CPU vytížen na 100%,ComboFix nereaguje,RSIT se sekne...

[marfee]

Hezký den,
Po dlouhé době se na mém PC vyskytují problémy(aby toho nebylo málo)
Od včerejška jsem si všiml výrazného spomalení počítače.Prvně jsem si myslel že se jedná přeci jenom o špatný den,ale problémy přetrvavají. Zjistil jsem v task manageru,že proces svchost.exe,kterých tam mam asi pět,mi CPU vytížuje na 97 a výš %,jenomže nejenom svchost jede na počítači čili je procesor vytížen na 100%,což přineslo problémy,když jsem chtěl udělat logy. Prvně jsem vyzkoušel RSIT,které sice najíždělo dlouho,zapl jsem proces analýzy a sekl se mi v třičtvrtině. Čekal jsem dlouho ale nic. Tak jsem RSIT ukončil taskmanagerem a vyzkoušel ComboFix. CF najížděl strašně dlouho a když "bar" dojel dokonce a ja s nadějí,že se CF spustí opět se nic nestalo.
Mohl by mi někdo s tímto problémem pomoci? Docela nutně PC dnes potřebuji a jak na potvoru se mi stane toto.
Předem dík!

-11:33:
Ještě jsem zapomněl dodat,že mám problém s připojením k internetu,když zapnu PC(poznám to díky Skypu-jinač prohlížeč neotvirám,protože bych to jen zatížíl a néž by to vše najelo). Zkouším ještě jednou RSIT,třeba se podaří.

[JaRon]

ahoj,
skus to v nudzovom rezime >> RSIT, CF, MBAM

[marfee]

ZDE LOG Z RSIT,CF mi restartlo PC a najelo jakoby do normalního stavu a zaplo se...Teď uvidím dál...Prozatím hlasi dialog "Spouští se"
========================
Logfile of random's system information tool 1.06 (written by random/random)
Run by Lego at 2010-02-03 11:51:46
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (5%) free of 60 GB
Total RAM: 639 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:01, on 3.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Lego\Plocha\RSIT.exe
C:\Program Files\trend micro\Lego.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [\\Nb01\EPSON SX410 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\DOCUME~1\Lego\LOCALS~1\Temp\E_S12E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Automaticky EPSON SX410 Series v Nb01] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\WINDOWS\TEMP\E_S1B2.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Miranda IM.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: wwwpos32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 6278 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-07-29 1153024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-10 149280]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-07-29 1024512]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-12-25 782336]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2009-12-08 289584]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"\\Nb01\EPSON SX410 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [2008-10-01 199680]
"Automaticky EPSON SX410 Series v Nb01"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [2008-10-01 199680]

C:\Documents and Settings\Lego\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Miranda IM.lnk - C:\Program Files\Miranda IM Dvořák Pack 1.0\miranda32.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
wwwpos32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Yaho's Miranda IM\miranda32.exe"="C:\Program Files\Yaho's Miranda IM\miranda32.exe:*:Disabled:Miranda IM"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\RndLabs\BaboViolent 2\bv2.exe"="C:\Program Files\RndLabs\BaboViolent 2\bv2.exe:*:Enabled:bv2"
"C:\Program Files\Fox\Aliens versus Predator 2 - Primal Hunt\lithtech.exe"="C:\Program Files\Fox\Aliens versus Predator 2 - Primal Hunt\lithtech.exe:*:Enabled:Client"
"C:\Program Files\Vietcong\vietcong.exe"="C:\Program Files\Vietcong\vietcong.exe:*:Enabled:vietcong"
"C:\Program Files\Miranda IM Dvořák Pack 1.0\miranda32.exe"="C:\Program Files\Miranda IM Dvořák Pack 1.0\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"="C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0"
"C:\Program Files\TmUnitedForever\TmForever.exe"="C:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-02-03 11:50:30 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-03 10:58:53 ----D---- C:\32788R22FWJFW
2010-02-03 10:40:17 ----D---- C:\Qoobox
2010-02-03 09:08:05 ----D---- C:\Program Files\trend micro
2010-02-03 09:06:19 ----D---- C:\rsit
2010-02-02 23:30:27 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-02-02 21:35:10 ----D---- C:\Super Size Me [DVDRip][2004][Eng][BugzBunny]
2010-02-02 21:32:26 ----D---- C:\Earthlings [2006] [Special Extended Edition] DvDrip [Eng] + all languages' subtitles
2010-02-01 21:33:23 ----D---- C:\works
2010-02-01 19:39:07 ----D---- C:\Dave Matthews Band - Big Whiskey and the GrooGrux King 2009 UK Edition KompletlyWyred DHZ Inc Release
2010-01-24 13:16:03 ----D---- C:\Joshua Rifkin- (1990) Scott Joplin. Piano Rags
2010-01-23 11:29:03 ----D---- C:\Program Files\PosteRazor
2010-01-23 11:29:03 ----D---- C:\Documents and Settings\Lego\Data aplikací\CasaPortale.de
2010-01-22 23:09:22 ----D---- C:\Mozart - The Symphonies (Telarc)
2010-01-20 19:03:24 ----D---- C:\Program Files\FLAC
2010-01-19 21:34:07 ----D---- C:\Planet X-Quantum-Universe(albums)
2010-01-19 20:47:37 ----D---- C:\Big Neighborhood-Mike Stern
2010-01-19 20:43:59 ----D---- C:\Program Files\7-Zip
2010-01-18 21:49:36 ----D---- C:\Program Files\Medieval Software
2010-01-18 19:49:19 ----D---- C:\gavin harrison & 05Ric - drop (2007) 320k
2010-01-18 18:06:00 ----D---- C:\Beautiful.Losers.2008.LiMiTED.DVDRip.X264-VsHX264
2010-01-18 18:05:22 ----D---- C:\Rock.Fresh.2006.DVDRip.X264-VsHX264
2010-01-17 16:21:50 ----D---- C:\Program Files\SMART Technologies Inc
2010-01-17 16:07:40 ----D---- C:\Ratten.Till.Staden.2008.SWEDiSH.DVDRip.XviD-PiLOT
2010-01-17 10:23:26 ----D---- C:\In The Mood For Life (2009)
2010-01-16 20:16:37 ----D---- C:\Style.Wars.1983.DVDRip.XviD.AC3.iNTERNAL-AEROHOLiCS
2010-01-16 13:07:57 ----D---- C:\Mr Scruff
2010-01-15 19:32:49 ----D---- C:\wave
2010-01-13 21:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 21:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 19:08:31 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{3689B77C-90FA-4663-91AB-5AB34383CD81}
2010-01-11 19:08:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Native Instruments
2010-01-11 19:07:40 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
2010-01-11 19:07:23 ----D---- C:\Program Files\Native Instruments
2010-01-11 17:36:46 ----D---- C:\Set
2010-01-07 20:31:25 ----D---- C:\Oliver Shanti Incarnation

======List of files/folders modified in the last 1 months======

2010-02-03 11:50:30 ----D---- C:\WINDOWS
2010-02-03 11:42:37 ----D---- C:\WINDOWS\Internet Logs
2010-02-03 11:35:03 ----D---- C:\WINDOWS\Prefetch
2010-02-03 11:27:53 ----D---- C:\WINDOWS\Temp
2010-02-03 11:27:31 ----D---- C:\Documents and Settings\Lego\Data aplikací\Skype
2010-02-03 11:03:04 ----D---- C:\Documents and Settings\Lego\Data aplikací\skypePM
2010-02-03 10:56:20 ----D---- C:\Documents and Settings\Lego\Data aplikací\uTorrent
2010-02-03 10:53:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 09:08:05 ----RD---- C:\Program Files
2010-02-03 08:17:14 ----D---- C:\Documents and Settings\Lego\Data aplikací\AIMP
2010-02-03 08:10:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-03 08:09:32 ----D---- C:\WINDOWS\Debug
2010-02-02 23:35:14 ----D---- C:\Program Files\Opera
2010-02-02 23:30:27 ----D---- C:\WINDOWS\system32
2010-02-01 22:12:36 ----D---- C:\Alfred Hitchcock Movies
2010-02-01 22:10:50 ----HD---- C:\WINDOWS\inf
2010-02-01 20:01:21 ----D---- C:\about-graffiti,streetart
2010-02-01 17:22:43 ----D---- C:\Program Files\FreeRapid-0.83u1
2010-01-31 14:14:20 ----D---- C:\Documents and Settings\Lego\Data aplikací\gtk-2.0
2010-01-25 20:40:05 ----D---- C:\Program Files\Inkscape
2010-01-23 12:57:57 ----D---- C:\Program Files\CDex_150
2010-01-21 22:40:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 22:39:57 ----D---- C:\Program Files\Internet Explorer
2010-01-21 22:39:46 ----D---- C:\WINDOWS\ie8updates
2010-01-21 22:39:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-20 20:33:42 ----D---- C:\Program Files\Graffiti Studio 2.0
2010-01-18 21:49:38 ----SHD---- C:\WINDOWS\Installer
2010-01-17 14:28:34 ----RD---- C:\movies
2010-01-17 09:00:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-14 19:03:02 ----D---- C:\WINDOWS\AppPatch
2010-01-11 19:07:23 ----D---- C:\Program Files\Common Files\Native Instruments
2010-01-09 14:34:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2010-01-08 20:50:56 ----D---- C:\Program Files\Atari
2010-01-08 20:50:55 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-04 12:54:23 ----D---- C:\Samples

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 Tetri5;Tetri5 driver; C:\WINDOWS\System32\Drivers\Tetri5.sys [2009-12-25 53088]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
S2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
S2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2009-12-25 162432]
S2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2009-12-25 12032]
S3 ab1kbkq3;ab1kbkq3; C:\WINDOWS\system32\drivers\ab1kbkq3.sys []
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-12-25 146312]
S3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-04-06 266376]
S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 Fadpu16E;Fadpu16E; \??\C:\DOCUME~1\Lego\LOCALS~1\Temp\Fadpu16E.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-10-30 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AutoExNT;AutoExNT; C:\WINDOWS\system32\AutoExNT.Exe [2009-08-07 5904]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-19 133104]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-10 153376]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-12-25 419096]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-07 49152]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-06 1626112]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-09-14 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-22 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[JaRon]

C:\Program Files\pdfforge Toolbar odinstaluj + vykonaj CF >> oboje v NR

[marfee]

C:\Program Files\pdfforge Toolbar odinstaluj + vykonaj CF >> oboje v NR

No,teď mi jede v tom normalním stavu CF,už je asi v 33 fázi tak ho nechám doběžet. Pokud to stihnu tak sem pošlu ještě log,protože jdu pryč. Jak se vrátím odinstaluji ten toolbar a zase vyzkouším CF(ale už v NR)
Díky Ti!

[marfee]

ZDE LOG Z CF.Jedu pryč,večer Vám napíšu SZ.Děkují
----------------------------------------------------------------------------------------------
ComboFix 10-02-02.02 - Lego 03.02.2010 12:01:27.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.639.369 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lego\Plocha\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\Chip.dll
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-03 08:08 . 2010-02-03 10:51 -------- d-----w- c:\program files\trend micro
2010-02-03 08:06 . 2010-02-03 08:51 -------- d-----w- C:\rsit
2010-02-02 22:30 . 2010-02-02 22:30 118 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-02 20:35 . 2010-02-02 22:09 -------- d-----w- C:\Super Size Me [DVDRip][2004][Eng][BugzBunny]
2010-02-02 20:32 . 2010-02-02 21:31 -------- d-----w- C:\Earthlings [2006] [Special Extended Edition] DvDrip [Eng] + all languages' subtitles
2010-02-01 20:33 . 2010-02-01 20:33 -------- d-----w- C:\works
2010-02-01 18:39 . 2010-02-01 19:54 -------- d-----w- C:\Dave Matthews Band - Big Whiskey and the GrooGrux King 2009 UK Edition KompletlyWyred DHZ Inc Release
2010-01-24 12:16 . 2009-02-12 12:22 -------- d-----w- C:\Joshua Rifkin- (1990) Scott Joplin. Piano Rags
2010-01-23 10:29 . 2010-01-23 10:29 -------- d-----w- c:\program files\PosteRazor
2010-01-22 22:09 . 2010-01-23 02:01 -------- d-----w- C:\Mozart - The Symphonies (Telarc)
2010-01-20 18:03 . 2010-01-20 18:04 -------- d-----w- c:\program files\FLAC
2010-01-19 20:34 . 2010-01-19 20:46 -------- d-----w- C:\Planet X-Quantum-Universe(albums)
2010-01-19 19:47 . 2010-01-19 19:49 -------- d-----w- C:\Big Neighborhood-Mike Stern
2010-01-19 19:43 . 2010-01-19 19:44 -------- d-----w- c:\program files\7-Zip
2010-01-18 20:49 . 2010-01-18 20:49 -------- d-----w- c:\program files\Medieval Software
2010-01-18 18:49 . 2010-01-18 19:02 -------- d-----w- C:\gavin harrison & 05Ric - drop (2007) 320k
2010-01-18 17:06 . 2010-01-24 11:47 -------- d-----w- C:\Beautiful.Losers.2008.LiMiTED.DVDRip.X264-VsHX264
2010-01-18 17:05 . 2010-01-19 11:36 -------- d-----w- C:\Rock.Fresh.2006.DVDRip.X264-VsHX264
2010-01-17 15:21 . 2010-01-17 15:21 -------- d-----w- c:\program files\SMART Technologies Inc
2010-01-17 15:07 . 2010-01-18 17:02 -------- d-----w- C:\Ratten.Till.Staden.2008.SWEDiSH.DVDRip.XviD-PiLOT
2010-01-17 09:23 . 2009-09-20 17:38 -------- d-----w- C:\In The Mood For Life (2009)
2010-01-16 19:16 . 2010-01-16 22:40 -------- d-----w- C:\Style.Wars.1983.DVDRip.XviD.AC3.iNTERNAL-AEROHOLiCS
2010-01-16 14:47 . 2010-01-16 14:47 59088 ----a-w- C:\Zeitgeist.Final.CZ.zip
2010-01-16 12:07 . 2010-01-19 21:52 -------- d-----w- C:\Mr Scruff
2010-01-15 18:32 . 2010-01-18 17:04 -------- d-----w- C:\wave
2010-01-11 18:07 . 2010-01-11 18:08 -------- d-----w- c:\program files\Native Instruments
2010-01-11 16:36 . 2010-01-15 17:33 -------- d-----w- C:\Set
2010-01-07 19:31 . 2010-01-16 12:12 -------- d-----w- C:\Oliver Shanti Incarnation

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 11:18 . 2009-10-06 19:34 -------- d-----w- c:\program files\pdfforge Toolbar
2010-02-03 10:43 . 2010-02-03 10:55 2647552 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-02-03 09:52 . 2009-12-26 10:58 972116 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-03 07:10 . 2009-12-28 22:40 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-02 22:35 . 2009-08-07 17:14 -------- d-----w- c:\program files\Opera
2010-02-01 16:22 . 2009-11-01 08:15 -------- d-----w- c:\program files\FreeRapid-0.83u1
2010-01-25 19:40 . 2009-09-24 18:14 -------- d-----w- c:\program files\Inkscape
2010-01-23 11:57 . 2009-08-12 20:47 -------- d-----w- c:\program files\CDex_150
2010-01-20 19:33 . 2009-11-16 17:55 -------- d-----w- c:\program files\Graffiti Studio 2.0
2010-01-11 18:07 . 2010-01-03 20:06 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-01-08 19:50 . 2009-12-25 09:49 -------- d-----w- c:\program files\Atari
2010-01-08 19:50 . 2009-08-17 07:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 20:08 . 2010-01-03 20:08 -------- d-----w- c:\program files\Common Files\Digidesign
2010-01-03 17:37 . 2009-10-31 20:04 -------- d-----w- c:\program files\SlySoft
2010-01-03 17:36 . 2009-08-12 12:15 -------- d-----w- c:\program files\CoreCodec
2010-01-02 20:56 . 2009-10-05 16:11 -------- d-----w- c:\program files\VstPlugins
2009-12-31 14:03 . 2009-08-07 20:52 -------- d-----w- c:\program files\SpeedFan
2009-12-25 17:26 . 2009-12-25 17:26 53088 ----a-w- c:\windows\system32\drivers\Tetri5.sys
2009-12-25 11:20 . 2009-04-15 14:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-25 11:09 . 2009-12-25 11:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-25 11:00 . 2009-12-25 10:43 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-25 10:59 . 2009-12-25 10:59 -------- d-----w- c:\program files\BitDefender
2009-12-25 10:08 . 2009-12-25 10:08 162432 ----a-w- c:\windows\system32\drivers\ithsgt.sys
2009-12-25 10:08 . 2009-12-25 10:08 12032 ----a-w- c:\windows\system32\drivers\lilsgt.sys
2009-12-25 09:47 . 2009-08-07 12:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-24 15:00 . 2009-12-21 16:33 69 ----a-w- c:\documents and settings\Lego\jagex_runescape_preferences2.dat
2009-12-24 14:12 . 2009-12-21 16:32 39 ----a-w- c:\documents and settings\Lego\jagex_runescape_preferences.dat
2009-12-23 16:15 . 2009-10-03 06:16 -------- d-----w- c:\program files\The KMPlayer
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 10:34 . 2009-09-19 12:21 -------- d-----w- c:\program files\Google
2009-12-18 23:35 . 2009-12-18 23:35 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-18 23:27 . 2009-12-18 23:27 0 ----a-w- c:\windows\system32\drivers\SETC.tmp
2009-12-15 19:04 . 2009-08-07 22:21 -------- d-----w- c:\program files\DVDFab 6
2009-12-10 19:09 . 2009-12-10 19:09 -------- d-----w- c:\program files\PowerPoint Viewer
2009-12-10 17:20 . 2001-10-25 14:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 17:20 . 2001-10-25 14:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 22:36 . 2009-12-07 22:36 -------- d-----w- c:\program files\ApoMap
2009-12-07 22:24 . 2009-12-07 21:52 -------- d-----w- c:\program files\Apophysis 2.0
2009-11-22 14:42 . 2009-12-25 11:09 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-22 14:42 . 2009-12-25 11:09 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-22 14:42 . 2009-12-25 11:09 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-21 16:46 . 2004-08-17 13:49 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 10:48 . 2009-10-30 07:49 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-31 20:07 . 2009-10-31 20:07 0 --sh--w- c:\windows\SE6963F6F.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-12-08 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"\\Nb01\EPSON SX410 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE" [2008-10-01 199680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-12-25 782336]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Lego\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Miranda IM.lnk - c:\program files\Miranda IM Dvoý k Pack 1.0\miranda32.exe [2006-7-28 471633]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
wwwpos32.exe [2004-8-17 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Miranda IM Dvořák Pack 1.0\\miranda32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [7.2.2007 23:06 49152]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [15.4.2009 15:13 146312]
R3 Tetri5;Tetri5 driver;c:\windows\system32\drivers\Tetri5.sys [25.12.2009 18:26 53088]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.8.2009 14:10 721904]
S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [7.8.2009 17:50 5904]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.9.2009 13:21 133104]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Lego\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Lego\LOCALS~1\Temp\Fadpu16E.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Obsah adresáře 'Naplánované úlohy'

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 12:21]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 12:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 12:20
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-02-03 12:25:38
ComboFix-quarantined-files.txt 2010-02-03 11:25

Před spuštěním: 3 068 575 744
Po spuštění: 3 054 624 768

- - End Of File - - CD6C6696D6997EB5F4B639EA61A7F453

[JaRon]

vycisti PC s MBAM - zajtra akciu dokoncime

[marfee]

Tady log z MBAMU
------------------
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

3.2.2010 20:36:18
mbam-log-2010-02-03 (20-36-18).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 100009
Uplynulý čas: 8 minute(s), 24 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Lego\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

[JaRon]

fajn, spust este znovu CF - log vloz

[marfee]

Zde log z CF,provedeno v NR
--------------------------------------------
ComboFix 10-02-02.02 - Lego 04.02.2010 17:23:55.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.639.499 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lego\Plocha\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-03 19:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 19:11 . 2010-02-03 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 19:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 08:08 . 2010-02-03 10:51 -------- d-----w- c:\program files\trend micro
2010-02-03 08:06 . 2010-02-03 08:51 -------- d-----w- C:\rsit
2010-02-02 22:30 . 2010-02-02 22:30 118 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-02 20:35 . 2010-02-02 22:09 -------- d-----w- C:\Super Size Me [DVDRip][2004][Eng][BugzBunny]
2010-02-02 20:32 . 2010-02-02 21:31 -------- d-----w- C:\Earthlings [2006] [Special Extended Edition] DvDrip [Eng] + all languages' subtitles
2010-02-01 20:33 . 2010-02-01 20:33 -------- d-----w- C:\works
2010-02-01 18:39 . 2010-02-01 19:54 -------- d-----w- C:\Dave Matthews Band - Big Whiskey and the GrooGrux King 2009 UK Edition KompletlyWyred DHZ Inc Release
2010-01-24 12:16 . 2009-02-12 12:22 -------- d-----w- C:\Joshua Rifkin- (1990) Scott Joplin. Piano Rags
2010-01-23 10:29 . 2010-01-23 10:29 -------- d-----w- c:\program files\PosteRazor
2010-01-22 22:09 . 2010-01-23 02:01 -------- d-----w- C:\Mozart - The Symphonies (Telarc)
2010-01-20 18:03 . 2010-01-20 18:04 -------- d-----w- c:\program files\FLAC
2010-01-19 20:34 . 2010-01-19 20:46 -------- d-----w- C:\Planet X-Quantum-Universe(albums)
2010-01-19 19:47 . 2010-01-19 19:49 -------- d-----w- C:\Big Neighborhood-Mike Stern
2010-01-19 19:43 . 2010-01-19 19:44 -------- d-----w- c:\program files\7-Zip
2010-01-18 20:49 . 2010-01-18 20:49 -------- d-----w- c:\program files\Medieval Software
2010-01-18 18:49 . 2010-01-18 19:02 -------- d-----w- C:\gavin harrison & 05Ric - drop (2007) 320k
2010-01-18 17:06 . 2010-01-24 11:47 -------- d-----w- C:\Beautiful.Losers.2008.LiMiTED.DVDRip.X264-VsHX264
2010-01-18 17:05 . 2010-01-19 11:36 -------- d-----w- C:\Rock.Fresh.2006.DVDRip.X264-VsHX264
2010-01-17 15:21 . 2010-01-17 15:21 -------- d-----w- c:\program files\SMART Technologies Inc
2010-01-17 15:07 . 2010-01-18 17:02 -------- d-----w- C:\Ratten.Till.Staden.2008.SWEDiSH.DVDRip.XviD-PiLOT
2010-01-17 09:23 . 2009-09-20 17:38 -------- d-----w- C:\In The Mood For Life (2009)
2010-01-16 19:16 . 2010-01-16 22:40 -------- d-----w- C:\Style.Wars.1983.DVDRip.XviD.AC3.iNTERNAL-AEROHOLiCS
2010-01-16 14:47 . 2010-01-16 14:47 59088 ----a-w- C:\Zeitgeist.Final.CZ.zip
2010-01-16 12:07 . 2010-01-19 21:52 -------- d-----w- C:\Mr Scruff
2010-01-15 18:32 . 2010-01-18 17:04 -------- d-----w- C:\wave
2010-01-11 18:07 . 2010-01-11 18:08 -------- d-----w- c:\program files\Native Instruments
2010-01-11 16:36 . 2010-01-15 17:33 -------- d-----w- C:\Set
2010-01-07 19:31 . 2010-01-16 12:12 -------- d-----w- C:\Oliver Shanti Incarnation

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 19:51 . 2009-12-28 22:40 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-03 11:18 . 2009-10-06 19:34 -------- d-----w- c:\program files\pdfforge Toolbar
2010-02-03 10:43 . 2010-02-03 10:55 2647552 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-02-03 09:52 . 2009-12-26 10:58 972116 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-02 22:35 . 2009-08-07 17:14 -------- d-----w- c:\program files\Opera
2010-02-01 16:22 . 2009-11-01 08:15 -------- d-----w- c:\program files\FreeRapid-0.83u1
2010-01-25 19:40 . 2009-09-24 18:14 -------- d-----w- c:\program files\Inkscape
2010-01-23 11:57 . 2009-08-12 20:47 -------- d-----w- c:\program files\CDex_150
2010-01-20 19:33 . 2009-11-16 17:55 -------- d-----w- c:\program files\Graffiti Studio 2.0
2010-01-11 18:07 . 2010-01-03 20:06 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-01-08 19:50 . 2009-12-25 09:49 -------- d-----w- c:\program files\Atari
2010-01-08 19:50 . 2009-08-17 07:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 20:08 . 2010-01-03 20:08 -------- d-----w- c:\program files\Common Files\Digidesign
2010-01-03 17:37 . 2009-10-31 20:04 -------- d-----w- c:\program files\SlySoft
2010-01-03 17:36 . 2009-08-12 12:15 -------- d-----w- c:\program files\CoreCodec
2010-01-02 20:56 . 2009-10-05 16:11 -------- d-----w- c:\program files\VstPlugins
2009-12-31 14:03 . 2009-08-07 20:52 -------- d-----w- c:\program files\SpeedFan
2009-12-25 17:26 . 2009-12-25 17:26 53088 ----a-w- c:\windows\system32\drivers\Tetri5.sys
2009-12-25 11:20 . 2009-04-15 14:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-25 11:09 . 2009-12-25 11:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-25 11:00 . 2009-12-25 10:43 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-25 10:59 . 2009-12-25 10:59 -------- d-----w- c:\program files\BitDefender
2009-12-25 10:08 . 2009-12-25 10:08 162432 ----a-w- c:\windows\system32\drivers\ithsgt.sys
2009-12-25 10:08 . 2009-12-25 10:08 12032 ----a-w- c:\windows\system32\drivers\lilsgt.sys
2009-12-25 09:47 . 2009-08-07 12:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-24 15:00 . 2009-12-21 16:33 69 ----a-w- c:\documents and settings\Lego\jagex_runescape_preferences2.dat
2009-12-24 14:12 . 2009-12-21 16:32 39 ----a-w- c:\documents and settings\Lego\jagex_runescape_preferences.dat
2009-12-23 16:15 . 2009-10-03 06:16 -------- d-----w- c:\program files\The KMPlayer
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 10:34 . 2009-09-19 12:21 -------- d-----w- c:\program files\Google
2009-12-18 23:35 . 2009-12-18 23:35 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-18 23:27 . 2009-12-18 23:27 0 ----a-w- c:\windows\system32\drivers\SETC.tmp
2009-12-15 19:04 . 2009-08-07 22:21 -------- d-----w- c:\program files\DVDFab 6
2009-12-10 19:09 . 2009-12-10 19:09 -------- d-----w- c:\program files\PowerPoint Viewer
2009-12-10 17:20 . 2001-10-25 14:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 17:20 . 2001-10-25 14:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 22:36 . 2009-12-07 22:36 -------- d-----w- c:\program files\ApoMap
2009-12-07 22:24 . 2009-12-07 21:52 -------- d-----w- c:\program files\Apophysis 2.0
2009-11-22 14:42 . 2009-12-25 11:09 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-22 14:42 . 2009-12-25 11:09 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-22 14:42 . 2009-12-25 11:09 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-21 16:46 . 2004-08-17 13:49 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 10:48 . 2009-10-30 07:49 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-31 20:07 . 2009-10-31 20:07 0 --sh--w- c:\windows\SE6963F6F.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-12-08 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"\\Nb01\EPSON SX410 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE" [2008-10-01 199680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-12-25 782336]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Lego\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Miranda IM.lnk - c:\program files\Miranda IM Dvoý k Pack 1.0\miranda32.exe [2006-7-28 471633]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
wwwpos32.exe [2004-8-17 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Miranda IM Dvořák Pack 1.0\\miranda32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R3 Tetri5;Tetri5 driver;c:\windows\system32\drivers\Tetri5.sys [25.12.2009 18:26 53088]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.8.2009 14:10 721904]
S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [7.8.2009 17:50 5904]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.9.2009 13:21 133104]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [7.2.2007 23:06 49152]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [15.4.2009 15:13 146312]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Lego\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Lego\LOCALS~1\Temp\Fadpu16E.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Obsah adresáře 'Naplánované úlohy'

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 12:21]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 12:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 17:32
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(472)
c:\windows\system32\msi.dll
.
Celkový čas: 2010-02-04 17:35:46
ComboFix-quarantined-files.txt 2010-02-04 16:35
ComboFix2.txt 2010-02-03 11:25

Před spuštěním: 2 801 246 208
Po spuštění: 2 769 371 136

- - End Of File - - FF963B24422B6BB4A64218B8BF832513

[marfee]

Ještě bych se zmínil o problému týkajicí se odinstalace pdfforge toolbaru.
Prvně jsem to zkusil Windowsackými "přidat/odebrat". Zde psal WIN něco ve smyslu,že buď je chyba v samotném programu nebo se se odinstalace nemůže umožnit z důvodu toho,že mám NR.Takže jsem to udělal ručně a složku smazal(i z koše)
CCleanerem jsem vyčistil registry(mezi níma bylo několik od pdfforge) Myslel jsem že tím program zmizí z "pridat/odebrat",nestalo se. Tak jsem to zkousel prez CCleaner a nic. Ještě poslední možnost byla taková že v tím Ccleaneru dam možnost vymazat a tudíž vymažu registry(pokud se nemýlím). CCleaner ale napsal: Něco ve stylu,že chybí MSI Installer. Zkrátka se toho nemůžu zbavit. Jelikož poslední log byl ještě z pdfforge a mohlo se něco po odstraňení změnit,do 5 minut pošlu aktualní log. S tím že i když mám PDF FORGE TOOLBAR vymazaný z disku,nějaká část registrů tam asi ještě zůstala. Chtěl bych se zeptat čím to je že svchost.exe taak zatěžuje systém...Asi nějaký paskvil,že?

P.S-Pokud vím,tak WINy fungujou tak,že když požadovaný soubor nemůžou najít(resp. jeho odinstalační program)tak se uživatele zeptají zda tento "registr" či jinak zápis můžou smazat. To mi ale systém nenabídl

[marfee]

Poslední .log z CF. Jenom nechápu proč mi smazal zálohu registru z dnešního dne,ale to vadit nebude.
---------------------------------------------------------------------------------------------------
ComboFix 10-02-02.02 - Lego 04.02.2010 21:29:05.3.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.639.476 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lego\Plocha\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lego\Dokumenty\cc_20100204_210433.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-03 19:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 19:11 . 2010-02-03 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 19:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 08:08 . 2010-02-03 10:51 -------- d-----w- c:\program files\trend micro
2010-02-03 08:06 . 2010-02-03 08:51 -------- d-----w- C:\rsit
2010-02-02 22:30 . 2010-02-02 22:30 118 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-02 20:35 . 2010-02-02 22:09 -------- d-----w- C:\Super Size Me [DVDRip][2004][Eng][BugzBunny]
2010-02-02 20:32 . 2010-02-02 21:31 -------- d-----w- C:\Earthlings [2006] [Special Extended Edition] DvDrip [Eng] + all languages' subtitles
2010-02-01 20:33 . 2010-02-01 20:33 -------- d-----w- C:\works
2010-02-01 18:39 . 2010-02-01 19:54 -------- d-----w- C:\Dave Matthews Band - Big Whiskey and the GrooGrux King 2009 UK Edition KompletlyWyred DHZ Inc Release
2010-01-24 12:16 . 2009-02-12 12:22 -------- d-----w- C:\Joshua Rifkin- (1990) Scott Joplin. Piano Rags
2010-01-23 10:29 . 2010-01-23 10:29 -------- d-----w- c:\program files\PosteRazor
2010-01-22 22:09 . 2010-01-23 02:01 -------- d-----w- C:\Mozart - The Symphonies (Telarc)
2010-01-20 18:03 . 2010-01-20 18:04 -------- d-----w- c:\program files\FLAC
2010-01-19 20:34 . 2010-01-19 20:46 -------- d-----w- C:\Planet X-Quantum-Universe(albums)
2010-01-19 19:47 . 2010-01-19 19:49 -------- d-----w- C:\Big Neighborhood-Mike Stern
2010-01-19 19:43 . 2010-01-19 19:44 -------- d-----w- c:\program files\7-Zip
2010-01-18 20:49 . 2010-01-18 20:49 -------- d-----w- c:\program files\Medieval Software
2010-01-18 18:49 . 2010-01-18 19:02 -------- d-----w- C:\gavin harrison & 05Ric - drop (2007) 320k
2010-01-18 17:06 . 2010-01-24 11:47 -------- d-----w- C:\Beautiful.Losers.2008.LiMiTED.DVDRip.X264-VsHX264
2010-01-18 17:05 . 2010-01-19 11:36 -------- d-----w- C:\Rock.Fresh.2006.DVDRip.X264-VsHX264
2010-01-17 15:21 . 2010-01-17 15:21 -------- d-----w- c:\program files\SMART Technologies Inc
2010-01-17 15:07 . 2010-01-18 17:02 -------- d-----w- C:\Ratten.Till.Staden.2008.SWEDiSH.DVDRip.XviD-PiLOT
2010-01-17 09:23 . 2009-09-20 17:38 -------- d-----w- C:\In The Mood For Life (2009)
2010-01-16 19:16 . 2010-01-16 22:40 -------- d-----w- C:\Style.Wars.1983.DVDRip.XviD.AC3.iNTERNAL-AEROHOLiCS
2010-01-16 14:47 . 2010-01-16 14:47 59088 ----a-w- C:\Zeitgeist.Final.CZ.zip
2010-01-16 12:07 . 2010-01-19 21:52 -------- d-----w- C:\Mr Scruff
2010-01-15 18:32 . 2010-01-18 17:04 -------- d-----w- C:\wave
2010-01-11 18:07 . 2010-01-11 18:08 -------- d-----w- c:\program files\Native Instruments
2010-01-11 16:36 . 2010-01-15 17:33 -------- d-----w- C:\Set
2010-01-07 19:31 . 2010-01-16 12:12 -------- d-----w- C:\Oliver Shanti Incarnation

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 19:51 . 2009-12-28 22:40 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-03 10:43 . 2010-02-03 10:55 2647552 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-02-03 09:52 . 2009-12-26 10:58 972116 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-02 22:35 . 2009-08-07 17:14 -------- d-----w- c:\program files\Opera
2010-02-01 16:22 . 2009-11-01 08:15 -------- d-----w- c:\program files\FreeRapid-0.83u1
2010-01-25 19:40 . 2009-09-24 18:14 -------- d-----w- c:\program files\Inkscape
2010-01-23 11:57 . 2009-08-12 20:47 -------- d-----w- c:\program files\CDex_150
2010-01-20 19:33 . 2009-11-16 17:55 -------- d-----w- c:\program files\Graffiti Studio 2.0
2010-01-11 18:07 . 2010-01-03 20:06 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-01-08 19:50 . 2009-12-25 09:49 -------- d-----w- c:\program files\Atari
2010-01-08 19:50 . 2009-08-17 07:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 20:08 . 2010-01-03 20:08 -------- d-----w- c:\program files\Common Files\Digidesign
2010-01-03 17:37 . 2009-10-31 20:04 -------- d-----w- c:\program files\SlySoft
2010-01-03 17:36 . 2009-08-12 12:15 -------- d-----w- c:\program files\CoreCodec
2010-01-02 20:56 . 2009-10-05 16:11 -------- d-----w- c:\program files\VstPlugins
2009-12-31 14:03 . 2009-08-07 20:52 -------- d-----w- c:\program files\SpeedFan
2009-12-25 17:26 . 2009-12-25 17:26 53088 ----a-w- c:\windows\system32\drivers\Tetri5.sys
2009-12-25 11:20 . 2009-04-15 14:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-25 11:09 . 2009-12-25 11:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-25 11:00 . 2009-12-25 10:43 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-25 10:59 . 2009-12-25 10:59 -------- d-----w- c:\program files\BitDefender
2009-12-25 10:08 . 2009-12-25 10:08 162432 ----a-w- c:\windows\system32\drivers\ithsgt.sys
2009-12-25 10:08 . 2009-12-25 10:08 12032 ----a-w- c:\windows\system32\drivers\lilsgt.sys
2009-12-25 09:47 . 2009-08-07 12:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-24 15:00 . 2009-12-21 16:33 69 ----a-w- c:\documents and settings\Lego\jagex_runescape_preferences2.dat
2009-12-24 14:12 . 2009-12-21 16:32 39 ----a-w- c:\documents and settings\Lego\jagex_runescape_preferences.dat
2009-12-23 16:15 . 2009-10-03 06:16 -------- d-----w- c:\program files\The KMPlayer
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 10:34 . 2009-09-19 12:21 -------- d-----w- c:\program files\Google
2009-12-18 23:35 . 2009-12-18 23:35 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-18 23:27 . 2009-12-18 23:27 0 ----a-w- c:\windows\system32\drivers\SETC.tmp
2009-12-15 19:04 . 2009-08-07 22:21 -------- d-----w- c:\program files\DVDFab 6
2009-12-10 19:09 . 2009-12-10 19:09 -------- d-----w- c:\program files\PowerPoint Viewer
2009-12-10 17:20 . 2001-10-25 14:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 17:20 . 2001-10-25 14:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 22:36 . 2009-12-07 22:36 -------- d-----w- c:\program files\ApoMap
2009-12-07 22:24 . 2009-12-07 21:52 -------- d-----w- c:\program files\Apophysis 2.0
2009-11-22 14:42 . 2009-12-25 11:09 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-22 14:42 . 2009-12-25 11:09 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-22 14:42 . 2009-12-25 11:09 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-21 16:46 . 2004-08-17 13:49 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 10:48 . 2009-10-30 07:49 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-31 20:07 . 2009-10-31 20:07 0 --sh--w- c:\windows\SE6963F6F.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-12-08 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"\\Nb01\EPSON SX410 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE" [2008-10-01 199680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-12-25 782336]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Lego\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Miranda IM.lnk - c:\program files\Miranda IM Dvoý k Pack 1.0\miranda32.exe [2006-7-28 471633]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
wwwpos32.exe [2004-8-17 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Miranda IM Dvořák Pack 1.0\\miranda32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R3 Tetri5;Tetri5 driver;c:\windows\system32\drivers\Tetri5.sys [25.12.2009 18:26 53088]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.8.2009 14:10 721904]
S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [7.8.2009 17:50 5904]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.9.2009 13:21 133104]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [7.2.2007 23:06 49152]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [15.4.2009 15:13 146312]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Lego\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Lego\LOCALS~1\Temp\Fadpu16E.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Obsah adresáře 'Naplánované úlohy'

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 12:21]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 12:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 21:37
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-02-04 21:40:50
ComboFix-quarantined-files.txt 2010-02-04 20:40
ComboFix2.txt 2010-02-04 16:35
ComboFix3.txt 2010-02-03 11:25

Před spuštěním: 2 772 783 104
Po spuštění: 2 737 508 352

- - End Of File - - 5CCCD4F86313429C7067522A44795D49

[JaRon]

no ciste to nie je
takze vycistit PC s MBAM, potom s CureIT - oba logy vloz

[marfee]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

5.2.2010 19:02:37
mbam-log-2010-02-05 (19-02-16).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|F:\|)
Zkontrolované objekty: 180157
Uplynulý čas: 56 minute(s), 47 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\System Volume Information\_restore{9D5E289A-4A47-4BFD-B01E-764A63DE0E80}\RP185\A0035447.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{9D5E289A-4A47-4BFD-B01E-764A63DE0E80}\RP185\A0036443.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{9D5E289A-4A47-4BFD-B01E-764A63DE0E80}\RP185\A0036547.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{9D5E289A-4A47-4BFD-B01E-764A63DE0E80}\RP185\A0036626.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{9D5E289A-4A47-4BFD-B01E-764A63DE0E80}\RP185\A0036792.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{9D5E289A-4A47-4BFD-B01E-764A63DE0E80}\RP185\A0036853.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{9D5E289A-4A47-4BFD-B01E-764A63DE0E80}\RP185\A0037018.sys (Malware.Trace) -> No action taken.





TENTO LOG JE JEště před smazáním souboru. Soubory jsem smazal. Log z CureIt pošlu za chvíli.

[marfee]

Log z CureIt je velice dlouhý a zde mi nešel poslat.
Link na soubor z logem: http://uloz.to/3892494/cureit.log