VIRY.CZ

Dobrý večer, mám tu log z jiného počítače, který byl zpomalený a po několika minutách přestával reagovat, vyhledával jsem na fóru obdobné problémy a použil jsem Mbam a Combofix. Situace je o mnoho lepší, ale poprosil bych o kotrolu logu z Combofixu, děkuji:

ComboFix 10-12-02.06 - U�ivatel 03.12.2010 21:56:46.1.1 - x86
Syst�m Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.602 [GMT 1:00]
Spu�t�n� z: c:\documents and settings\U�ivatel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvo�en nov� Bod Obnoven�
.

((((((((((((((((((((((((((((((((((((((( Ostatn� v�mazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\UIVATE~1\LOCALS~1\Temp\lsass.exe
c:\documents and settings\U�ivatel\Data aplikac�\Microsoft\looboopilu.exe
c:\documents and settings\U�ivatel\Data aplikac�\Microsoft\nygeboojoo.exe
c:\documents and settings\U�ivatel\Data aplikac�\Microsoft\wozykoufi.exe
c:\windows\nvsvc32.exe
c:\windows\system32\Drivers\zldimfny.sys

c:\windows\system32\drivers\cdrom.sys chyb�l.
Obnovena kopie z - c:\windows\$hf_mig$\KB932716-v2\SP3QFE\cdrom.sys

.
((((((((((((((((((((((((((((((((((((((( Ovlada�e/Slu�by )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_y1evdea99j
-------\Legacy_zldimfny
-------\Service_y1evdea99j
-------\Service_zldimfny

((((((((((((((((((((((((( Soubory vytvo�en� od 2010-11-03 do 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-03 20:59 . 2008-05-02 10:49 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-11-22 21:37 . 2010-11-22 21:37 -------- d-----w- c:\documents and settings\U�ivatel\Data aplikac�\Malwarebytes
2010-11-22 19:50 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 19:50 . 2010-11-22 19:50 -------- d-----w- c:\documents and settings\All Users\Data aplikac�\Malwarebytes
2010-11-22 19:50 . 2010-11-22 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 19:50 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 19:49 . 2010-11-22 19:49 -------- d-----w- c:\documents and settings\Administrator
2010-11-16 18:59 . 2010-11-16 18:59 82944 ----a-w- c:\windows\system32\drivers\sbwhxbdp.sys
2010-11-16 10:57 . 2010-11-16 10:57 82944 ----a-w- c:\windows\system32\drivers\rqzdkncj.sys
2010-11-14 22:45 . 2010-11-14 22:45 91136 ----a-w- C:\winnt7.exe
2010-11-13 07:29 . 2010-11-13 07:29 19456 ---ha-w- c:\documents and settings\U�ivatel\rxgeel.exe
2010-11-13 06:29 . 2010-11-14 22:37 90 ----a-w- C:\t6.exe
2010-11-12 22:31 . 2010-11-12 22:31 91136 ----a-w- C:\ws7.exe
2010-11-12 13:52 . 2010-11-12 13:52 91136 --sh--r- c:\documents and settings\U�ivatel\Data aplikac�\juzjf.exe
2010-11-12 13:52 . 2010-11-12 14:11 41 ----a-w- C:\QuickTime1.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M v�pis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spou�t�c� body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Pozn�mka* pr�zdn� z�znamy a legitimn� v�choz� �daje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-17 185632]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\U�ivatel\Nab�dka Start\Programy\Po spu�t�n�\
0c865u6.exe [2010-11-13 60416]
0jff2lb.exe [2010-11-12 60416]
10003d7.exe [2010-11-16 60416]
1pl4hsi.exe [2010-11-16 60416]
1xdi3e1.exe [2010-11-12 60416]
26iddup.exe [2010-11-15 60416]
31jpvbh.exe [2010-11-15 60416]
3l60c86.exe [2010-11-13 60416]
4hii3zf.exe [2010-11-16 60416]
5nyzua5.exe [2010-11-16 60416]
5yyoupf.exe [2010-11-12 60416]
6juppgq.exe [2010-11-12 60416]
8703nio.exe [2010-11-14 60416]
9r6ii3z.exe [2010-11-16 60416]
a81mxi3uu3g.exe [2010-11-14 60416]
a870nioo3.exe [2010-11-14 60416]
agmhhyttkf.exe [2010-11-15 60416]
alcxxojjuv.exe [2010-11-15 60416]
aqwmm3yj.exe [2010-11-15 60416]
bbsnnezz.exe [2010-11-15 60416]
cidtupv66m.exe [2010-11-12 60416]
cxdjavbbmni.exe [2010-11-16 60416]
ddoz3v0r.exe [2010-11-16 60416]
e1u3w1rii.exe [2010-11-22 43008]
fvwcx6yeuk.exe [2010-11-16 60416]
i3k1aq1rii.exe [2010-11-22 43008]
it26l0h71j.exe [2010-11-13 60416]
kbrmsdtu.exe [2010-11-15 60416]
kq4hsizp8bw.exe [2010-11-16 60416]
lcxxojju.exe [2010-11-15 60416]
ll87nyoe5.exe [2010-11-12 60416]
ooafwrriddu.exe [2010-11-16 60416]
ozzpqlr66.exe [2010-11-12 60416]
qqlw3iyze0.exe [2010-11-13 60416]
qwc603f7br.exe [2010-11-16 60416]
rhhyy9kf.exe [2010-11-15 60416]
s6yj26l0h.exe [2010-11-13 60416]
sn03e1ab.exe [2010-11-12 60416]
teju3w1rii5.exe [2010-11-22 43008]
to11lbhito.exe [2010-11-13 60416]
ua8cnd7jpv.exe [2010-11-16 60416]
xtjjff2lbcx.exe [2010-11-16 60416]
y9kqqhhi6o6.exe [2010-11-13 60416]
yja1qg1xdi.exe [2010-11-12 60416]
yjkpa4cio.exe [2010-11-13 60416]
z3wrx1yjfql.exe [2010-11-16 60416]
ze3a1wxc87.exe [2010-11-12 60416]
zvl4hsizp8.exe [2010-11-16 60416]

c:\documents and settings\U�ivatel\Nab�dka Start\Programy\Po spu�t�n�\
0c865u6.exe [2010-11-13 60416]
0jff2lb.exe [2010-11-12 60416]
10003d7.exe [2010-11-16 60416]
1pl4hsi.exe [2010-11-16 60416]
1xdi3e1.exe [2010-11-12 60416]
26iddup.exe [2010-11-15 60416]
31jpvbh.exe [2010-11-15 60416]
3l60c86.exe [2010-11-13 60416]
4hii3zf.exe [2010-11-16 60416]
5nyzua5.exe [2010-11-16 60416]
5yyoupf.exe [2010-11-12 60416]
6juppgq.exe [2010-11-12 60416]
8703nio.exe [2010-11-14 60416]
9r6ii3z.exe [2010-11-16 60416]
a81mxi3uu3g.exe [2010-11-14 60416]
a870nioo3.exe [2010-11-14 60416]
agmhhyttkf.exe [2010-11-15 60416]
alcxxojjuv.exe [2010-11-15 60416]
aqwmm3yj.exe [2010-11-15 60416]
bbsnnezz.exe [2010-11-15 60416]
cidtupv66m.exe [2010-11-12 60416]
cxdjavbbmni.exe [2010-11-16 60416]
ddoz3v0r.exe [2010-11-16 60416]
e1u3w1rii.exe [2010-11-22 43008]
fvwcx6yeuk.exe [2010-11-16 60416]
i3k1aq1rii.exe [2010-11-22 43008]
it26l0h71j.exe [2010-11-13 60416]
kbrmsdtu.exe [2010-11-15 60416]
kq4hsizp8bw.exe [2010-11-16 60416]
lcxxojju.exe [2010-11-15 60416]
ll87nyoe5.exe [2010-11-12 60416]
ooafwrriddu.exe [2010-11-16 60416]
ozzpqlr66.exe [2010-11-12 60416]
qqlw3iyze0.exe [2010-11-13 60416]
qwc603f7br.exe [2010-11-16 60416]
rhhyy9kf.exe [2010-11-15 60416]
s6yj26l0h.exe [2010-11-13 60416]
sn03e1ab.exe [2010-11-12 60416]
teju3w1rii5.exe [2010-11-22 43008]
to11lbhito.exe [2010-11-13 60416]
ua8cnd7jpv.exe [2010-11-16 60416]
xtjjff2lbcx.exe [2010-11-16 60416]
y9kqqhhi6o6.exe [2010-11-13 60416]
yja1qg1xdi.exe [2010-11-12 60416]
yjkpa4cio.exe [2010-11-13 60416]
z3wrx1yjfql.exe [2010-11-16 60416]
ze3a1wxc87.exe [2010-11-12 60416]
zvl4hsizp8.exe [2010-11-16 60416]

c:\documents and settings\U�ivatel\Nab�dka Start\Programy\Po spu�t�n�\
0c865u6.exe [2010-11-13 60416]
0jff2lb.exe [2010-11-12 60416]
10003d7.exe [2010-11-16 60416]
1pl4hsi.exe [2010-11-16 60416]
1xdi3e1.exe [2010-11-12 60416]
26iddup.exe [2010-11-15 60416]
31jpvbh.exe [2010-11-15 60416]
3l60c86.exe [2010-11-13 60416]
4hii3zf.exe [2010-11-16 60416]
5nyzua5.exe [2010-11-16 60416]
5yyoupf.exe [2010-11-12 60416]
6juppgq.exe [2010-11-12 60416]
8703nio.exe [2010-11-14 60416]
9r6ii3z.exe [2010-11-16 60416]
a81mxi3uu3g.exe [2010-11-14 60416]
a870nioo3.exe [2010-11-14 60416]
agmhhyttkf.exe [2010-11-15 60416]
alcxxojjuv.exe [2010-11-15 60416]
aqwmm3yj.exe [2010-11-15 60416]
bbsnnezz.exe [2010-11-15 60416]
cidtupv66m.exe [2010-11-12 60416]
cxdjavbbmni.exe [2010-11-16 60416]
ddoz3v0r.exe [2010-11-16 60416]
e1u3w1rii.exe [2010-11-22 43008]
fvwcx6yeuk.exe [2010-11-16 60416]
i3k1aq1rii.exe [2010-11-22 43008]
it26l0h71j.exe [2010-11-13 60416]
kbrmsdtu.exe [2010-11-15 60416]
kq4hsizp8bw.exe [2010-11-16 60416]
lcxxojju.exe [2010-11-15 60416]
ll87nyoe5.exe [2010-11-12 60416]
ooafwrriddu.exe [2010-11-16 60416]
ozzpqlr66.exe [2010-11-12 60416]
qqlw3iyze0.exe [2010-11-13 60416]
qwc603f7br.exe [2010-11-16 60416]
rhhyy9kf.exe [2010-11-15 60416]
s6yj26l0h.exe [2010-11-13 60416]
sn03e1ab.exe [2010-11-12 60416]
teju3w1rii5.exe [2010-11-22 43008]
to11lbhito.exe [2010-11-13 60416]
ua8cnd7jpv.exe [2010-11-16 60416]
xtjjff2lbcx.exe [2010-11-16 60416]
y9kqqhhi6o6.exe [2010-11-13 60416]
yja1qg1xdi.exe [2010-11-12 60416]
yjkpa4cio.exe [2010-11-13 60416]
z3wrx1yjfql.exe [2010-11-16 60416]
ze3a1wxc87.exe [2010-11-12 60416]
zvl4hsizp8.exe [2010-11-16 60416]

c:\documents and settings\All Users\Nab�dka Start\Programy\Po spu�t�n�\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

c:\documents and settings\U�ivatel\Nab�dka Start\Programy\Po spu�t�n�\
0c865u6.exe [2010-11-13 60416]
0jff2lb.exe [2010-11-12 60416]
10003d7.exe [2010-11-16 60416]
1pl4hsi.exe [2010-11-16 60416]
1xdi3e1.exe [2010-11-12 60416]
26iddup.exe [2010-11-15 60416]
31jpvbh.exe [2010-11-15 60416]
3l60c86.exe [2010-11-13 60416]
4hii3zf.exe [2010-11-16 60416]
5nyzua5.exe [2010-11-16 60416]
5yyoupf.exe [2010-11-12 60416]
6juppgq.exe [2010-11-12 60416]
8703nio.exe [2010-11-14 60416]
9r6ii3z.exe [2010-11-16 60416]
a81mxi3uu3g.exe [2010-11-14 60416]
a870nioo3.exe [2010-11-14 60416]
agmhhyttkf.exe [2010-11-15 60416]
alcxxojjuv.exe [2010-11-15 60416]
aqwmm3yj.exe [2010-11-15 60416]
bbsnnezz.exe [2010-11-15 60416]
cidtupv66m.exe [2010-11-12 60416]
cxdjavbbmni.exe [2010-11-16 60416]
ddoz3v0r.exe [2010-11-16 60416]
e1u3w1rii.exe [2010-11-22 43008]
fvwcx6yeuk.exe [2010-11-16 60416]
i3k1aq1rii.exe [2010-11-22 43008]
it26l0h71j.exe [2010-11-13 60416]
kbrmsdtu.exe [2010-11-15 60416]
kq4hsizp8bw.exe [2010-11-16 60416]
lcxxojju.exe [2010-11-15 60416]
ll87nyoe5.exe [2010-11-12 60416]
ooafwrriddu.exe [2010-11-16 60416]
ozzpqlr66.exe [2010-11-12 60416]
qqlw3iyze0.exe [2010-11-13 60416]
qwc603f7br.exe [2010-11-16 60416]
rhhyy9kf.exe [2010-11-15 60416]
s6yj26l0h.exe [2010-11-13 60416]
sn03e1ab.exe [2010-11-12 60416]
teju3w1rii5.exe [2010-11-22 43008]
to11lbhito.exe [2010-11-13 60416]
ua8cnd7jpv.exe [2010-11-16 60416]
xtjjff2lbcx.exe [2010-11-16 60416]
y9kqqhhi6o6.exe [2010-11-13 60416]
yja1qg1xdi.exe [2010-11-12 60416]
yjkpa4cio.exe [2010-11-13 60416]
z3wrx1yjfql.exe [2010-11-16 60416]
ze3a1wxc87.exe [2010-11-12 60416]
zvl4hsizp8.exe [2010-11-16 60416]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"d:\\Dokumenty\\Sta�en� soubory\\P1876832.JPG-www.facebook(2).exe"= c:\\WINDOWS\\nvsvc32.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [22.12.2007 17:08 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [22.12.2007 17:08 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 13:16 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.8.2009 12:31 222968]
S2 gupdate;Slu�ba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.8.2010 16:05 136176]
S2 rqzdkncj;rqzdkncj;c:\windows\system32\drivers\rqzdkncj.sys [16.11.2010 11:57 82944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
.
Obsah adres��e 'Napl�novan� �lohy'

2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 15:04]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 15:04]

2010-12-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
.
.
------- Dopl�kov� sken -------
.
uStart Page = hxxp://googleure.com
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\U�ivatel\Data aplikac�\Mozilla\Firefox\Profiles\sxic4otn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\U�ivatel\Data aplikac�\Mozilla\Firefox\Profiles\sxic4otn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATN� POLO�KY ODSTRAN�N� Z REGISTRU - - - -

Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-befakur - c:\documents and settings\U�ivatel\Data aplikac�\Microsoft\nygeboojoo.exe
HKLM-Run-BroadcomWireless - c:\program files\Broadcom\Wireless\Utility\WlanUtil.exe
HKLM-Run-befakur - c:\windows\system32\nygeboojoo.exe
SafeBoot-rqzdkncj
SafeBoot-zldimfny.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 22:01
Windows 5.1.2600 Service Pack 2 NTFS

skenov�n� skryt�ch proces� ...

skenov�n� skryt�ch polo�ek 'Po spu�t�n�' ...

skenov�n� skryt�ch soubor� ...

sken byl �spe�n� dokon�en
skryt� soubory: 0

**************************************************************************
.
--------------------- Knihovny nav�zan� na b��c� procesy ---------------------

- - - - - - - > 'explorer.exe'(3608)
c:\program files\CursorXP\CurXP0.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Jin� spu�ten� procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\docume~1\UIVATE~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkov� �as: 2010-12-03 22:05:24 - po��ta� byl restartov�n
ComboFix-quarantined-files.txt 2010-12-03 21:05

P�ed spu�t�n�m: 683�114�496
Po spu�t�n�: 1�565�110�272

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E487B400426B0C108F9F92592B7EEF69

Zdravím,

všichni tady upozorňujeme, že CF se má používat až na doporučení rádce - jsou tam rizika a stejně se musí dočistit scriptem.

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno

dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu -> „Execute“ -> „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit. (C:\avenger.txt)

Script

Kód: Vybrat vše

Files to delete:
c:\windows\system32\drivers\sbwhxbdp.sys
c:\windows\system32\drivers\rqzdkncj.sys
C:\winnt7.exe
c:\documents and settings\Uživatel\rxgeel.exe
C:\t6.exe
C:\ws7.exe
c:\documents and settings\Uživatel\Data aplikací\juzjf.exe
C:\QuickTime1.exe

Drivers to delete:
sbwhxbdp
rqzdkncj

udělej scan RSIT a dej mi log http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

Provedl jsem, během práce RSITu vyskočilo chybové hlášení, ale proces dokončil a log vytvořil, tak snad bude v pořádku. Posílám log z avengeru po něm RSIT.

Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "c:\windows\system32\drivers\sbwhxbdp.sys" not found!
Deletion of file "c:\windows\system32\drivers\sbwhxbdp.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\drivers\rqzdkncj.sys" deleted successfully.

Error: file "C:\winnt7.exe" not found!
Deletion of file "C:\winnt7.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\documents and settings\Uživatel\rxgeel.exe" not found!
Deletion of file "c:\documents and settings\Uživatel\rxgeel.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\t6.exe" deleted successfully.

Error: file "C:\ws7.exe" not found!
Deletion of file "C:\ws7.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\documents and settings\Uživatel\Data aplikací\juzjf.exe" not found!
Deletion of file "c:\documents and settings\Uživatel\Data aplikací\juzjf.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\QuickTime1.exe" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\sbwhxbdp" not found!
Deletion of driver "sbwhxbdp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "rqzdkncj" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Log z RSITu:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Uživatel at 2010-12-04 11:11:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (6%) free of 20 GB
Total RAM: 1014 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:17, on 4.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

--
End of file - 6673 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-29 16132608]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-12 53248]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-21 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-21 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-21 138008]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-17 185632]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2219184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Software Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-17 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqzdkncj]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqzdkncj]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"d:\Dokumenty\Stažené soubory\P1876832.JPG-www.facebook(2).exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-04 11:07:37 ----D---- C:\rsit
2010-12-04 11:07:37 ----D---- C:\Program Files\trend micro
2010-12-04 10:58:34 ----D---- C:\Avenger
2010-12-04 10:58:34 ----A---- C:\avenger.txt
2010-12-03 23:10:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-12-03 23:07:17 ----SHD---- C:\Config.Msi
2010-12-03 22:05:26 ----D---- C:\WINDOWS\temp
2010-12-03 22:05:24 ----A---- C:\ComboFix.txt
2010-12-03 21:59:39 ----A---- C:\WINDOWS\system32\drivers\cdrom.sys
2010-12-03 21:56:06 ----A---- C:\Boot.bak
2010-12-03 21:56:01 ----RASHD---- C:\cmdcons
2010-12-03 21:53:53 ----A---- C:\WINDOWS\zip.exe
2010-12-03 21:53:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-03 21:53:53 ----A---- C:\WINDOWS\SWSC.exe
2010-12-03 21:53:53 ----A---- C:\WINDOWS\SWREG.exe
2010-12-03 21:53:53 ----A---- C:\WINDOWS\sed.exe
2010-12-03 21:53:53 ----A---- C:\WINDOWS\PEV.exe
2010-12-03 21:53:53 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-03 21:53:53 ----A---- C:\WINDOWS\MBR.exe
2010-12-03 21:53:53 ----A---- C:\WINDOWS\grep.exe
2010-11-23 22:02:09 ----RA---- C:\Documents and Settings\Uživatel\Data aplikací\hDlkH.txt
2010-11-22 22:45:29 ----D---- C:\WINDOWS\ERDNT
2010-11-22 22:45:23 ----D---- C:\Qoobox
2010-11-22 22:37:28 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Malwarebytes
2010-11-22 20:50:36 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-22 20:50:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-11-22 20:50:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-22 20:50:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-22 20:48:37 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-22 20:44:48 ----RA---- C:\Documents and Settings\Uživatel\Data aplikací\k6jLC.txt

======List of files/folders modified in the last 1 months======

2010-12-04 11:07:37 ----RD---- C:\Program Files
2010-12-04 11:03:44 ----D---- C:\WINDOWS\system32
2010-12-04 11:03:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-04 10:58:34 ----D---- C:\WINDOWS\system32\drivers
2010-12-04 10:58:34 ----D---- C:\WINDOWS
2010-12-04 10:56:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-03 23:11:43 ----SHD---- C:\WINDOWS\Installer
2010-12-03 23:11:33 ----HD---- C:\WINDOWS\inf
2010-12-03 23:11:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-03 23:10:53 ----D---- C:\Program Files\ESET
2010-12-03 23:07:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\SweetIM
2010-12-03 23:07:19 ----D---- C:\Program Files\SweetIM
2010-12-03 23:01:48 ----D---- C:\WINDOWS\Prefetch
2010-12-03 23:01:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\ArcSoft
2010-12-03 23:01:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-03 22:01:16 ----N---- C:\WINDOWS\system.ini
2010-12-03 22:01:03 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-03 21:59:59 ----D---- C:\WINDOWS\system32\config
2010-12-03 21:59:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-03 21:59:24 ----SD---- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft
2010-12-03 21:58:27 ----D---- C:\WINDOWS\AppPatch
2010-12-03 21:58:17 ----D---- C:\Program Files\Common Files
2010-12-03 21:56:06 ----RASH---- C:\boot.ini
2010-11-22 22:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-11-22 21:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-11-22 20:49:17 ----D---- C:\Documents and Settings
2010-11-16 23:54:53 ----A---- C:\WINDOWS\wincmd.ini
2010-11-16 12:58:14 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2010-11-12 09:35:53 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-23 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-23 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-17 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-31 4424192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-25 290304]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-23 730112]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-18 810144]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-18 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dáš ho sem

Script OTM

Kód: Vybrat vše

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
"TkBellExe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqzdkncj]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqzdkncj]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"d:\Dokumenty\Stažené soubory\P1876832.JPG-www.facebook(2).exe"=-

:Files
C:\Documents and Settings\Uživatel\Data aplikací\hDlkH.txt
C:\Documents and Settings\Uživatel\Data aplikací\k6jLC.txt
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[PURITY]
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[REBOOT]

Provedl jsem, log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqzdkncj\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqzdkncj\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\d:\Dokumenty\Stažené soubory\P1876832.JPG-www.facebook(2).exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\Uživatel\Data aplikací\hDlkH.txt moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\k6jLC.txt moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1390.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1434.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16D1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17AF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1805.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP18E5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP190B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP193C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1951.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A7F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D8.tmp folder moved successfully.
C:\WINDOWS\Installer\MSIC32.tmp moved successfully.
C:\WINDOWS\Installer\MSIC3D.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Uživatel
->Temp folder emptied: 1005408 bytes
->Temporary Internet Files folder emptied: 4140781 bytes
->Java cache emptied: 58319454 bytes
->FireFox cache emptied: 79991804 bytes
->Flash cache emptied: 59007 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 137,00 mb

Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.17.2 log created on 12042010_221130

Files moved on Reboot...

Registry entries deleted on Reboot...

zdá se, že máš čisto
a jestli už nenacházíš nic podivného, tak po sobě uklidím

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Nakonec mi dej současný RSIT log

Děkuju, všechno jsem provedl podle návodu a posílám log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Uživatel at 2010-12-07 19:22:29
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (12%) free of 20 GB
Total RAM: 1014 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:22:38, on 7.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uživatel\Plocha\programy\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{13423D5D-BD15-436D-BA8B-A92BAC98C444}: NameServer = 94.142.233.120,94.142.233.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{13423D5D-BD15-436D-BA8B-A92BAC98C444}: NameServer = 94.142.233.120,94.142.233.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{13423D5D-BD15-436D-BA8B-A92BAC98C444}: NameServer = 94.142.233.120,94.142.233.140
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

--
End of file - 6353 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-29 16132608]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-12 53248]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-21 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-21 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-21 138008]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2219184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Software Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-17 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-07 19:22:29 ----D---- C:\rsit
2010-12-07 13:01:35 ----D---- C:\Program Files\Defraggler
2010-12-07 12:55:26 ----D---- C:\Program Files\CCleaner
2010-12-04 12:28:08 ----SHD---- C:\RECYCLER
2010-12-04 11:07:37 ----D---- C:\Program Files\trend micro
2010-12-03 23:10:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-12-03 23:07:17 ----SHD---- C:\Config.Msi
2010-12-03 22:05:26 ----D---- C:\WINDOWS\temp
2010-12-03 21:59:39 ----A---- C:\WINDOWS\system32\drivers\cdrom.sys
2010-12-03 21:56:06 ----A---- C:\Boot.bak
2010-12-03 21:56:01 ----RASHD---- C:\cmdcons
2010-11-22 22:45:29 ----D---- C:\WINDOWS\ERDNT
2010-11-22 22:45:23 ----D---- C:\Qoobox
2010-11-22 22:37:28 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Malwarebytes
2010-11-22 20:50:36 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-22 20:50:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-11-22 20:50:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-22 20:50:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

======List of files/folders modified in the last 1 months======

2010-12-07 13:01:48 ----D---- C:\WINDOWS\Prefetch
2010-12-07 13:01:35 ----RD---- C:\Program Files
2010-12-07 12:57:05 ----D---- C:\Program Files\Winamp
2010-12-07 12:56:41 ----D---- C:\WINDOWS\system32
2010-12-07 12:56:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-07 12:56:32 ----D---- C:\WINDOWS\Debug
2010-12-07 12:56:32 ----D---- C:\WINDOWS
2010-12-07 12:51:36 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-12-07 10:15:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-07 01:28:34 ----D---- C:\Program Files\ICQ6.5
2010-12-06 20:32:57 ----A---- C:\WINDOWS\wincmd.ini
2010-12-04 22:12:37 ----SHD---- C:\System Volume Information
2010-12-04 22:12:37 ----D---- C:\WINDOWS\system32\Restore
2010-12-04 22:11:49 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-04 22:11:45 ----SHD---- C:\WINDOWS\Installer
2010-12-04 10:58:34 ----D---- C:\WINDOWS\system32\drivers
2010-12-03 23:11:33 ----HD---- C:\WINDOWS\inf
2010-12-03 23:10:53 ----D---- C:\Program Files\ESET
2010-12-03 23:07:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\SweetIM
2010-12-03 23:07:19 ----D---- C:\Program Files\SweetIM
2010-12-03 23:01:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\ArcSoft
2010-12-03 23:01:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-03 22:01:16 ----N---- C:\WINDOWS\system.ini
2010-12-03 21:59:59 ----D---- C:\WINDOWS\system32\config
2010-12-03 21:59:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-03 21:59:24 ----SD---- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft
2010-12-03 21:58:27 ----D---- C:\WINDOWS\AppPatch
2010-12-03 21:58:17 ----D---- C:\Program Files\Common Files
2010-12-03 21:56:06 ----RASH---- C:\boot.ini
2010-11-22 22:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-11-22 21:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-11-22 20:49:17 ----D---- C:\Documents and Settings
2010-11-12 09:35:53 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-23 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-23 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-17 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-31 4424192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-25 290304]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-23 730112]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-18 810144]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-18 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

V logu už žádné šmejdy nevidím

a pokud nemáš žádné problémy s PC, tak můžeme skončit.

super, děkuju moc.-)

Nemáš zač - rádo se stalo a jsme tady i příště Obrázek

VIRY.CZ

Prosím o kontrolu po opravě Combofixem II.

Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.

Re: Prosím o kontrolu po opravě Combofixem II.