vytížení PC svchost.exe

[hades]

Zdravím.

Poslední dobou se mi velmi zatěžuje PC systémovými procesy, se kterými nic nenadělám (při zapnutí PC mi totálně vše na několik minut zamrzne - svchost.exe > 90 %). Možná to bude slabším strojem, možná špatnou kombinací software.

Používám Comodo FW a AV, Spy-Bot (včetně Tea-Timer a SD.*něco*), prohlížeč Opera. PC proskenován a nic nenalezeno.

MWAV vyplivne jen toto

Kód: Vybrat vše

Object "CoreGuardAntivirus2009 Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SwiftCleaner Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
File D:\Programy\ThunderbirdPortableTest\Data\profile\Mail\Local Folders\Inbox infected by "Trojan.Spy.Zbot.CGF (DB)" Virus! Action Taken: No Action Taken.

Díky všem za rady

[Rudy]

Podle MWAV máte trojana v poště. Budete muset proběhnout maily a najít ten infikovaný. Dejte log RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

[hades]

Děkuji

Trojana pohledám. Asi nějaká příloha.

Log z RSIT

Kód: Vybrat vše

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-22 22:25:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (39%) free of 20 GB
Total RAM: 1023 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-01-18 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-04 1800464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="     C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDriveAutoRun"=40010000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\ICQ6\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Rodina\Plocha\Stažené z internetu\Portable Skype\Phone\Skype.exe"="C:\Documents and Settings\Rodina\Plocha\Stažené z internetu\Portable Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Rodina\Plocha\Portable Skype\Phone\Skype.exe"="C:\Documents and Settings\Rodina\Plocha\Portable Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Programy\Opera\opera.exe"="D:\Programy\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"J:\Documents\Kecalkos\Skype\Phone\Skype.exe"="J:\Documents\Kecalkos\Skype\Phone\Skype.exe:*:Enabled:Skype"
"G:\Programy\Skype\Phone\Skype.exe"="G:\Programy\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Programy\Skype-S\Phone\Skype.exe"="D:\Programy\Skype-S\Phone\Skype.exe:*:Enabled:Skype"
"G:\Programy\uTorrent\uTorrent.exe"="G:\Programy\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"G:\Data\Hry\Diablo II\D2Loader-1.12.exe"="G:\Data\Hry\Diablo II\D2Loader-1.12.exe:*:Enabled:Diablo II"
"D:\Miranda\miranda32.exe"="D:\Miranda\miranda32.exe:*:Enabled:Miranda IM"
"G:\Programy\uTorrentPortable\App\utorrent\utorrent.exe"="G:\Programy\uTorrentPortable\App\utorrent\utorrent.exe:*:Enabled:µTorrent"
"G:\Programy\Opera10usb\OperaUSB.exe"="G:\Programy\Opera10usb\OperaUSB.exe:*:Enabled:Opera Internet Browser"
"G:\Programy\Opera10usb\opera.exe"="G:\Programy\Opera10usb\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Programy\Skype\Phone\Skype.exe"="D:\Programy\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c1186de-05a3-11de-9efc-000feadd6d38}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b1a8580-ec7c-11de-a254-000feadd6d38}]
shell\AutoRun\command - I:\Launcher.exe


======File associations======

.ini - open - "D:\Programy\Total Commander\Notepad++\Notepad++.exe" "%1"

======List of files/folders created in the last 1 months======

2010-01-22 22:25:26 ----D---- C:\Program Files\trend micro
2010-01-22 22:25:25 ----D---- C:\rsit
2010-01-22 20:19:59 ----AD---- C:\WINDOWS\rundll16.exe
2010-01-22 20:19:59 ----AD---- C:\WINDOWS\logo1_.exe
2010-01-22 19:35:43 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-22 16:11:29 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-22 16:11:29 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-22 16:11:29 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-22 16:11:29 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-21 19:21:34 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-21 19:21:32 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-21 19:21:31 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-21 19:21:26 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-01-21 19:21:26 ----A---- C:\WINDOWS\system32\T.COM
2010-01-21 19:21:26 ----A---- C:\WINDOWS\REGEDIT.COM
2010-01-21 19:21:26 ----A---- C:\WINDOWS\R.COM
2010-01-21 19:21:24 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-21 19:21:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-01-21 18:47:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-21 18:47:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-21 18:41:00 ----D---- C:\Program Files\FileHippo.com
2010-01-14 15:52:32 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-01-13 15:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 19:02:25 ----A---- C:\WINDOWS\system32\nt32200jewm.dll
2010-01-12 19:02:25 ----A---- C:\WINDOWS\ntcheck3232jewm.dll
2010-01-12 19:02:21 ----D---- C:\Program Files\JME_WM
2010-01-04 15:57:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2010-01-04 15:57:35 ----A---- C:\WINDOWS\system32\guard32.dll
2010-01-04 15:57:32 ----D---- C:\Program Files\COMODO
2010-01-03 11:06:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IrfanView
2010-01-01 11:41:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2009-12-30 21:14:37 ----D---- C:\WINDOWS\Globalization
2009-12-30 21:13:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaMusic
2009-12-30 07:33:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\MOBILedit
2009-12-30 07:30:13 ----D---- C:\Program Files\MOBILedit!
2009-12-29 07:36:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\GARMIN
2009-12-29 07:36:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GARMIN
2009-12-29 07:36:01 ----D---- C:\Program Files\Garmin
2009-12-29 07:33:43 ----D---- C:\Garmin
2009-12-26 09:37:12 ----D---- C:\Program Files\MSXML 6.0
2009-12-25 16:36:02 ----D---- C:\Program Files\NSS
2009-12-25 15:33:45 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nokia Ovi Suite
2009-12-25 15:33:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
2009-12-25 15:20:18 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-12-25 15:20:18 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-12-25 15:11:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
2009-12-25 15:00:36 ----D---- C:\Program Files\Common Files\PCSuite
2009-12-25 15:00:31 ----D---- C:\Program Files\Common Files\Nokia
2009-12-25 14:54:00 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$
2009-12-25 14:53:11 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-12-25 14:53:02 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-12-24 21:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

======List of files/folders modified in the last 1 months======

2010-01-22 22:25:26 ----RD---- C:\Program Files
2010-01-22 20:21:01 ----D---- C:\WINDOWS\system32
2010-01-22 20:21:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-22 20:19:59 ----D---- C:\WINDOWS
2010-01-22 20:16:23 ----SHD---- C:\WINDOWS\CSC
2010-01-22 20:12:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-22 19:35:41 ----D---- C:\WINDOWS\system32\drivers
2010-01-22 19:34:28 ----D---- C:\WINDOWS\Temp
2010-01-22 19:34:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-22 16:16:52 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-01-22 15:57:46 ----D---- C:\WINDOWS\Prefetch
2010-01-22 15:54:10 ----SD---- C:\WINDOWS\Tasks
2010-01-21 20:44:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Thunderbird
2010-01-21 19:45:15 ----HD---- C:\WINDOWS\inf
2010-01-21 19:44:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 19:43:19 ----D---- C:\Program Files\Internet Explorer
2010-01-21 19:42:09 ----D---- C:\WINDOWS\ie8updates
2010-01-21 19:37:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 19:25:32 ----SHD---- C:\System Volume Information
2010-01-21 19:21:24 ----D---- C:\Program Files\Common Files
2010-01-20 20:24:32 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-20 15:44:24 ----SHD---- C:\WINDOWS\Installer
2010-01-20 15:44:24 ----HD---- C:\Config.Msi
2010-01-18 05:36:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-01-13 17:53:35 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2010-01-13 17:51:06 ----D---- C:\WINDOWS\Debug
2010-01-12 20:33:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PC Suite
2010-01-12 19:02:25 ----D---- C:\Program Files\Microsoft Office
2010-01-10 19:44:30 ----D---- C:\WINDOWS\system32\Macromed
2010-01-09 22:45:59 ----A---- C:\ASLog.txt
2010-01-06 16:42:04 ----D---- C:\Documents and Settings\Administrator\Data aplikací\foobar2000
2010-01-05 19:56:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 10:56:34 ----D---- C:\Program Files\Microsoft ActiveSync
2010-01-02 16:49:25 ----D---- C:\WINDOWS\security
2010-01-02 11:51:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-02 10:36:27 ----A---- C:\fftrlog.txt
2009-12-30 21:14:19 ----RSD---- C:\WINDOWS\assembly
2009-12-30 21:14:12 ----RSD---- C:\WINDOWS\Fonts
2009-12-30 21:14:00 ----D---- C:\Program Files\Nokia
2009-12-30 21:12:37 ----D---- C:\WINDOWS\WinSxS
2009-12-29 07:36:07 ----D---- C:\Program Files\DIFX
2009-12-29 07:36:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-26 20:38:50 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-25 15:45:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2009-12-25 15:34:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nokia
2009-12-25 15:20:45 ----D---- C:\Program Files\PC Connectivity Solution
2009-12-25 14:53:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2009-12-24 23:45:50 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Hamachi
2009-12-24 22:06:33 ----D---- C:\WINDOWS\AppPatch
2009-12-24 22:01:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-24 21:57:22 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-04 25160]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-07 25280]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-01-04 133064]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
S2 PARLDR2K;ParLdr2k; \??\C:\WINDOWS\system32\drivers\parldr2k.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\G:\Programy\MediaCoder\SysInfo.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-12 47360]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usb2vcom;Nokia CA-42 USB; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-05-25 22760]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 usbvm328;A4 TECH USB2.0 PC Camera G; C:\WINDOWS\System32\Drivers\vmcam326av.sys [2007-10-18 104960]
S3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH; C:\WINDOWS\system32\drivers\vvftav326.sys [2007-07-03 480128]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-30 602112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-07 723632]
S2 gupdate1c9aa2bf5c373b4;Služba Google Update (gupdate1c9aa2bf5c373b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-18 194032]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2009-06-21 691200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\wmpnetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[hades]

ComboFix log:

Kód: Vybrat vše

ComboFix 10-01-21.08 - Administrator 22.01.2010  22:51:48.1.1 - x86
Systém Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.1023.635 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ntcheck3232jewm.dll
c:\windows\regedit.com
c:\windows\system32\nt32200jewm.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\taskmgr.com

.
(((((((((((((((((((((((((   Soubory vytvořené od 2009-12-22 do 2010-01-22  )))))))))))))))))))))))))))))))
.

2010-01-22 21:25 . 2010-01-22 21:25	--------	d-----w-	c:\program files\trend micro
2010-01-22 21:25 . 2010-01-22 21:25	--------	d-----w-	C:\rsit
2010-01-22 19:19 . 2010-01-22 19:19	--------	d---a-w-	c:\windows\rundll16.exe
2010-01-22 19:19 . 2010-01-22 19:19	--------	d---a-w-	c:\windows\logo1_.exe
2010-01-22 15:11 . 2010-01-22 15:11	--------	d---a-w-	c:\windows\VDLL.DLL
2010-01-22 15:11 . 2010-01-22 15:11	--------	d---a-w-	c:\windows\system32\runouce.exe
2010-01-22 15:11 . 2010-01-22 15:11	--------	d---a-w-	c:\windows\RUNDL132.EXE
2010-01-22 15:11 . 2010-01-22 15:11	--------	d---a-w-	c:\windows\logo_1.exe
2010-01-21 18:21 . 2010-01-21 18:21	632064	----a-w-	c:\windows\system32\msvcr80.dll
2010-01-21 18:21 . 2010-01-21 18:21	554240	----a-w-	c:\windows\system32\msvcp80.dll
2010-01-21 18:21 . 2010-01-21 18:21	34048	----a-w-	c:\windows\system32\eEmpty.exe
2010-01-21 18:21 . 2008-04-14 06:52	137216	----a-w-	c:\windows\system32\T.COM
2010-01-21 18:21 . 2008-04-14 06:52	147968	----a-w-	c:\windows\R.COM
2010-01-21 18:21 . 2010-01-22 19:17	--------	d-----w-	c:\program files\Common Files\MicroWorld
2010-01-21 17:47 . 2010-01-21 17:49	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-01-21 17:41 . 2010-01-21 17:41	--------	d-----w-	c:\program files\FileHippo.com
2010-01-12 18:02 . 2010-01-22 20:16	--------	d-----w-	c:\program files\JME_WM
2010-01-04 14:57 . 2010-01-04 14:57	87104	----a-w-	c:\windows\system32\drivers\inspect.sys
2010-01-04 14:57 . 2010-01-04 14:57	25160	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2010-01-04 14:57 . 2010-01-04 14:57	171552	----a-w-	c:\windows\system32\guard32.dll
2010-01-04 14:57 . 2010-01-04 14:57	133064	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2010-01-04 14:57 . 2010-01-04 14:57	--------	d-----w-	c:\program files\COMODO
2009-12-30 20:14 . 2009-12-30 20:15	--------	d-----w-	c:\windows\Globalization
2009-12-30 06:30 . 2009-12-30 06:33	--------	d-----w-	c:\program files\MOBILedit!
2009-12-29 06:36 . 2009-12-29 06:36	--------	d-----w-	c:\program files\Garmin
2009-12-29 06:33 . 2009-12-29 06:36	--------	d-----w-	C:\Garmin
2009-12-26 09:34 . 2009-12-26 09:34	10454	----a-w-	c:\windows\system32\drivers\parldr2k.sys
2009-12-26 08:37 . 2009-12-26 08:37	--------	d-----w-	c:\program files\MSXML 6.0
2009-12-25 15:36 . 2006-08-29 14:56	32377	----a-w-	c:\windows\system32\drivers\prodigy.sys
2009-12-25 15:36 . 2009-12-26 09:22	--------	d-----w-	c:\program files\NSS
2009-12-25 14:34 . 2009-12-25 14:34	--------	d-----w-	c:\documents and settings\All Users\Data aplikacĂ­
2009-12-25 14:20 . 2009-10-06 10:56	136704	----a-w-	c:\windows\system32\drivers\nmwcdnsu.sys
2009-12-25 14:20 . 2009-10-06 10:56	8320	----a-w-	c:\windows\system32\drivers\nmwcdnsuc.sys
2009-12-25 14:20 . 2009-10-06 10:52	7936	----a-w-	c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-25 14:20 . 2009-10-06 10:52	7936	----a-w-	c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-25 14:20 . 2009-10-06 10:52	22016	----a-w-	c:\windows\system32\drivers\ccdcmbo.sys
2009-12-25 14:20 . 2009-10-06 10:55	1112288	----a-w-	c:\windows\system32\wdfcoinstaller01007.dll
2009-12-25 14:20 . 2009-10-06 10:52	660480	----a-w-	c:\windows\system32\nmwcdcocls.dll
2009-12-25 14:20 . 2009-10-06 10:52	17664	----a-w-	c:\windows\system32\drivers\ccdcmb.sys
2009-12-25 14:00 . 2009-12-25 14:00	--------	d-----w-	c:\program files\Common Files\PCSuite
2009-12-25 14:00 . 2009-12-30 20:14	--------	d-----w-	c:\program files\Common Files\Nokia
2009-12-25 13:53 . 2008-04-13 23:15	26112	-c--a-w-	c:\windows\system32\dllcache\usbser.sys
2009-12-25 13:53 . 2008-04-13 23:15	26112	----a-w-	c:\windows\system32\drivers\usbser.sys
2009-12-25 13:53 . 2008-03-21 12:57	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 21:48 . 2001-10-25 12:00	87312	----a-w-	c:\windows\system32\perfc005.dat
2010-01-22 21:48 . 2001-10-25 12:00	449238	----a-w-	c:\windows\system32\perfh005.dat
2010-01-20 19:24 . 2009-11-28 15:54	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-01-03 09:56 . 2009-02-24 17:42	--------	d-----w-	c:\program files\Microsoft ActiveSync
2010-01-02 10:51 . 2009-02-24 17:29	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-12-30 20:14 . 2009-02-24 18:47	--------	d-----w-	c:\program files\Nokia
2009-12-29 06:36 . 2009-02-24 18:48	--------	d-----w-	c:\program files\DIFX
2009-12-26 19:38 . 2009-02-24 17:29	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-12-25 15:30 . 2009-12-25 15:30	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-25 14:20 . 2009-04-20 14:16	--------	d-----w-	c:\program files\PC Connectivity Solution
2009-12-25 13:54 . 2009-12-25 13:54	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-25 13:54 . 2009-12-25 13:54	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-25 13:53 . 2009-12-25 13:53	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-25 13:53 . 2009-12-25 13:53	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-21 19:08 . 2008-04-14 06:52	916480	----a-w-	c:\windows\system32\wininet.dll
2009-12-19 10:47 . 2009-03-14 20:58	162816	----a-w-	c:\windows\system32\fmod.dll
2009-12-12 20:38 . 2009-10-25 20:07	--------	d-----w-	c:\program files\Softick
2009-12-02 16:52 . 2009-02-24 18:09	--------	d-----w-	c:\program files\CDBurnerXP
2009-11-21 16:03 . 2008-04-14 06:51	471552	----a-w-	c:\windows\AppPatch\aclayers.dll
2009-11-08 10:38 . 2009-11-08 10:38	664	----a-w-	c:\windows\system32\d3d9caps.dat
2009-11-07 13:43 . 2009-11-07 13:43	25280	----a-w-	c:\windows\system32\drivers\hamachi.sys
2009-11-07 13:03 . 2009-11-07 12:14	33977	----a-w-	c:\windows\DIIUnin.dat
2009-11-07 12:52 . 2009-11-07 12:52	21840	----a-w-	c:\windows\system32\SIntfNT.dll
2009-11-07 12:52 . 2009-11-07 12:52	17212	----a-w-	c:\windows\system32\SIntf32.dll
2009-11-07 12:14 . 2009-11-07 12:14	94208	----a-w-	c:\windows\DIIUnin.exe
2009-11-07 12:14 . 2009-11-07 12:14	2829	----a-w-	c:\windows\DIIUnin.pif
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-04 1800464]

c:\documents and settings\Rodina\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Skype - telefon.lnk - d:\programy\Skype\skype-start.exe [2008-1-27 211407]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 21:13	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"BigDogPath326VMSnap"=c:\windows\VMSnap26.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NVRaidService"=c:\windows\system32\nvraidservice.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6\\ICQ6.5\\ICQ.exe"=
"d:\\Programy\\Opera\\opera.exe"=
"g:\\Programy\\Skype\\Phone\\Skype.exe"=
"d:\\Programy\\Skype-S\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"g:\\Data\\Hry\\Diablo II\\D2Loader-1.12.exe"=
"g:\\Programy\\uTorrentPortable\\App\\utorrent\\utorrent.exe"=
"g:\\Programy\\Opera10usb\\OperaUSB.exe"=
"g:\\Programy\\Opera10usb\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [4.1.2010 15:57 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4.1.2010 15:57 25160]
R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [26.12.2009 10:34 10454]
R3 usbvm328;A4 TECH USB2.0 PC Camera G;c:\windows\system32\drivers\vmcam326av.sys [26.2.2009 20:57 104960]
R3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH;c:\windows\system32\drivers\vvftav326.sys [26.2.2009 20:57 480128]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1c9aa2bf5c373b4;Služba Google Update (gupdate1c9aa2bf5c373b4);c:\program files\Google\Update\GoogleUpdate.exe [21.3.2009 14:50 133104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.8.2009 16:05 92008]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.12.2009 15:20 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.12.2009 15:20 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [25.12.2009 16:36 32377]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [24.2.2009 19:59 22760]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 04:36]

2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 13:50]

2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 13:50]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - 

---- NASTAVENÍ FIREFOXU ----
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 22:55
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...  

skenování skrytých položek 'Po spuštění' ... 

skenování skrytých souborů ...  

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-1960408961-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,71,3b,9d,ac,1a,3f,48,a3,d2,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,71,3b,9d,ac,1a,3f,48,a3,d2,3d,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-22  22:58:10
ComboFix-quarantined-files.txt  2010-01-22 21:58

Před spuštěním: 8 080 957 440
Po spuštění: 8 109 277 184

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7A265EF5E66DF399A93ADD1245B4E05C

Jejda to je hodin. Děkuji moc za rady. Dneska už to asi ukončíme.

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte co něj:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c1186de-05a3-11de-9efc-000feadd6d38}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[hades]

Sice mi ComboFix změnil některé předvolby, ale provedeno

[Rudy]

Nastala nějaká změna?

[hades]

Děkuji

Bohužel nenastala. Ještě si zkusím proskenovat PC antivirem Clam.

[Rudy]

Zkuste vypnout aut. aktualizace, příp. ještě anitivr a firewall, nebo proveďte jejich reinstal.

[hades]

Děkuji moc za ochotu a čas

Hlavní je, že mám (teoreticky) PC čistý

Mějte se

[Rudy]

Vy též a nemáte zač!