pomaly pc, cpu na 100%, prosim o kontrolu logu

[Mio]

Logfile of random's system information tool 1.08 (written by random/random)
Run by mio at 2010-11-13 13:36:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (8%) free of 38 GB
Total RAM: 1024 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:37:39, on 13.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\WINDOWS\system32\zufivo.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\DOCUME~1\mio\LOCALS~1\Temp\lsass.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\mio\LOCALS~1\Temp\36633.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\mio\LOCALS~1\Temp\63997.exe
C:\DOCUME~1\mio\LOCALS~1\Temp\268357.exe
C:\Documents and Settings\mio\Desktop\RSIT.exe
C:\Program Files\trend micro\mio.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14780&l=dis
R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKLM\..\Run: [quidoj] C:\WINDOWS\system32\zufivo.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\mio\LOCALS~1\Temp\lsass.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\mio\qiaysl.exe \u
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\mio\LOCALS~1\Temp\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0oojaav.exe
O4 - Startup: 0u3qbmc.exe
O4 - Startup: 1eaavmm.exe
O4 - Startup: 1pa6hx6.exe
O4 - Startup: 1soojaa.exe
O4 - Startup: 2too6aa.exe
O4 - Startup: bhrnijo86a.exe
O4 - Startup: c1yuupgg.exe
O4 - Startup: c5ittpflq3.exe
O4 - Startup: cc6oo6aa6.exe
O4 - Startup: d0jfaa6mm.exe
O4 - Startup: e81qbcxnojz.exe
O4 - Startup: e81qbcxnoza.exe
O4 - Startup: e9vrhx6jee2.exe
O4 - Startup: hdttpffb.exe
O4 - Startup: i1eaavmm.exe
O4 - Startup: i6uu6gg6.exe
O4 - Startup: i70jfaa6r.exe
O4 - Startup: iiduupggbs.exe
O4 - Startup: k5g1wxc86o.exe
O4 - Startup: Logitech . Registracija izdelka.lnk = C:\Program Files\Logitech\Ereg\eReg.exe
O4 - Startup: mss31p9lmrc.exe
O4 - Startup: o1efk86m.exe
O4 - Startup: o1f70bxx.exe
O4 - Startup: o6aa6mm6.exe
O4 - Startup: q86c81oza.exe
O4 - Startup: soojaavmmh.exe
O4 - Startup: u0vlr2xnoj.exe
O4 - Startup: up081whi.exe
O4 - Startup: w6ii6uu6.exe
O4 - Startup: wxxojjavvmh.exe
O4 - Startup: x0dzuu6gg.exe
O4 - Startup: xc3ou3ab.exe
O4 - Startup: xcs31p9lm.exe
O4 - Startup: xnnjzzvl.exe
O4 - Startup: xoojaavmmhy.exe
O4 - Startup: ytte3qq3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2576407968
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASF Agent (gyleopzun) - Unknown owner - C:\WINDOWS\system32\seluti.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6678 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-03-21 46592]
"LWS"=C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [2010-05-07 165208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SeePassword"=C:\Program Files\SeePassword\SeePassword.exe []
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-07 90112]
"quidoj"=C:\WINDOWS\system32\zufivo.exe [2010-11-10 201216]
"Windows Firewall"=C:\DOCUME~1\mio\LOCALS~1\Temp\lsass.exe [2010-11-12 57344]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-07 90112]
"MSConfig"=C:\Documents and Settings\mio\qiaysl.exe [2010-11-10 19456]
"Windows Firewall"=C:\DOCUME~1\mio\LOCALS~1\Temp\lsass.exe [2010-11-12 57344]

C:\Documents and Settings\mio\Start Menu\Programs\Startup
0oojaav.exe
0u3qbmc.exe
1eaavmm.exe
1pa6hx6.exe
1soojaa.exe
2too6aa.exe
bhrnijo86a.exe
c1yuupgg.exe
c5ittpflq3.exe
cc6oo6aa6.exe
d0jfaa6mm.exe
e81qbcxnojz.exe
e81qbcxnoza.exe
e9vrhx6jee2.exe
hdttpffb.exe
i1eaavmm.exe
i6uu6gg6.exe
i70jfaa6r.exe
iiduupggbs.exe
k5g1wxc86o.exe
Logitech . Registracija izdelka.lnk - C:\Program Files\Logitech\Ereg\eReg.exe
mss31p9lmrc.exe
o1efk86m.exe
o1f70bxx.exe
o6aa6mm6.exe
q86c81oza.exe
soojaavmmh.exe
u0vlr2xnoj.exe
up081whi.exe
w6ii6uu6.exe
wxxojjavvmh.exe
x0dzuu6gg.exe
xc3ou3ab.exe
xcs31p9lm.exe
xnnjzzvl.exe
xoojaavmmhy.exe
ytte3qq3.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcndmutm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wcndmutm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\wLite\wLite.exe"="C:\Program Files\wLite\wLite.exe:*:Enabled:webcamXP"
"C:\Program Files\Logitech\Vid HD\Vid.exe"="C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD"
"C:\Documents and Settings\mio\Local Settings\Temp\pyl64.tmp\pyrun.exe"="C:\Documents and Settings\mio\Local Settings\Temp\pyl64.tmp\pyrun.exe:*:Enabled:pyrun"
"C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe"="C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe:*:Enabled:Free Studio Manager"
"C:\Program Files\VDownloader\VDownloader.exe"="C:\Program Files\VDownloader\VDownloader.exe:*:Enabled:VDownloader"
"C:\Documents and Settings\mio\Desktop\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\WINDOWS\system32\zufivo.exe"="C:\WINDOWS\system32\zufivo.exe:*:Enabled:bygu32"
"C:\WINDOWS\system32\soofoog.exe"="C:\WINDOWS\system32\soofoog.exe:*:Enabled:bygu32"
"C:\WINDOWS\system32\jymiz.exe"="C:\WINDOWS\system32\jymiz.exe:*:Enabled:bygu32"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-13 13:36:57 ----D---- C:\Program Files\trend micro
2010-11-13 13:36:47 ----D---- C:\rsit
2010-11-13 01:14:58 ----A---- C:\176.exe
2010-11-12 23:31:17 ----A---- C:\ws7.exe
2010-11-12 21:25:22 ----A---- C:\min32.exe
2010-11-12 19:05:56 ----D---- C:\Program Files\Common Files\Java
2010-11-12 19:03:48 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-12 19:03:48 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-12 19:03:48 ----A---- C:\WINDOWS\system32\java.exe
2010-11-12 14:45:11 ----A---- C:\QuickTime1.exe
2010-11-11 19:57:01 ----A---- C:\winscxs.exe
2010-11-11 19:41:51 ----A---- C:\6164.exe
2010-11-11 15:47:55 ----A---- C:\21.exe
2010-11-10 17:15:12 ----A---- C:\27.exe
2010-11-10 16:56:56 ----A---- C:\WINDOWS\system32\drivers\wcndmutm.sys
2010-11-10 03:26:34 ----A---- C:\WINDOWS\system32\seluti.exe
2010-11-10 03:26:10 ----A---- C:\WINDOWS\system32\zufivo.exe
2010-11-09 21:20:20 ----RSH---- C:\Documents and Settings\mio\Application Data\juzjf.exe
2010-11-09 21:20:10 ----A---- C:\jshd.exe
2010-11-08 02:07:20 ----A---- C:\ng.exe
2010-11-07 18:19:00 ----RSH---- C:\WINDOWS\nvsvc32.exe
2010-11-01 11:12:11 ----D---- C:\Documents and Settings\mio\Application Data\vlc
2010-10-31 13:51:17 ----D---- C:\SIERRA
2010-10-31 13:48:25 ----D---- C:\Program Files\RY's GAMES
2010-10-31 13:43:20 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-10-31 13:43:07 ----D---- C:\Program Files\DAEMON Tools Lite
2010-10-31 13:42:37 ----D---- C:\Documents and Settings\mio\Application Data\DAEMON Tools Lite
2010-10-31 13:42:34 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-10-26 05:45:16 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2010-10-15 16:47:38 ----A---- C:\WINDOWS\system32\QTUninst.dll
2010-10-15 16:47:36 ----A---- C:\WINDOWS\system32\rave.dll
2010-10-15 16:47:36 ----A---- C:\WINDOWS\system32\3DViewer.dll
2010-10-15 16:47:35 ----A---- C:\WINDOWS\system32\qd3d.dll
2010-10-15 16:47:29 ----D---- C:\Program Files\QuickTime
2010-10-15 16:47:21 ----A---- C:\WINDOWS\uninst.exe
2010-10-15 16:46:05 ----D---- C:\Program Files\Carmageddon II Carpocalypse Now
2010-10-15 16:46:01 ----A---- C:\WINDOWS\IsUninst.exe
2010-10-14 21:01:15 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2010-10-14 20:41:52 ----D---- C:\OutputFolder
2010-10-14 20:40:47 ----D---- C:\Program Files\Digiarty

======List of files/folders modified in the last 1 months======

2010-11-13 13:36:57 ----RD---- C:\Program Files
2010-11-13 13:36:25 ----AD---- C:\WINDOWS\Temp
2010-11-13 12:09:49 ----RSHD---- C:\RECYCLER
2010-11-13 07:16:52 ----D---- C:\WINDOWS\system32\logishrd
2010-11-13 02:05:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-12 21:28:23 ----D---- C:\WINDOWS\Prefetch
2010-11-12 19:06:00 ----SHD---- C:\WINDOWS\Installer
2010-11-12 19:05:56 ----D---- C:\Program Files\Common Files
2010-11-12 19:03:53 ----D---- C:\WINDOWS\system32
2010-11-12 19:03:15 ----D---- C:\Program Files\Java
2010-11-12 18:44:43 ----D---- C:\WINDOWS
2010-11-11 21:40:16 ----D---- C:\Documents and Settings\mio\Application Data\Skype
2010-11-11 18:40:52 ----D---- C:\Documents and Settings\mio\Application Data\skypePM
2010-11-10 16:56:56 ----D---- C:\WINDOWS\system32\drivers
2010-11-02 20:18:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-31 13:46:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-30 17:33:56 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-31 691696]
R0 wcndmutm;wcndmutm; C:\WINDOWS\System32\Drivers\wcndmutm.sys [2010-11-10 40128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-05-30 654508]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2010-05-07 25824]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2010-05-14 276448]
R3 LVUVC;Logitech Webcam C210(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2010-05-14 6842592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 a5nc2j29;a5nc2j29; C:\WINDOWS\system32\drivers\a5nc2j29.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FilterService;UVCFilterService; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2010-05-14 23904]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2010-05-14 114784]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 162648]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
S2 gyleopzun;ASF Agent; C:\WINDOWS\system32\seluti.exe [2010-11-10 201216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

[Mio]

pomozte prosim.. cely pc je spomaleny

[motji]

Hezké odpoledne
Zpomalený? Já se ani nedivím, takhle zavirovaný počítač se hned tak nevidí

Zazálohujte si důležitá data, pro jistotu


Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

- Ted nerestartujte počítač!



Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte combofix na beruška.com



Pokud by něco nešlo, nevěděl jste si rady, napište

[Mio]

dakujem... rkill som spustil a nechal dokoncit.. a potom spustil combofix a tiez nechal dokoncit... tu je log z combofixu...:


ComboFix 10-11-12.01 - mio 13.11.2010 15:17:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.1024.608 [GMT -8:00]
Running from: c:\documents and settings\mio\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\176.exe
C:\21.exe
C:\27.exe
C:\6164.exe
c:\docume~1\mio\LOCALS~1\Temp\lsass.exe
c:\documents and settings\mio\Application Data\juzjf.exe
c:\documents and settings\mio\qiaysl.exe
c:\documents and settings\mio\secupdat.dat
c:\documents and settings\mio\Start Menu\Programs\Startup\0oojaav.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\0u3qbmc.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\0zpfgbr.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\1eaavmm.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\1pa6hx6.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\1soojaa.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\2too6aa.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\60vq0hc.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\bhrnijo86a.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\c1yuupgg.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\c5ittpflq3.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\cc6oo6aa6.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\d0jfaa6mm.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\e81qbcxnojz.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\e81qbcxnoza.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\e9vrhx6jee2.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\hdttpffb.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\i1eaavmm.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\i6uu6gg6.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\i70jfaa6r.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\iiduupggbs.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\k5g1wxc86o.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\kabg81sdez.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\mss31p9lmrc.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\o1efk86m.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\o1f70bxx.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\o6aa6mm6.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\q86c81oza.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\soojaavmmh.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\u0vlr2xnoj.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\up081whi.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\uzpv66m86y.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\w6ii6uu6.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\wxxojjavvmh.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\x0dzuu6gg.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\xc3ou3ab.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\xcs31p9lm.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\xnnjzzvl.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\xoojaavmmhy.exe
c:\documents and settings\mio\Start Menu\Programs\Startup\ytte3qq3.exe
c:\recycler\S-1-5-21-4759728782-9231849242-176116458-2697\yv8g67.exe
c:\windows\nvsvc32.exe
c:\windows\system32\Drivers\wcndmutm.sys
c:\windows\system32\secupdat.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_wcndmutm
-------\Service_wcndmutm


((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-13 21:36 . 2010-11-13 22:32 -------- d-----w- c:\program files\trend micro
2010-11-13 21:36 . 2010-11-13 21:39 -------- d-----w- C:\rsit
2010-11-13 07:31 . 2010-11-13 07:31 91136 ----a-w- C:\ws7.exe
2010-11-13 05:25 . 2010-11-13 05:25 91136 ----a-w- C:\min32.exe
2010-11-13 03:05 . 2010-11-13 03:05 -------- d-----w- c:\program files\Common Files\Java
2010-11-12 22:45 . 2010-11-13 07:33 91136 ----a-w- C:\QuickTime1.exe
2010-11-12 03:57 . 2010-11-12 04:08 0 ----a-w- C:\winscxs.exe
2010-11-10 11:26 . 2010-11-10 11:26 201216 ----a-w- c:\windows\system32\seluti.exe
2010-11-10 11:26 . 2010-11-10 11:26 201216 ----a-w- c:\windows\system32\zufivo.exe
2010-11-10 05:20 . 2010-11-10 22:47 258 ----a-w- C:\jshd.exe
2010-11-08 10:07 . 2010-11-08 10:41 462848 ----a-w- C:\ng.exe
2010-11-01 19:12 . 2010-11-03 02:08 -------- d-----w- c:\documents and settings\mio\Application Data\vlc
2010-10-31 21:51 . 2010-10-31 21:51 -------- d-----w- C:\SIERRA
2010-10-31 21:48 . 2010-10-31 21:48 -------- d-----w- c:\program files\RY's GAMES
2010-10-31 21:43 . 2010-10-31 21:43 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-31 21:43 . 2010-10-31 21:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-10-31 21:42 . 2010-10-31 21:47 -------- d-----w- c:\documents and settings\mio\Application Data\DAEMON Tools Lite
2010-10-31 21:42 . 2010-10-31 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-10-26 13:45 . 2010-10-26 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-10-16 00:46 . 2010-11-13 22:57 -------- d-----w- c:\program files\Carmageddon II Carpocalypse Now
2010-10-16 00:46 . 1998-07-30 20:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-10-16 00:45 . 2010-10-16 00:45 -------- d-----w- c:\documents and settings\mio\WINDOWS
2010-10-15 05:01 . 2010-10-15 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-10-15 04:41 . 2010-10-15 05:06 -------- d-----w- C:\OutputFolder
2010-10-15 04:40 . 2010-10-15 04:40 -------- d-----w- c:\program files\Digiarty

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 01:59 . 2010-09-16 01:59 53248 ----a-r- c:\documents and settings\mio\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-09-15 12:50 . 2010-07-31 12:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 10:29 . 2010-07-31 12:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-10 11:18 . 2010-09-09 03:49 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SoundMan"="SOUNDMAN.EXE" [2002-03-21 46592]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"quidoj"="c:\windows\system32\zufivo.exe" [2010-11-10 201216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\mio\Start Menu\Programs\Startup\
Logitech . Registracija izdelka.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Documents and Settings\\mio\\Desktop\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\WINDOWS\\system32\\zufivo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.10.2010 13:43 691696]
S2 gyleopzun;ASF Agent;c:\windows\system32\seluti.exe [10.11.2010 3:26 201216]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=14780&l=dis
FF - ProfilePath - c:\documents and settings\mio\Application Data\Mozilla\Firefox\Profiles\8rz09tne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
HKLM-Run-SeePassword - c:\program files\SeePassword\SeePassword.exe
SafeBoot-wcndmutm.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 15:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2640)
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-13 15:30:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-13 23:30

Pre-Run: 3.807.625.216 bytes free
Post-Run: 4.932.141.056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4565479F5210384CA89BE221E1AA1D86

[motji]

Combofix odvedl kus práce, ale ještě něco domažeme. Nevíte, kde jste k té nádheře přišel?


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

DDS::
uStart Page = hxxp://eu.ask.com?o=14780&l=dis

Firefox::
FF - ProfilePath - c:\documents and settings\mio\Application Data\Mozilla\Firefox\Profiles\8rz09tne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com

Driver::
gyleopzun

Collect::
c:\windows\system32\seluti.exe
c:\windows\system32\zufivo.exe
C:\jshd.exe
 C:\ng.exe
C:\ws7.exe
 C:\min32.exe
C:\QuickTime1.exe
 C:\winscxs.exe

File::
c:\documents and settings\mio\Start Menu\Programs\Startup\
Logitech . Registracija izdelka.lnk 
c:\Documents and Settings\mio\Desktop\P17535732.JPG-www.facebook.exe
c:\program files\Common Files\AskToolbarInstaller.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\mio\\Desktop\\P17535732.JPG-www.facebook.exe"= -
"c:\\WINDOWS\\system32\\zufivo.exe"=-

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Mio]

vykonaneee... podla vasho navodu, tu je log:


ComboFix 10-11-12.06 - mio 13.11.2010 16:00:54.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.1024.700 [GMT -8:00]
Running from: c:\documents and settings\mio\Desktop\beruska.com.exe
Command switches used :: c:\documents and settings\mio\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\mio\Start Menu\Programs\Startup\"

file zipped: C:\jshd.exe
file zipped: C:\min32.exe
file zipped: C:\ng.exe
file zipped: C:\QuickTime1.exe
file zipped: c:\windows\system32\seluti.exe
file zipped: c:\windows\system32\zufivo.exe
file zipped: C:\winscxs.exe
file zipped: C:\ws7.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\jshd.exe
C:\min32.exe
C:\ng.exe
C:\QuickTime1.exe
c:\windows\system32\seluti.exe
c:\windows\system32\zufivo.exe
C:\winscxs.exe
C:\ws7.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GYLEOPZUN
-------\Service_gyleopzun


((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-13 21:36 . 2010-11-13 22:32 -------- d-----w- c:\program files\trend micro
2010-11-13 21:36 . 2010-11-13 21:39 -------- d-----w- C:\rsit
2010-11-13 03:05 . 2010-11-13 03:05 -------- d-----w- c:\program files\Common Files\Java
2010-11-01 19:12 . 2010-11-03 02:08 -------- d-----w- c:\documents and settings\mio\Application Data\vlc
2010-10-31 21:51 . 2010-10-31 21:51 -------- d-----w- C:\SIERRA
2010-10-31 21:48 . 2010-10-31 21:48 -------- d-----w- c:\program files\RY's GAMES
2010-10-31 21:43 . 2010-10-31 21:43 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-31 21:43 . 2010-10-31 21:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-10-31 21:42 . 2010-10-31 21:47 -------- d-----w- c:\documents and settings\mio\Application Data\DAEMON Tools Lite
2010-10-31 21:42 . 2010-10-31 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-10-26 13:45 . 2010-10-26 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-10-16 00:46 . 2010-11-13 22:57 -------- d-----w- c:\program files\Carmageddon II Carpocalypse Now
2010-10-16 00:46 . 1998-07-30 20:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-10-16 00:45 . 2010-10-16 00:45 -------- d-----w- c:\documents and settings\mio\WINDOWS
2010-10-15 05:01 . 2010-10-15 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-10-15 04:41 . 2010-10-15 05:06 -------- d-----w- C:\OutputFolder
2010-10-15 04:40 . 2010-10-15 04:40 -------- d-----w- c:\program files\Digiarty

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 01:59 . 2010-09-16 01:59 53248 ----a-r- c:\documents and settings\mio\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-09-15 12:50 . 2010-07-31 12:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 10:29 . 2010-07-31 12:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-10 11:18 . 2010-09-09 03:49 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-11-13_23.25.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-14 00:05 . 2010-11-14 00:05 16384 c:\windows\temp\Perflib_Perfdata_1a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SoundMan"="SOUNDMAN.EXE" [2002-03-21 46592]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\mio\Start Menu\Programs\Startup\
Logitech . Registracija izdelka.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.10.2010 13:43 691696]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\mio\Application Data\Mozilla\Firefox\Profiles\8rz09tne.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-quidoj - c:\windows\system32\zufivo.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 16:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2976)
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-13 16:11:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 00:11
ComboFix2.txt 2010-11-13 23:30

Pre-Run: 4.951.928.832 bytes free
Post-Run: 4.942.270.464 bytes free

- - End Of File - - 2246B25CF50E29F12B21382701357BB6

[motji]

Tento soubor najděte a smažte
c:\program files\Common Files\AskToolbarInstaller.exe

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.


A napište, jak to vypadá s počítačem, už by to mělo být lepší

[Mio]

takze, vsetko hotovo,, zatial som nic nemazal... tu je log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 5107

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

13.11.2010 17:07:24
mbam-log-2010-11-13 (17-07-24).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 149050
Uplynulý čas: 34 min, 57 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 85

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Documents and Settings\mio\Desktop\P17535732.JPG-www.facebook.exe (Worm.Palevo) -> No action taken.
C:\Qoobox\Quarantine\C\27.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Application Data\juzjf.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\0oojaav.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\0u3qbmc.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\0zpfgbr.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\1eaavmm.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\1pa6hx6.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\1soojaa.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\2too6aa.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\60vq0hc.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\bhrnijo86a.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\c1yuupgg.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\c5ittpflq3.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\cc6oo6aa6.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\d0jfaa6mm.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\e81qbcxnojz.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\e81qbcxnoza.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\e9vrhx6jee2.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\hdttpffb.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\i1eaavmm.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\i6uu6gg6.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\i70jfaa6r.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\iiduupggbs.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\k5g1wxc86o.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\kabg81sdez.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\mss31p9lmrc.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\o1efk86m.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\o1f70bxx.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\o6aa6mm6.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\q86c81oza.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\soojaavmmh.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\u0vlr2xnoj.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\up081whi.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\uzpv66m86y.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\w6ii6uu6.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\wxxojjavvmh.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\x0dzuu6gg.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\xc3ou3ab.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\xcs31p9lm.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\xnnjzzvl.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\xoojaavmmhy.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\mio\Start Menu\Programs\Startup\ytte3qq3.exe.vir (Trojan.Lethic) -> No action taken.
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-4759728782-9231849242-176116458-2697\yv8g67.exe.vir (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP97\A0027318.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP97\A0027341.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP98\A0027374.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP98\A0027401.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0028583.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029000.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029001.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029002.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029003.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029004.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029005.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029006.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029007.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029008.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029009.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029010.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029011.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029012.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0028995.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0028997.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0028999.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029013.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029014.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029015.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029016.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029017.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029018.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029019.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029020.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029021.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029022.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029023.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029024.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029025.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029026.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029027.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029028.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029029.exe (Trojan.Lethic) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029030.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029212.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{BA2898F1-124F-46FF-A48D-570C7D399149}\RP99\A0029213.exe (Trojan.Downloader) -> No action taken.

[Mio]

inak, uz je to lepsie.. pocitac ide plynulejsie

[motji]

Co našel mbam, smažte.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?




Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky