trojský kůn

[lucka1611]

Dobrý den,

mám problém s trojským koňem. Už několikrát jsem počítač projížděla antivirem a vždy dala do karantény. Někdy se mi už nezobrazoval, ale při důkladné opětovné kontrole antivirem mi to píše: Na základě předběžných výsledků kontroly se zdá, že by ve Vašem systému mohl být škodlivý nebo nevyžádaný software.

bylo by možné počítač zkontrolovat? děkuji

[lucka1611]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Lucie at 2011-05-23 18:43:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 81 GB (81%) free of 100 GB
Total RAM: 2302 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:06, on 23.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lucie\Plocha\RSIT.exe
C:\Program Files\trend micro\Lucie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 4956 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-03-18 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit PDF Creator Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit PDF Creator Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-03-14 16861184]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2011-03-14 69632]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2011-03-14 53248]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-03-14 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======List of files/folders created in the last 1 months======

2011-05-23 18:43:52 ----D---- C:\Program Files\trend micro
2011-05-23 18:43:51 ----D---- C:\rsit
2011-05-12 01:04:55 ----A---- C:\WINDOWS\AviSplitter.INI
2011-05-04 11:40:59 ----D---- C:\WINDOWS\Sun
2011-04-26 20:30:10 ----D---- C:\Documents and Settings\Lucie\Data aplikací\BSplayer Pro
2011-04-26 20:30:10 ----D---- C:\Documents and Settings\Lucie\Data aplikací\BSplayer
2011-04-26 20:30:02 ----D---- C:\Program Files\Webteh

======List of files/folders modified in the last 1 months======

2011-05-23 18:44:00 ----D---- C:\WINDOWS\Prefetch
2011-05-23 18:43:52 ----RD---- C:\Program Files
2011-05-23 17:38:58 ----D---- C:\WINDOWS\Temp
2011-05-23 09:33:24 ----D---- C:\Program Files\Mozilla Firefox
2011-05-23 09:22:41 ----SD---- C:\WINDOWS\Tasks
2011-05-23 09:17:48 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-23 01:23:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-18 14:45:33 ----D---- C:\Program Files\TuneUp Utilities 2010
2011-05-18 14:44:44 ----SHD---- C:\WINDOWS\Installer
2011-05-16 23:31:07 ----D---- C:\Program Files\ICQ7.4
2011-05-16 21:12:16 ----D---- C:\WINDOWS
2011-05-16 21:11:51 ----D---- C:\WINDOWS\system32
2011-05-11 19:04:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-11 19:04:08 ----HD---- C:\WINDOWS\inf
2011-05-11 11:07:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-11 03:15:59 ----A---- C:\WINDOWS\system32\MRT.exe
2011-05-03 13:52:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-04-27 11:04:02 ----SD---- C:\Documents and Settings\Lucie\Data aplikací\Microsoft
2011-04-26 22:14:42 ----D---- C:\Documents and Settings\Lucie\Data aplikací\ICQ
2011-04-26 20:42:32 ----D---- C:\Documents and Settings\Lucie\Data aplikací\vlc
2011-04-26 20:21:40 ----D---- C:\Documents and Settings\Lucie\Data aplikací\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl2d468ac0;MpKsl2d468ac0; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F6474140-F159-446F-928C-9AC5FB7B6037}\MpKsl2d468ac0.sys []
R1 MpKslb83a57ec;MpKslb83a57ec; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{852E63FF-459D-4902-930E-C43035168C2E}\MpKslb83a57ec.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-03-14 1540096]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 Cam5607;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2006-11-25 792368]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2011-03-14 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2011-03-14 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2011-03-14 74752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2006-01-11 935424]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-01-11 194048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-03-14 4707328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2006-01-11 671232]
S1 MpKsl376f36cf;MpKsl376f36cf; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF4B4737-A42F-4309-843D-873E0FC05DDA}\MpKsl376f36cf.sys []
S1 MpKsl5c2e8a45;MpKsl5c2e8a45; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CAB4DFBC-50BC-4241-9D74-32DCE894C8FE}\MpKsl5c2e8a45.sys []
S1 MpKsl67cae7e5;MpKsl67cae7e5; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{01DC669D-516A-45ED-9C63-3531CA4E6837}\MpKsl67cae7e5.sys []
S1 MpKsl771bc2ad;MpKsl771bc2ad; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKsl771bc2ad.sys []
S1 MpKsla50eda38;MpKsla50eda38; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ABA3552E-295B-48A3-9513-348B663D2D84}\MpKsla50eda38.sys []
S1 MpKslbc144582;MpKslbc144582; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKslbc144582.sys []
S1 MpKsld5e8b226;MpKsld5e8b226; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EDEA5D9F-D532-4EED-897A-06DA314A5EEC}\MpKsld5e8b226.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2011-04-10 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2011-04-10 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-03-14 405504]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-04-14 153376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2011-04-14 435008]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[lucka1611]

jakym způsobem mam vypnout rezidencni stit u microsoft security essentials,?

[lucka1611]

uz vyreseno. combofix spusten.

[lucka1611]

tak mi ten log z combofixu nechce vyjet. vzdy se to pripravi a informuje, ze to bude trvat tak deset minut, ale zadny log nevyjede...

[Rudy]

Zkuste spustit CF v nouz. režimu.

[lucka1611]

muzete mi napsat, prosim, jakym zpusobem se combofix spousti pres nouzovy rezim??

[Rudy]

Restartujete PC do nouzového režimu (při úvodních postech tisknete F8, až naskočí menu, ve kterém se budete pohybovat kurzorovými šipkami. Zvýrazníte "stav nouze s prací v síti" a stisknete >Enter<). Po nastartování systému spustíte CF stejným způsobem, jako v režimu normálním.

[lucka1611]

ComboFix 11-05-22.02 - Lucie 23.05.2011 20:39:52.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2302.1994 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lucie\Dokumenty\Stažené soubory\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-23 do 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 17:39 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\mpengine.dll
2011-05-23 16:43 . 2011-05-23 16:44 -------- d-----w- c:\program files\trend micro
2011-05-23 16:43 . 2011-05-23 16:44 -------- d-----w- C:\rsit
2011-05-04 09:40 . 2011-05-04 09:40 -------- d-----w- c:\windows\Sun
2011-05-03 21:39 . 2011-05-23 18:02 -------- d-----w- c:\documents and settings\Lucie\Local Settings\Data aplikací\AskToolbar
2011-04-26 18:30 . 2011-04-26 18:31 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\BSplayer
2011-04-26 18:30 . 2011-04-26 18:30 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\BSplayer Pro
2011-04-26 18:30 . 2011-04-26 18:30 -------- d-----w- c:\program files\Webteh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2011-04-16 23:43 6962000 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-14 19:06 . 2011-04-14 19:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-14 19:06 . 2011-04-14 19:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-04-12 20:25 . 2011-04-12 20:25 319488 ----a-w- c:\windows\HideWin.exe
2011-04-10 13:49 . 2011-04-12 19:47 359016 ----a-w- c:\windows\vncutil.exe
2011-04-10 13:48 . 2011-04-12 19:47 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-04-10 13:48 . 2011-04-12 19:47 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-04-10 13:48 . 2011-04-12 19:47 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-04-10 13:48 . 2011-04-12 19:47 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-04-10 13:48 . 2011-04-12 19:47 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-14 17:26 . 2011-04-12 19:57 356352 ----a-w- c:\windows\EMCRI.dll
2011-03-14 17:26 . 2011-04-11 05:16 74752 ----a-w- c:\windows\system32\drivers\ESM7SK.sys
2011-03-14 17:26 . 2011-04-11 05:16 40064 ----a-w- c:\windows\system32\drivers\ESD7SK.sys
2011-03-14 17:26 . 2011-04-11 05:16 61056 ----a-w- c:\windows\system32\drivers\EMS7SK.sys
2011-03-14 16:45 . 2011-04-12 19:47 86016 ----a-w- c:\windows\SoundMan.exe
2011-03-14 16:45 . 2011-04-12 19:47 266240 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-03-14 16:45 . 2011-04-12 19:47 1826816 ----a-w- c:\windows\SkyTel.exe
2011-03-14 16:45 . 2011-04-12 19:47 1196032 ----a-w- c:\windows\RtlUpd.exe
2011-03-14 16:45 . 2011-04-12 19:47 9715200 ----a-w- c:\windows\RTLCPL.exe
2011-03-14 16:45 . 2011-04-12 19:47 4707328 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-03-14 16:45 . 2011-04-12 19:47 16861184 ----a-w- c:\windows\RTHDCPL.exe
2011-03-14 16:45 . 2011-04-12 20:26 69632 ----a-w- c:\windows\Alcmtr.exe
2011-03-14 16:45 . 2011-04-12 19:47 2165760 ----a-w- c:\windows\MicCal.exe
2011-03-14 16:45 . 2011-04-12 19:47 299008 ----a-w- c:\windows\system32\ALSndMgr.cpl
2011-03-14 16:45 . 2011-04-12 19:47 2808832 ----a-w- c:\windows\alcwzrd.exe
2011-03-14 16:45 . 2011-04-12 20:26 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-03-14 16:41 . 2011-04-11 05:03 77824 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-14 16:41 . 2011-04-11 05:03 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 1408000 ----a-w- c:\windows\system32\ativvaxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-03-14 16:41 . 2011-04-11 05:03 114688 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 5033984 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 6684672 ----a-w- c:\windows\system32\atioglx1.dll
2011-03-14 16:41 . 2011-04-11 05:03 151552 ----a-w- c:\windows\system32\atikvmag.dll
2011-03-14 16:41 . 2011-04-11 05:03 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2011-03-14 16:41 . 2011-04-11 05:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-03-14 16:41 . 2011-04-11 05:03 2693280 ----a-w- c:\windows\system32\ati3duag.dll
2011-03-14 16:41 . 2011-04-11 05:03 1540096 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-03-14 16:41 . 2011-04-11 05:03 405504 ----a-w- c:\windows\system32\ati2evxx.exe
2011-03-14 16:41 . 2011-04-11 05:03 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-03-14 16:41 . 2011-04-11 05:03 61440 ----a-w- c:\windows\system32\ati2evxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 41984 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 40960 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-14 16:41 . 2011-04-11 05:03 258048 ----a-w- c:\windows\system32\ati2dvag.dll
2011-03-14 16:41 . 2011-04-11 05:03 282624 ----a-w- c:\windows\system32\ati2cqag.dll
2011-03-07 05:33 . 2011-04-12 19:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:43 . 2006-03-02 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-03-14 16861184]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2011-03-14 53248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" silent loginmode=4
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
S1 MpKsl376f36cf;MpKsl376f36cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF4B4737-A42F-4309-843D-873E0FC05DDA}\MpKsl376f36cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF4B4737-A42F-4309-843D-873E0FC05DDA}\MpKsl376f36cf.sys [?]
S1 MpKsl5c2e8a45;MpKsl5c2e8a45;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CAB4DFBC-50BC-4241-9D74-32DCE894C8FE}\MpKsl5c2e8a45.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CAB4DFBC-50BC-4241-9D74-32DCE894C8FE}\MpKsl5c2e8a45.sys [?]
S1 MpKsl67cae7e5;MpKsl67cae7e5;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{01DC669D-516A-45ED-9C63-3531CA4E6837}\MpKsl67cae7e5.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{01DC669D-516A-45ED-9C63-3531CA4E6837}\MpKsl67cae7e5.sys [?]
S1 MpKsl771bc2ad;MpKsl771bc2ad;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKsl771bc2ad.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKsl771bc2ad.sys [?]
S1 MpKsla50eda38;MpKsla50eda38;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ABA3552E-295B-48A3-9513-348B663D2D84}\MpKsla50eda38.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ABA3552E-295B-48A3-9513-348B663D2D84}\MpKsla50eda38.sys [?]
S1 MpKslbc144582;MpKslbc144582;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKslbc144582.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKslbc144582.sys [?]
S1 MpKsld5e8b226;MpKsld5e8b226;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EDEA5D9F-D532-4EED-897A-06DA314A5EEC}\MpKsld5e8b226.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EDEA5D9F-D532-4EED-897A-06DA314A5EEC}\MpKsld5e8b226.sys [?]
S1 MpKsle3d17329;MpKsle3d17329;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKsle3d17329.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKsle3d17329.sys [?]
S1 MpKslf7cb13bc;MpKslf7cb13bc;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKslf7cb13bc.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKslf7cb13bc.sys [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.9.2010 17:54 1051968]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.4.2011 21:47 1691480]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.2.2010 14:41 10064]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MDMXSDK
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-05-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\xjr3uqyq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1800)
c:\windows\system32\msi.dll
.
Celkový čas: 2011-05-23 20:45:22
ComboFix-quarantined-files.txt 2011-05-23 18:45
.
Před spuštěním: Volných bajtů: 89 517 891 584
Po spuštění: Volných bajtů: 89 764 696 064
.
- - End Of File - - C5D70F0BF1C11334206BA469393CC231

[Rudy]

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[lucka1611]

ComboFix 11-05-22.02 - Lucie 23.05.2011 21:54:11.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2302.1994 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lucie\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lucie\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_102.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_101.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-23 do 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 17:39 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\mpengine.dll
2011-05-23 16:43 . 2011-05-23 16:44 -------- d-----w- c:\program files\trend micro
2011-05-23 16:43 . 2011-05-23 16:44 -------- d-----w- C:\rsit
2011-05-04 09:40 . 2011-05-04 09:40 -------- d-----w- c:\windows\Sun
2011-05-03 21:39 . 2011-05-23 18:02 -------- d-----w- c:\documents and settings\Lucie\Local Settings\Data aplikací\AskToolbar
2011-04-26 18:30 . 2011-04-26 18:31 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\BSplayer
2011-04-26 18:30 . 2011-04-26 18:30 -------- d-----w- c:\documents and settings\Lucie\Data aplikací\BSplayer Pro
2011-04-26 18:30 . 2011-04-26 18:30 -------- d-----w- c:\program files\Webteh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2011-04-16 23:43 6962000 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-14 19:06 . 2011-04-14 19:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-14 19:06 . 2011-04-14 19:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-04-12 20:25 . 2011-04-12 20:25 319488 ----a-w- c:\windows\HideWin.exe
2011-04-10 13:49 . 2011-04-12 19:47 359016 ----a-w- c:\windows\vncutil.exe
2011-04-10 13:48 . 2011-04-12 19:47 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-04-10 13:48 . 2011-04-12 19:47 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-04-10 13:48 . 2011-04-12 19:47 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-04-10 13:48 . 2011-04-12 19:47 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-04-10 13:48 . 2011-04-12 19:47 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-14 17:26 . 2011-04-12 19:57 356352 ----a-w- c:\windows\EMCRI.dll
2011-03-14 17:26 . 2011-04-11 05:16 74752 ----a-w- c:\windows\system32\drivers\ESM7SK.sys
2011-03-14 17:26 . 2011-04-11 05:16 40064 ----a-w- c:\windows\system32\drivers\ESD7SK.sys
2011-03-14 17:26 . 2011-04-11 05:16 61056 ----a-w- c:\windows\system32\drivers\EMS7SK.sys
2011-03-14 16:45 . 2011-04-12 19:47 86016 ----a-w- c:\windows\SoundMan.exe
2011-03-14 16:45 . 2011-04-12 19:47 266240 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-03-14 16:45 . 2011-04-12 19:47 1826816 ----a-w- c:\windows\SkyTel.exe
2011-03-14 16:45 . 2011-04-12 19:47 1196032 ----a-w- c:\windows\RtlUpd.exe
2011-03-14 16:45 . 2011-04-12 19:47 9715200 ----a-w- c:\windows\RTLCPL.exe
2011-03-14 16:45 . 2011-04-12 19:47 4707328 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-03-14 16:45 . 2011-04-12 19:47 16861184 ----a-w- c:\windows\RTHDCPL.exe
2011-03-14 16:45 . 2011-04-12 20:26 69632 ----a-w- c:\windows\Alcmtr.exe
2011-03-14 16:45 . 2011-04-12 19:47 2165760 ----a-w- c:\windows\MicCal.exe
2011-03-14 16:45 . 2011-04-12 19:47 299008 ----a-w- c:\windows\system32\ALSndMgr.cpl
2011-03-14 16:45 . 2011-04-12 19:47 2808832 ----a-w- c:\windows\alcwzrd.exe
2011-03-14 16:45 . 2011-04-12 20:26 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-03-14 16:41 . 2011-04-11 05:03 77824 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-14 16:41 . 2011-04-11 05:03 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 1408000 ----a-w- c:\windows\system32\ativvaxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-03-14 16:41 . 2011-04-11 05:03 114688 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 5033984 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 6684672 ----a-w- c:\windows\system32\atioglx1.dll
2011-03-14 16:41 . 2011-04-11 05:03 151552 ----a-w- c:\windows\system32\atikvmag.dll
2011-03-14 16:41 . 2011-04-11 05:03 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2011-03-14 16:41 . 2011-04-11 05:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-03-14 16:41 . 2011-04-11 05:03 2693280 ----a-w- c:\windows\system32\ati3duag.dll
2011-03-14 16:41 . 2011-04-11 05:03 1540096 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-03-14 16:41 . 2011-04-11 05:03 405504 ----a-w- c:\windows\system32\ati2evxx.exe
2011-03-14 16:41 . 2011-04-11 05:03 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-03-14 16:41 . 2011-04-11 05:03 61440 ----a-w- c:\windows\system32\ati2evxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 41984 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-14 16:41 . 2011-04-11 05:03 40960 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-14 16:41 . 2011-04-11 05:03 258048 ----a-w- c:\windows\system32\ati2dvag.dll
2011-03-14 16:41 . 2011-04-11 05:03 282624 ----a-w- c:\windows\system32\ati2cqag.dll
2011-03-07 05:33 . 2011-04-12 19:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:43 . 2006-03-02 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-23_18.43.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-02 12:00 . 2011-05-23 18:42 67312 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2011-05-23 19:56 67312 c:\windows\system32\perfc009.dat
- 2006-03-02 12:00 . 2011-05-23 18:42 77872 c:\windows\system32\perfc005.dat
+ 2006-03-02 12:00 . 2011-05-23 19:56 77872 c:\windows\system32\perfc005.dat
+ 2006-03-02 12:00 . 2011-05-23 19:56 432356 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2011-05-23 18:42 432356 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2011-05-23 19:56 428750 c:\windows\system32\perfh005.dat
- 2006-03-02 12:00 . 2011-05-23 18:42 428750 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-03-14 16861184]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2011-03-14 53248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" silent loginmode=4
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
S1 MpKsl376f36cf;MpKsl376f36cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF4B4737-A42F-4309-843D-873E0FC05DDA}\MpKsl376f36cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DF4B4737-A42F-4309-843D-873E0FC05DDA}\MpKsl376f36cf.sys [?]
S1 MpKsl52ca8c9b;MpKsl52ca8c9b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKsl52ca8c9b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKsl52ca8c9b.sys [?]
S1 MpKsl5c2e8a45;MpKsl5c2e8a45;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CAB4DFBC-50BC-4241-9D74-32DCE894C8FE}\MpKsl5c2e8a45.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CAB4DFBC-50BC-4241-9D74-32DCE894C8FE}\MpKsl5c2e8a45.sys [?]
S1 MpKsl67cae7e5;MpKsl67cae7e5;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{01DC669D-516A-45ED-9C63-3531CA4E6837}\MpKsl67cae7e5.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{01DC669D-516A-45ED-9C63-3531CA4E6837}\MpKsl67cae7e5.sys [?]
S1 MpKsl771bc2ad;MpKsl771bc2ad;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKsl771bc2ad.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKsl771bc2ad.sys [?]
S1 MpKsla50eda38;MpKsla50eda38;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ABA3552E-295B-48A3-9513-348B663D2D84}\MpKsla50eda38.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ABA3552E-295B-48A3-9513-348B663D2D84}\MpKsla50eda38.sys [?]
S1 MpKslbc144582;MpKslbc144582;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKslbc144582.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E4CEFCA8-AFCC-4615-8791-5F6A17361AE1}\MpKslbc144582.sys [?]
S1 MpKsld5e8b226;MpKsld5e8b226;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EDEA5D9F-D532-4EED-897A-06DA314A5EEC}\MpKsld5e8b226.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EDEA5D9F-D532-4EED-897A-06DA314A5EEC}\MpKsld5e8b226.sys [?]
S1 MpKsle3d17329;MpKsle3d17329;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKsle3d17329.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKsle3d17329.sys [?]
S1 MpKslf7cb13bc;MpKslf7cb13bc;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKslf7cb13bc.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{34AABE5C-DA2C-4994-B55F-B6E977531CCE}\MpKslf7cb13bc.sys [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.9.2010 17:54 1051968]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.4.2011 21:47 1691480]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.2.2010 14:41 10064]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MDMXSDK
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\documents and settings\Lucie\Data aplikací\Mozilla\Firefox\Profiles\xjr3uqyq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-05-23 21:59:00
ComboFix-quarantined-files.txt 2011-05-23 19:58
ComboFix2.txt 2011-05-23 18:45
.
Před spuštěním: Volných bajtů: 89 755 406 336
Po spuštění: Volných bajtů: 89 744 502 784
.
- - End Of File - - 16CC411036B540CE954774DE4F61A7E6

[Rudy]

Log již vypadá čistý.

[lucka1611]

a byl tam tedy skutecne nejaky vir? nebo jsem ho mela v karantene? a mam si na plose nechat ten combofix nebo jej vymazat?

nezjistil jste na zaklade logu nejaky dalsi problem ci vadu v systemu?

[Rudy]

1. CF našel AdWare AskBar a druhým skenem jsme ho odstranili, karanténu AV CF neskenuje, neboť soubory v ní jsou zcela neškodné. Karanténu lze smazat.
2. Jiné problémy, které umí dané skeny zjistit, jsem nezjistil.
3. ComboFix odinstalujte: Start>spustit>(napsat) combofix /uninstall>OK. CF se spustí a odinstaluje se.