinové země\uninstal.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Žabka Kuňkalka na Kouzelné louce-->C:\Program Files\Žabka Kuňkalka na Kouzelné louce\Uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 100310-0]
FW: ActiveArmor Firewall (disabled)

======System event log======

Computer Name: POCITAC
Event Code: 7036
Message: Stav služby Adaptér výkonu služby WMI byl změněn na: Spuštěno

Record Number: 8352
Source Name: Service Control Manager
Time Written: 20100121103700.000000+060
Event Type: Informace
User:

Computer Name: POCITAC
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Adaptér výkonu služby WMI úspěšně odeslán.

Record Number: 8351
Source Name: Service Control Manager
Time Written: 20100121103700.000000+060
Event Type: Informace
User: POCITAC\uzivatel

Computer Name: POCITAC
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Zastaveno

Record Number: 8350
Source Name: Service Control Manager
Time Written: 20100121103659.000000+060
Event Type: Informace
User:

Computer Name: POCITAC
Event Code: 7036
Message: Stav služby Prohledávání počítačů byl změněn na: Zastaveno

Record Number: 8349
Source Name: Service Control Manager
Time Written: 20100121103656.000000+060
Event Type: Informace
User:

Computer Name: POCITAC
Event Code: 7036
Message: Stav služby Správce vzdáleného přístupu byl změněn na: Spuštěno

Record Number: 8348
Source Name: Service Control Manager
Time Written: 20100121103655.000000+060
Event Type: Informace
User:

=====Application event log=====

Computer Name: POCITAC
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 2540
Source Name: SecurityCenter
Time Written: 20080401081149.000000+120
Event Type: Informace
User:

Computer Name: POCITAC
Event Code: 1517
Message: Systém Windows uložil registr uživatele POCITAC\uzivatel, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 2539
Source Name: Userenv
Time Written: 20080331213153.000000+120
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

Computer Name: POCITAC
Event Code: 0
Message:
Record Number: 2538
Source Name: NMIndexingService
Time Written: 20080331172317.000000+120
Event Type: Informace
User:

Computer Name: POCITAC
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 2537
Source Name: SecurityCenter
Time Written: 20080331172311.000000+120
Event Type: Informace
User:

Computer Name: POCITAC
Event Code: 1517
Message: Systém Windows uložil registr uživatele POCITAC\uzivatel, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 2536
Source Name: Userenv
Time Written: 20080331145626.000000+120
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=7f01
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Zdravím

Na logu se pracuje, prosím o strpení.

Příště vkládejte jenom log.txt.

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obrázek

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Obrázek

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Obrázek

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Obrázek

Během skenování může být počítač restartován.

tak tady vkladam log z Combofixu (omlouvam se za zpozdeni ale bylo to velice poamle)...

ComboFix 10-03-09.08 - uzivatel 10.03.2010 15:23:18.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1919.1549 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 100310-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Předchozí spuštění --

c:\windows\system32\drivers\null.sys . . . chybí !!

--------

c:\windows\system32\drivers\null.sys . . . chybí !!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Legacy_POOF
-------\Legacy_RUNTIME
-------\Legacy_RUNTIME2
-------\Legacy_SMTPDRV
-------\Legacy_SYSLIBRARY
-------\Service_asc3550u
-------\Service_kprof
-------\Service_poof
-------\Service_SysLibrary

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-10 13:29 . 2010-03-10 13:31 -------- d-----w- C:\rsit
2010-03-10 08:36 . 2010-03-10 08:36 -------- d-----w- c:\documents and settings\uzivatel\DoctorWeb
2010-03-10 08:31 . 2010-03-10 13:30 -------- d-----w- c:\program files\Trend Micro
2010-03-09 13:38 . 2010-03-10 14:51 802304 ----a-w- c:\windows\system32\drivers\kwfpepes.sys
2010-02-18 19:03 . 2010-02-18 19:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 16:54 . 2009-05-13 17:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-06 15:24 . 2007-12-11 17:56 -------- d-----w- c:\program files\Krtecek_2_0
2010-02-21 18:10 . 2008-01-16 10:21 -------- d-----w- c:\program files\Pět kouzelných amuletů
2010-01-19 09:05 . 2009-07-15 08:59 -------- d-----w- c:\program files\ICQ6.5
2010-01-15 12:51 . 2010-01-14 16:58 -------- d-----w- c:\program files\Brana do budoucnosti
2010-01-14 17:11 . 2010-01-14 17:11 -------- d-----w- c:\program files\Dream Cinema
2007-07-02 12:27 . 2007-07-02 12:27 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-02 12:27 . 2007-07-02 12:27 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-02 12:27 . 2007-07-02 12:27 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-08-17 14:49 . 2004-08-17 14:49 65024 --sha-w- c:\windows\system32\asycfilt.dll
2004-08-17 14:49 . 2004-08-17 14:49 611328 --sha-w- c:\windows\system32\comctl32.dll
2004-08-17 14:49 . 2004-08-17 14:49 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-17 14:49 . 2004-08-17 14:49 413696 --sha-w- c:\windows\system32\msvcp60.dll
2004-08-17 14:49 . 2004-08-17 14:49 343040 --sha-w- c:\windows\system32\msvcrt.dll
2001-10-25 15:00 . 2001-10-25 15:00 253952 --sha-w- c:\windows\system32\msvcrt20.dll
2004-08-17 14:49 . 2004-08-17 14:49 553472 --sha-w- c:\windows\system32\oleaut32.dll
2004-08-17 14:49 . 2004-08-17 14:49 83456 --sha-w- c:\windows\system32\olepro32.dll
2004-08-17 14:49 . 2004-08-17 14:49 30749 --sha-w- c:\windows\system32\vbajet32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

c:\documents and settings\uzivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winesm32.exe [2004-8-17 30208]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 2005\\CMR5.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.5.2008 8:00 78416]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [19.3.2003 8:42 56848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.5.2008 8:00 20560]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\A.tmp --> c:\windows\TEMP\A.tmp [?]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 10:00 222968]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - kwfpepes
.
Obsah adresáře 'Naplánované úlohy'

2010-03-09 c:\windows\Tasks\Norton Security Scan for uzivatel.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 12:12]

2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{3B189BC4-EF24-434F-906D-55B52C9E78F8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {BF9E6772-C21E-487F-98BA-C4EABEBCC425} = 90.183.241.6,90.183.241.2
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\x8emcy4f.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 15:52
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\winesm32.exe 30208 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\A.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kwfpepes]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\HHVcdV5Sys\VC5SecS.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Celkový čas: 2010-03-10 16:00:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-10 14:59

Před spuštěním: 5 881 528 320
Po spuštění: 6 198 427 648

- - End Of File - - F6FC07E3BBE487B29FD25FE86A9A47B1

Následující kroky proveďte přesně v pořadí jak jsou.

Obrázek

Stáhněte a rozbalte soubor z přílohy na disk c: (Cesta souboru bude c:\null.sys, nesmí to být archív

)

null.zip: (1.41 KiB) Staženo 42 x

Pokud nemáte, přesuňte Combofix na plochu

otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
{DEF85C80-216A-43ab-AF70-1665EDBE2780}
kwfpepes

File::
c:\windows\TEMP\A.tmp 
c:\windows\system32\drivers\kwfpepes.sys
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\winesm32.exe

FCopy:: 
c:\null.sys | c:\windows\system32\drivers\null.sys

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

tak posilam log po provedeni....zatim svchost.exe nejede na 99%

ComboFix 10-03-09.08 - uzivatel 10.03.2010 16:23:25.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1919.1434 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uzivatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 100310-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\winesm32.exe"
"c:\windows\system32\drivers\kwfpepes.sys"
"c:\windows\TEMP\A.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\winesm32.exe
c:\windows\system32\drivers\kwfpepes.sys

.
--------------- FCopy ---------------

c:\null.sys --> c:\windows\system32\drivers\null.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KWFPEPES
-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}
-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}
-------\Service_kwfpepes

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-10 15:23 . 2009-08-21 11:04 2944 -c--a-w- c:\windows\system32\dllcache\null.sys
2010-03-10 15:23 . 2009-08-21 11:04 2944 ----a-w- c:\windows\system32\drivers\null.sys
2010-03-10 15:13 . 2009-08-21 11:04 2944 ------w- C:\null.sys
2010-03-10 13:29 . 2010-03-10 13:31 -------- d-----w- C:\rsit
2010-03-10 08:36 . 2010-03-10 08:36 -------- d-----w- c:\documents and settings\uzivatel\DoctorWeb
2010-03-10 08:31 . 2010-03-10 13:30 -------- d-----w- c:\program files\Trend Micro
2010-02-18 19:03 . 2010-02-18 19:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 16:54 . 2009-05-13 17:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-06 15:24 . 2007-12-11 17:56 -------- d-----w- c:\program files\Krtecek_2_0
2010-02-21 18:10 . 2008-01-16 10:21 -------- d-----w- c:\program files\Pět kouzelných amuletů
2010-01-19 09:05 . 2009-07-15 08:59 -------- d-----w- c:\program files\ICQ6.5
2010-01-15 12:51 . 2010-01-14 16:58 -------- d-----w- c:\program files\Brana do budoucnosti
2010-01-14 17:11 . 2010-01-14 17:11 -------- d-----w- c:\program files\Dream Cinema
2007-07-02 12:27 . 2007-07-02 12:27 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-02 12:27 . 2007-07-02 12:27 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-02 12:27 . 2007-07-02 12:27 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-08-17 14:49 . 2004-08-17 14:49 65024 --sha-w- c:\windows\system32\asycfilt.dll
2004-08-17 14:49 . 2004-08-17 14:49 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-17 14:49 . 2004-08-17 14:49 413696 --sha-w- c:\windows\system32\msvcp60.dll
2001-10-25 15:00 . 2001-10-25 15:00 253952 --sha-w- c:\windows\system32\msvcrt20.dll
2004-08-17 14:49 . 2004-08-17 14:49 553472 --sha-w- c:\windows\system32\oleaut32.dll
2004-08-17 14:49 . 2004-08-17 14:49 83456 --sha-w- c:\windows\system32\olepro32.dll
2004-08-17 14:49 . 2004-08-17 14:49 30749 --sha-w- c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-10_14.51.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-10 15:36 . 2010-03-10 15:36 16384 c:\windows\Temp\Perflib_Perfdata_610.dat
+ 2010-03-10 15:36 . 2010-03-10 15:36 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 2005\\CMR5.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.5.2008 8:00 78416]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [19.3.2003 8:42 56848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.5.2008 8:00 20560]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 10:00 222968]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-09 c:\windows\Tasks\Norton Security Scan for uzivatel.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 12:12]

2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{3B189BC4-EF24-434F-906D-55B52C9E78F8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {BF9E6772-C21E-487F-98BA-C4EABEBCC425} = 90.183.241.6,90.183.241.2
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\x8emcy4f.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 16:37
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1704)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\HHVcdV5Sys\VC5SecS.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2010-03-10 16:40:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-10 15:40
ComboFix2.txt 2010-03-10 15:00

Před spuštěním: 6 218 100 736
Po spuštění: 6 185 357 312

- - End Of File - - 9829CFC8CF1267A7CF4196CC6664F4C6

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

zasilam logy

MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89CF11F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89cf11f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
PE file found in sector at 0x012A14C00 !
Use "Recovery Console" command "fixmbr" to clear infection !

Gmer 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-10 17:00:23
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\uzivatel\LOCALS~1\Temp\fwtdapog.sys

---- System - GMER 1.0.15 ----

SSDT spsw.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spsw.sys ZwEnumerateValueKey [0xB9ECE132]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB64314FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB6431322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB643145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 89CF01F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Fastfat \Fat 89918500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

a gmer 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-10 17:48:21
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\uzivatel\LOCALS~1\Temp\fwtdapog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB6424C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6424B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB64250C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6424FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB64246E8]
SSDT spsw.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spsw.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB6424BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB6424628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB642468C]
SSDT spsw.sys ZwQueryKey [0xB9ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB6424D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB6425194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB6424CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB6424E4C]

INT 0x62 ? 89CF1BF8
INT 0x63 ? 89924F00
INT 0x73 ? 89CF1BF8
INT 0x73 ? 89CF1BF8
INT 0x73 ? 89CF1BF8
INT 0x83 ? 89CF1BF8
INT 0x83 ? 89CF1BF8
INT 0x83 ? 89924F00
INT 0x83 ? 89CF1BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB64314FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB6431322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB643145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 243C 80501140 4 Bytes CALL 2706538B
PAGE ntkrnlpa.exe!ZwLoadDriver 8057832A 7 Bytes JMP B6431460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8059F23E 7 Bytes JMP B6431326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B073A 5 Bytes JMP B642D4BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B7428 5 Bytes JMP B642E972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5C32 7 Bytes JMP B6431502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spsw.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B958A62C 5 Bytes JMP 899244E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D98360, 0x3535DF, 0xE8000020]
? C:\DOCUME~1\uzivatel\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spsw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spsw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spsw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spsw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spsw.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spsw.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 89CF01F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 89918500

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 8975D500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C851F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C851F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C851F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C851F8
Device \Driver\usbehci \Device\USBPDO-1 89922500
Device \Driver\NetBT \Device\NetBT_Tcpip_{BF9E6772-C21E-487F-98BA-C4EABEBCC425} 892E41F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89CF21F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89CF21F8
Device \Driver\Cdrom \Device\CdRom0 89923500
Device \Driver\NetBT \Device\NetBT_Tcpip_{342F5C91-81B9-4312-AEC4-F0DE5B8334B0} 892E41F8
Device \Driver\Cdrom \Device\CdRom1 89923500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89CF11F8
Device \Driver\atapi \Device\Ide\IdePort0 89CF11F8
Device \Driver\atapi \Device\Ide\IdePort1 89CF11F8
Device \Driver\atapi \Device\Ide\IdePort2 89CF11F8
Device \Driver\atapi \Device\Ide\IdePort3 89CF11F8
Device \Driver\atapi \Device\Ide\IdePort4 89CF11F8
Device \Driver\atapi \Device\Ide\IdePort5 89CF11F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 89CF11F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 892E41F8
Device \Driver\NetBT \Device\NetbiosSmb 892E41F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 8975D500
Device \Driver\usbehci \Device\USBFDO-1 89922500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892881F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 892881F8
Device \Driver\Ftdisk \Device\FtControl 89CF21F8
Device \Driver\vbev5mp \Device\Scsi\vbev5mp1Port6Path0Target0Lun0 8992A428
Device \Driver\vbev5mp \Device\Scsi\vbev5mp1 8992A428
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Fastfat \Fat 89918500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 898E3500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

ted uz bohuzel nejsem u toho PC takze jestli je to jeste potreba tak bych to udelal zitra....jinak se zdalo to byt vyresene....PC se choval normalne...

VIRY.CZ

svchost.exe ....CPU 100%

svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%

Re: svchost.exe ....CPU 100%