Počítač je zpomalený a občas se uplně sekne.

Zpráva

Mary13 · #1 Příspěvek od **Mary13** » 13 srp 2010 13:26

Tady je log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Alexey at 2010-08-13 14:21:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (34%) free of 73 GB
Total RAM: 2043 MB (44% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15 66888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-07 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15 161096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"=c:\WINDOWS\system32\AccelerometerSt.Exe [2008-06-09 82224]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1044480]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-03-24 884736]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1040384]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-10-14 1871872]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-08-19 30208]
"VistaIcon"=C:\Program Files\VistaDriveIcon\VistaDrv.exe [2008-01-02 132096]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"uTorrent"=D:\utorrent(3).exe [2010-05-27 322352]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-06 26102056]

C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Alexey\Главное меню\Программы\Автозагрузка
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-08 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-03-02 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-15 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSharedDocuments"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-08-13 14:21:45 ----D---- C:\Program Files\trend micro
2010-08-13 14:21:44 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-08-13 14:21:45 ----AD---- C:\Program Files
2010-08-13 14:20:54 ----D---- C:\WINDOWS\Temp
2010-08-13 14:15:36 ----D---- C:\Documents and Settings\Alexey\Application Data\uTorrent
2010-08-13 14:15:36 ----D---- C:\Documents and Settings\Alexey\Application Data\Skype
2010-08-12 22:32:33 ----D---- C:\Program Files\Mozilla Firefox
2010-08-12 19:39:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-12 01:41:37 ----D---- C:\WINDOWS\system32\config
2010-08-11 11:56:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-11 11:49:36 ----D---- C:\Documents and Settings\Alexey\Application Data\skypePM
2010-08-11 11:49:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-08-11 11:49:08 ----D---- C:\WINDOWS
2010-07-29 21:04:44 ----D---- C:\WINDOWS\system32\drivers
2010-07-18 22:23:40 ----HD---- C:\WINDOWS\inf
2010-07-17 15:43:02 ----D---- C:\WINDOWS\Network Diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2008-05-23 24624]
R0 kl1;Kl1; C:\WINDOWS\system32\drivers\kl1.sys [2009-06-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver; C:\WINDOWS\system32\drivers\klbg.sys [2008-12-15 33808]
R0 SFAUDIO;Sonic Focus DSP Driver; C:\WINDOWS\system32\drivers\sfaudio.sys [2008-03-28 24064]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-10-09 717296]
R1 intelppm;Драйвер Intel процессора; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-08-19 14720]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-03 296976]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-08-15 5632]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-08-19 8832]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-07-08 62848]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-08 2880512]
R3 BTKRNL;Нумератор шины Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-03 879624]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-04-03 74688]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-08-19 10368]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432]
R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-07-16 20504]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-19 12160]
R3 NETw5x32;Драйвер адаптера Intel(R) Wireless WiFi Link для Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-21 3626112]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
R3 usbprint;Класс принтеров Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-08-19 25856]
R3 usbscan;Драйвер USB-сканера; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-08-19 15104]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-08-19 20608]
R3 usbvideo;USB-видеоустройство (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-08-19 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-29 288896]
S3 CCDECODE;Closed Caption декодер; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-08-19 17024]
S3 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NABTSFEC;NABTS/FEC VBI кодек; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-08-19 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-08-19 10880]
S3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2007-06-21 56448]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2009-05-20 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2009-05-20 61568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-08-19 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-08-19 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-08-19 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext кодек; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-08-19 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-03-02 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-03-02 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-08 536576]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-03-31 264800]
R2 EstradeServer;Estrade Server; C:\WINDOWS\system32\estrade_server.exe [2009-03-26 556703]
R2 FinePrint Диспетчер v6;FinePrint Диспетчер v6; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp6.exe [2008-07-11 557056]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-10-14 24064]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-06 136176]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
S3 aspnet_state;Служба состояний ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-09 654848]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 13 srp 2010 17:35

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Mary13 · #3 Příspěvek od **Mary13** » 13 srp 2010 18:14

Tak tady to je

ComboFix 10-08-12.03 - Alexey 13/08/2010 18:48:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1049.18.2043.1609 [GMT 2:00]
Spuљtмnэ z: c:\documents and settings\Alexey\Рабочий стол\ComboFix.exe
AV: Антивирус Касперского *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Антивирус Касперского *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatnн vэmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\del.bat
c:\windows\system32\Пузыри.scr
c:\windows\system32\ssField Lines.scr
c:\windows\system32\ssRibbons.scr
c:\windows\system32\SYSINTERNALS_BLUESCREEN.SCR
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((( Soubory vytvoшenй od 2010-07-13 do 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 12:21 . 2010-08-13 12:21 -------- d-----w- c:\program files\trend micro
2010-08-13 12:21 . 2010-08-13 12:22 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M vэpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 16:57 . 2009-10-02 19:53 -------- d-----w- c:\documents and settings\Alexey\Application Data\uTorrent
2010-08-13 16:01 . 2008-12-20 12:52 -------- d-----w- c:\documents and settings\Alexey\Application Data\Skype
2010-08-13 13:02 . 2008-10-10 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-11 09:49 . 2008-12-20 12:55 -------- d-----w- c:\documents and settings\Alexey\Application Data\skypePM
2010-07-29 19:04 . 2008-10-10 03:10 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 19:04 . 2008-10-10 03:10 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-06 10:35 . 2010-07-06 10:33 -------- d-----w- c:\program files\Google
2010-07-01 23:54 . 2010-07-01 23:54 45 ----a-w- c:\windows\system32\fo6lnad.sys
2010-07-01 23:47 . 2010-07-01 23:47 -------- d-----w- c:\program files\Nuhertz Technologies
2010-06-23 16:39 . 2010-06-23 16:39 -------- d-----w- c:\program files\Common Files\soft602
2010-06-23 16:39 . 2010-06-23 16:39 -------- d-----w- c:\documents and settings\Alexey\Application Data\602XML
2010-06-16 17:56 . 2010-06-16 17:56 129552 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-06-16 17:56 . 2010-06-16 17:56 129624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-06-07 19:39 . 2008-04-15 12:00 77008 ----a-w- c:\windows\system32\perfc019.dat
2010-06-07 19:39 . 2008-04-15 12:00 448666 ----a-w- c:\windows\system32\perfh019.dat
2008-10-21 14:20 . 2008-10-21 14:20 608 --sha-w- c:\windows\system32\winzvprt5.sys
2009-10-06 22:29 . 2008-10-10 03:09 3225632 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 22:29 . 2008-10-10 03:09 491552 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-06 22:33 . 2009-10-06 22:33 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
.

------- Sigcheck -------

[-] 2008-08-19 . 6A104BA98D99D53AB0C91825CE659FC6 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-08-19 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-08-19 . 62EA07EDF5E3F3FF34EFF9BF7619BC64 . 1721344 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-08-21 . 66452823532746FA58EFEDBA320F46A2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-08-19 . B8B35F99DADAA5459FBA639F20045FE2 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouљtмcн body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznбmka* prбzdnй zбznamy a legitimnн vэchozн ъdaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"uTorrent"="D:\utorrent(3).exe" [2010-05-27 322352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-14 1871872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-08-19 30208]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7_011"="shell32" [X]
"ZZZZ2_FirstLogonSetting"="advpack.dll" [2009-03-08 128512]
"IE7_012"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Alexey\??????? ????\?????????\????????????\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\??????? ????\?????????\????????????\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 16:29 33808]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03/2008 08:14 24064]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14/04/2010 11:28 73728]
R2 EstradeServer;Estrade Server;c:\windows\system32\estrade_server.exe [26/03/2009 00:46 556703]
R2 FinePrint Диспетчер v6;FinePrint Диспетчер v6;c:\windows\system32\spool\drivers\w32x86\3\fpdisp6.exe [09/10/2008 07:59 557056]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [21/10/2008 16:22 20504]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 16:06 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2010 12:34 136176]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 02:40 56448]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [20/05/2009 10:33 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [20/05/2009 10:33 61568]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/10/2008 07:48 717296]

--- Ostatnн sluћby/ovladaиe v pamмti ---

*NewlyCreated* - SRSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 13:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresбшe 'Naplбnovanй ъlohy'

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 10:33]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 10:33]
.
.
------- Doplтkovэ sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.1.155:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Отправить на устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Отправить через Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - {A3400175-12F9-4220-83BF-A7210CA4003E} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNЙ POLOЋKY ODSTRANМNЙ Z REGISTRU - - - -

AddRemove-HashTab&CDClose - c:\windows\system32\Uninstall.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 19:00
Windows 5.1.2600 Service Pack 3 NTFS

skenovбnн skrytэch procesщ ...

skenovбnн skrytэch poloћek 'Po spuљtмnн' ...

skenovбnн skrytэch souborщ ...

sken byl ъspeљnм dokonиen
skrytй soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" \"--defaults-file=c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navбzanй na bмћнcн procesy ---------------------

- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(7092)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jinй spuљtenй procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkovэ иas: 2010-08-13 19:06:14 - poинtaи byl restartovбn
ComboFix-quarantined-files.txt 2010-08-13 17:06

Pшed spuљtмnнm: 26,990,632,960 байт свободно
Po spuљtмnн: 28,613,074,944 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional RU" /execute /fastdetect

- - End Of File - - 61CBCD34C3B248381D7AFB2D254221D7

#4 Příspěvek od **Rudy** » 13 srp 2010 19:13

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\fo6lnad.sys

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Obrázek

Mary13 · #5 Příspěvek od **Mary13** » 13 srp 2010 20:07

Hotovo,tady je log:

ComboFix 10-08-12.03 - Alexey 13/08/2010 20:55:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1049.18.2043.1492 [GMT 2:00]
Spuљtмnэ z: c:\documents and settings\Alexey\Рабочий стол\ComboFix.exe
Pouћitй ovlбdacн pшepнnaиe :: c:\documents and settings\Alexey\Рабочий стол\CFScript.txt
AV: Антивирус Касперского *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Антивирус Касперского *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

file zipped: c:\windows\system32\fo6lnad.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatnн vэmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fo6lnad.sys

.
((((((((((((((((((((((((( Soubory vytvoшenй od 2010-07-13 do 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 12:21 . 2010-08-13 12:21 -------- d-----w- c:\program files\trend micro
2010-08-13 12:21 . 2010-08-13 12:22 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M vэpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 19:01 . 2009-10-02 19:53 -------- d-----w- c:\documents and settings\Alexey\Application Data\uTorrent
2010-08-13 18:52 . 2008-10-10 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-13 18:35 . 2008-12-20 12:52 -------- d-----w- c:\documents and settings\Alexey\Application Data\Skype
2010-08-11 09:49 . 2008-12-20 12:55 -------- d-----w- c:\documents and settings\Alexey\Application Data\skypePM
2010-07-29 19:04 . 2008-10-10 03:10 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 19:04 . 2008-10-10 03:10 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-06 10:35 . 2010-07-06 10:33 -------- d-----w- c:\program files\Google
2010-07-01 23:47 . 2010-07-01 23:47 -------- d-----w- c:\program files\Nuhertz Technologies
2010-06-23 16:39 . 2010-06-23 16:39 -------- d-----w- c:\program files\Common Files\soft602
2010-06-23 16:39 . 2010-06-23 16:39 -------- d-----w- c:\documents and settings\Alexey\Application Data\602XML
2010-06-16 17:56 . 2010-06-16 17:56 129552 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-06-16 17:56 . 2010-06-16 17:56 129624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-06-07 19:39 . 2008-04-15 12:00 77008 ----a-w- c:\windows\system32\perfc019.dat
2010-06-07 19:39 . 2008-04-15 12:00 448666 ----a-w- c:\windows\system32\perfh019.dat
2008-10-21 14:20 . 2008-10-21 14:20 608 --sha-w- c:\windows\system32\winzvprt5.sys
2009-10-06 22:29 . 2008-10-10 03:09 3225632 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-06 22:29 . 2008-10-10 03:09 491552 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-06 22:33 . 2009-10-06 22:33 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
.

------- Sigcheck -------

[-] 2008-08-19 . 6A104BA98D99D53AB0C91825CE659FC6 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-08-19 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-08-19 . 62EA07EDF5E3F3FF34EFF9BF7619BC64 . 1721344 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-08-21 . 66452823532746FA58EFEDBA320F46A2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-08-19 . B8B35F99DADAA5459FBA639F20045FE2 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouљtмcн body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznбmka* prбzdnй zбznamy a legitimnн vэchozн ъdaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"uTorrent"="D:\utorrent(3).exe" [2010-05-27 322352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-14 1871872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-08-19 30208]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7_011"="shell32" [X]
"ZZZZ2_FirstLogonSetting"="advpack.dll" [2009-03-08 128512]
"IE7_012"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Alexey\??????? ????\?????????\????????????\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\??????? ????\?????????\????????????\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 16:29 33808]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03/2008 08:14 24064]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14/04/2010 11:28 73728]
R2 EstradeServer;Estrade Server;c:\windows\system32\estrade_server.exe [26/03/2009 00:46 556703]
R2 FinePrint Диспетчер v6;FinePrint Диспетчер v6;c:\windows\system32\spool\drivers\w32x86\3\fpdisp6.exe [09/10/2008 07:59 557056]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [21/10/2008 16:22 20504]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 16:06 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2010 12:34 136176]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 02:40 56448]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [20/05/2009 10:33 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [20/05/2009 10:33 61568]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/10/2008 07:48 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 13:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresбшe 'Naplбnovanй ъlohy'

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 10:33]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 10:33]
.
.
------- Doplтkovэ sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.1.155:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Отправить на устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Отправить через Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - {A3400175-12F9-4220-83BF-A7210CA4003E} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 21:03
Windows 5.1.2600 Service Pack 3 NTFS

skenovбnн skrytэch procesщ ...

skenovбnн skrytэch poloћek 'Po spuљtмnн' ...

skenovбnн skrytэch souborщ ...

sken byl ъspeљnм dokonиen
skrytй soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" \"--defaults-file=c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navбzanй na bмћнcн procesy ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1416)
c:\windows\system32\setupapi.dll
.
Celkovэ иas: 2010-08-13 21:05:26
ComboFix-quarantined-files.txt 2010-08-13 19:05
ComboFix2.txt 2010-08-13 17:06

Pшed spuљtмnнm: 28,616,208,384 байт свободно
Po spuљtмnн: 28,605,911,040 байт свободно

- - End Of File - - B858C64837587F70B900461013E4C6F6
Nahr nЎ probШhlo ЈspШзnШ

#6 Příspěvek od **Rudy** » 13 srp 2010 21:14

Smazáno. Ještě, prosím, otestujte tento soubor: c:\windows\system32\drivers\klick.dat online na www.virustotal.com. Výsledek oznamte.

Mary13 · #7 Příspěvek od **Mary13** » 13 srp 2010 21:20

Ta stránka se mi zatím vůbec nenačítá...:-/

#8 Příspěvek od **Rudy** » 13 srp 2010 21:23

Zkuste http://virusscan.jotti.org/ .

Mary13 · #9 Příspěvek od **Mary13** » 13 srp 2010 21:33

Prý nebyl objeven žádný škodlivý kód.

#10 Příspěvek od **Rudy** » 13 srp 2010 22:03

OK. V tom případě je log čistý. Nastala nějaká změna?

Mary13 · #11 Příspěvek od **Mary13** » 13 srp 2010 22:05

No,zatím to vypadá dobře,myslím,že už není takový zpomalený...Děkuju! Kdyby byly nějaké problémy,ozvu se:)

#12 Příspěvek od **Rudy** » 14 srp 2010 11:01

Nemáte zač!

VIRY.CZ

Počítač je zpomalený a občas se uplně sekne.

Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.

Re: Počítač je zpomalený a občas se uplně sekne.