VIRY.CZ

Spusťte CF tímto skriptem:

c:\program files\Ask.com

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

tu je log CF po spusteni scriptom



ComboFix 10-12-21.01 - cadpc . 12. 2010 0:41.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2758 [GMT 1:00]
Running from: c:\documents and settings\cadpc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\cadpc\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-21 13:19 . 2010-12-21 13:19 -------- d-----w- c:\program files\Ask.com
2010-12-15 10:18 . 2010-12-15 10:18 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Malwarebytes
2010-12-15 05:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-14 18:13 . 2010-12-14 18:13 -------- d-----w- c:\documents and settings\cadpc\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-14 18:12 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 08:07 . 2010-12-14 19:52 -------- d-----w- C:\rsit
2010-12-13 10:23 . 2010-12-13 10:23 -------- d-----w- c:\program files\Common Files\Skype
2010-12-13 08:55 . 2010-12-13 09:08 -------- d-----w- c:\program files\SourceTec
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-13 07:23 . 2010-12-13 07:23 -------- d-----w- c:\program files\QuickTime
2010-12-09 09:19 . 2010-12-09 09:17 23584 ----a-w- c:\temp\ZalohRegWinSock\ERDNT.EXE
2010-12-08 20:39 . 2010-12-08 20:39 -------- d-----w- c:\program files\CCleaner
2010-12-08 18:39 . 2010-12-08 18:39 388096 ----a-r- c:\documents and settings\cadpc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-08 18:39 . 2010-12-08 18:39 -------- d-----w- c:\program files\Trend Micro
2010-12-08 07:56 . 2010-12-21 11:00 -------- d-----w- c:\windows\system32\NtmsData
2010-12-08 07:55 . 2010-12-08 07:55 -------- d-----w- c:\documents and settings\cadpc\Application Data\Avira
2010-12-07 19:23 . 2010-12-07 19:23 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Avira
2010-12-07 19:13 . 2010-12-21 09:17 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-07 19:13 . 2010-12-07 19:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-07 19:13 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-07 19:13 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\program files\Avira
2010-12-07 09:49 . 2010-12-07 09:49 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Local Settings\Application Data\Opera
2010-12-07 08:39 . 2010-12-07 08:39 -------- d-----w- c:\program files\PDFCreator
2010-12-07 08:39 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 10:11 . 2010-11-24 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-11-24 10:10 . 2010-11-24 10:10 -------- d-----w- c:\program files\ATI Stream
2010-11-24 10:07 . 2010-11-24 10:07 -------- d-----w- C:\ATI
2010-11-23 10:05 . 2010-11-23 10:05 -------- d-----w- c:\documents and settings\cadpc\Application Data\OpenOffice.org
2010-11-23 09:14 . 2010-11-23 09:14 -------- d-----w- c:\program files\OpenOffice.org 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-01-17 14:37 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-07-27 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2007-07-27 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 03:55 . 2007-06-06 14:52 5524480 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-10-27 03:17 . 2007-06-06 14:21 16330752 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 03:10 . 2010-06-28 11:46 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 03:10 . 2010-06-28 11:46 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 03:09 . 2010-06-28 11:46 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 03:02 . 2008-01-17 14:46 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-10-27 02:51 . 2007-06-06 14:35 3958784 ----a-w- c:\windows\system32\ati3duag.dll
2010-10-27 02:50 . 2008-01-17 14:46 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:49 . 2007-06-06 14:52 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-10-27 02:48 . 2007-06-06 14:30 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-10-27 02:36 . 2007-06-06 14:25 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:30 . 2007-06-06 14:45 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-10-27 02:30 . 2007-06-06 14:45 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-10-27 02:28 . 2007-06-06 14:43 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-10-27 02:27 . 2007-06-06 14:42 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-10-27 02:26 . 2010-06-28 11:46 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:22 . 2007-06-06 14:11 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-10-27 02:20 . 2010-06-28 11:46 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 02:20 . 2008-10-29 01:25 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-27 02:20 . 2008-10-29 01:19 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:20 . 2007-06-06 14:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-10-27 02:19 . 2007-06-06 14:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 02:14 . 2007-06-06 14:04 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-10-26 13:25 . 2007-07-27 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-12-15_22.21.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-21 13:32 . 2010-12-21 13:32 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2010-12-21 13:19 . 2010-12-21 13:19 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-12-21 13:19 . 2010-12-21 13:19 2086912 c:\windows\Installer\a8189e.msi
+ 2010-12-16 14:45 . 2010-12-16 14:45 2587136 c:\windows\Installer\5026dd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\00t\\totalcmd702a\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\00t\\utorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\cadpc\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\00t\\TC 7.5 RC2\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\wLite\\wService.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\00t\\Total CMA Pack\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7. 12. 2010 20:13 135336]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [18. 3. 2010 10:26 172328]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [17. 1. 2008 16:04 38656]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8. 1. 2010 8:38 135664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2. 2. 2010 11:24 93336]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [22. 3. 2010 20:38 4935168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 08:23]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003Core.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003UA.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{2B6D4A61-9859-4C88-819B-DA8E000613C7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\cadpc\Application Data\Mozilla\Firefox\Profiles\30utvsie.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\00t\Mozilla Firefox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: GOM Player + Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 00:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(1724)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-22 00:45:24
ComboFix-quarantined-files.txt 2010-12-21 23:45
ComboFix2.txt 2010-12-21 14:19
ComboFix3.txt 2010-12-17 09:35
ComboFix4.txt 2010-12-15 22:23
ComboFix5.txt 2010-12-21 23:38

Pre-Run: 124 389 326 848 bytes free
Post-Run: 124 371 058 688 bytes free

- - End Of File - - 9DD5862725241E3C58C292DD97CB9FCF

Omlouvám se, chybička se vloudila. Spusťte ještě jednou s tímto skriptem:

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

pri pokuse o spustenie scriptu mi vypisalo: NIRCMDC is not recognized as an internal... atd asi tu hlasku poznate nebudem ju vypisovat celu, pri naslednom pokuse uz nic nepisal a prebehol CF s tymto logom:

ComboFix 10-12-21.03 - cadpc . 12. 2010 9:57.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2730 [GMT 1:00]
Running from: c:\documents and settings\cadpc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\cadpc\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_1d8.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-15 10:18 . 2010-12-15 10:18 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Malwarebytes
2010-12-15 05:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-14 18:13 . 2010-12-14 18:13 -------- d-----w- c:\documents and settings\cadpc\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-14 18:12 . 2010-12-14 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-14 18:12 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 08:07 . 2010-12-14 19:52 -------- d-----w- C:\rsit
2010-12-13 10:23 . 2010-12-13 10:23 -------- d-----w- c:\program files\Common Files\Skype
2010-12-13 08:55 . 2010-12-13 09:08 -------- d-----w- c:\program files\SourceTec
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 07:23 . 2010-12-13 07:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-13 07:23 . 2010-12-13 07:23 -------- d-----w- c:\program files\QuickTime
2010-12-09 09:19 . 2010-12-09 09:17 23584 ----a-w- c:\temp\ZalohRegWinSock\ERDNT.EXE
2010-12-08 20:39 . 2010-12-08 20:39 -------- d-----w- c:\program files\CCleaner
2010-12-08 18:39 . 2010-12-08 18:39 388096 ----a-r- c:\documents and settings\cadpc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-08 18:39 . 2010-12-08 18:39 -------- d-----w- c:\program files\Trend Micro
2010-12-08 07:56 . 2010-12-21 11:00 -------- d-----w- c:\windows\system32\NtmsData
2010-12-08 07:55 . 2010-12-08 07:55 -------- d-----w- c:\documents and settings\cadpc\Application Data\Avira
2010-12-07 19:23 . 2010-12-07 19:23 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Application Data\Avira
2010-12-07 19:13 . 2010-12-21 09:17 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-07 19:13 . 2010-12-07 19:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-07 19:13 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-07 19:13 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-07 19:13 . 2010-12-07 19:13 -------- d-----w- c:\program files\Avira
2010-12-07 09:49 . 2010-12-07 09:49 -------- d-----w- c:\documents and settings\Administrator.PCCAD\Local Settings\Application Data\Opera
2010-12-07 08:39 . 2010-12-07 08:39 -------- d-----w- c:\program files\PDFCreator
2010-12-07 08:39 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 10:11 . 2010-11-24 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-11-24 10:10 . 2010-11-24 10:10 -------- d-----w- c:\program files\ATI Stream
2010-11-24 10:07 . 2010-11-24 10:07 -------- d-----w- C:\ATI
2010-11-23 10:05 . 2010-11-23 10:05 -------- d-----w- c:\documents and settings\cadpc\Application Data\OpenOffice.org
2010-11-23 09:14 . 2010-11-23 09:14 -------- d-----w- c:\program files\OpenOffice.org 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-01-17 14:37 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-07-27 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2007-07-27 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 03:55 . 2007-06-06 14:52 5524480 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-10-27 03:17 . 2007-06-06 14:21 16330752 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 03:10 . 2010-06-28 11:46 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 03:10 . 2010-06-28 11:46 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 03:09 . 2010-06-28 11:46 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 03:02 . 2008-01-17 14:46 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-10-27 02:51 . 2007-06-06 14:35 3958784 ----a-w- c:\windows\system32\ati3duag.dll
2010-10-27 02:50 . 2008-01-17 14:46 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:49 . 2007-06-06 14:52 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-10-27 02:48 . 2007-06-06 14:30 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-10-27 02:36 . 2007-06-06 14:25 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:30 . 2007-06-06 14:45 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-10-27 02:30 . 2007-06-06 14:45 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:30 . 2007-06-06 14:45 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-10-27 02:28 . 2007-06-06 14:43 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-10-27 02:27 . 2007-06-06 14:42 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-10-27 02:26 . 2010-06-28 11:46 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:22 . 2007-06-06 14:11 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-10-27 02:20 . 2010-06-28 11:46 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 02:20 . 2008-10-29 01:25 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-27 02:20 . 2008-10-29 01:19 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:20 . 2007-06-06 14:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-10-27 02:19 . 2007-06-06 14:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 02:14 . 2007-06-06 14:04 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-10-26 13:25 . 2007-07-27 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-12-15_22.21.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-21 13:32 . 2010-12-21 13:32 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2010-12-21 13:19 . 2010-12-21 13:19 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-12-21 13:19 . 2010-12-21 13:19 2086912 c:\windows\Installer\a8189e.msi
+ 2010-12-16 14:45 . 2010-12-16 14:45 2587136 c:\windows\Installer\5026dd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\00t\\totalcmd702a\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\00t\\utorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\cadpc\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\00t\\TC 7.5 RC2\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\wLite\\wService.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\00t\\Total CMA Pack\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7. 12. 2010 20:13 135336]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [18. 3. 2010 10:26 172328]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [17. 1. 2008 16:04 38656]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8. 1. 2010 8:38 135664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2. 2. 2010 11:24 93336]
S3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [22. 3. 2010 20:38 4935168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 08:23]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 07:38]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003Core.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-57989841-725345543-1003UA.job
- c:\documents and settings\cadpc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-11 21:53]

2010-12-22 c:\windows\Tasks\User_Feed_Synchronization-{2B6D4A61-9859-4C88-819B-DA8E000613C7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\cadpc\Application Data\Mozilla\Firefox\Profiles\30utvsie.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\00t\Mozilla Firefox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: GOM Player + Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 09:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2010-12-22 10:01:08
ComboFix-quarantined-files.txt 2010-12-22 09:00
ComboFix2.txt 2010-12-21 23:45
ComboFix3.txt 2010-12-21 14:19
ComboFix4.txt 2010-12-17 09:35
ComboFix5.txt 2010-12-22 08:56

Pre-Run: 124 372 197 376 bytes free
Post-Run: 124 351 971 328 bytes free

- - End Of File - - 975EB850C859C107F876739729DF7FE9

Log již vypadá čistý. Nastala nějaká změna?

stale tuhne, zda sa mi ze i viac. stuhol pri praci v exeli, pri praci v cade, pri kopirovani dat v prostredi total commanderu. Nemal som cas riesit dalsie veci pre predvianocny zhon, vyskusam to az ked budem mat cas ale vidim to na format. nerad by som vsak znovu dotiahol spat nieco z backup-u. Pokusim sa preskenovat disk z ineho systemu. Nejaky typ na spolahlive odstranenie podozrivych veci pri vytvarani zalohy z disku?

Zkuste obnovu systému k datu, kdy korektně fungoval.

to bola jedna z prvych veci ktore som sa pokusal urobit este ked som vypisal tento tread. nepomohlo to, uz to bolo napadnute, pravdepodobne uz bmr bol napadnuty pretoze system sa mi podarilo reinstalovat az po jeho revitalizacii bmr.
Este raz vam chcem podakovat, za zaujem a cas ktory ste mi venovali.

Zkuste systém opravit z instal. média.

to bola tak isto vec ktoru som skusal, zial nepomohlo to. Stale to iste, nepredvidatelny pad pri beznej praci. Vyriesil som to az reformatovanim disku, a komplet novou instalaciou. Po novej instalacii a minimom instalovaneho software robilo pc to iste az do opravy mbr za pomoci MbrFix

OK. Děkuji za informaci.