VIRY.CZ

Dobrý den, již nějaký ten týden se mi zasekává počítač a pokud spustím správce úloh vidím, že každých 20 sekund se cpu zvysi tak na 30% a kazde 1_2 min. az na 80%. Zjistil jsem ze presne v tech okamziich se rapidne zvisi take vykon services.exe.Proto jsem si o nem na netu neco precetl a docetl se i o jinych pry podobne infikovanych souborech ktere taky mam v pocitaci.
Tady je log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-05-28 13:51:24
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 2 GB (12%) free of 15 GB
Total RAM: 752 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:51:31, on 28.5.2011
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\tardisnt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\xmesrv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINNT\system32\internat.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Agilent\IO Libraries\bin\iproc82357.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Agilent\IO Libraries\bin\iproc488.exe
C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
C:\WINNT\system32\faxsvc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
F:\Data\Vojta\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.razdva.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.centrum.cz/index.php?tool ... trum-1.0.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.45.18.113:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [gemstrmw] C:\WINNT\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [STICAP] C:\WINNT\Twain_32\iCam Tracer CCD\SnapTrap.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\RunServices: [PcEXEreg] C:\WINNT\system\kl.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Namedate] C:\Nezmeskej\nezmeskej.exe s s
O4 - HKCU\..\Run: [mxClock] C:\Documents and Settings\Administrator\Local Settings\Temp\mxClock.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: IO Control.lnk = C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm247YYCZ
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Tardis time service (Tardis) - Unknown owner - C:\WINNT\system32\tardisnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: CryptoPlus XME Engine Service (xmengine service) - Monet+, a.s. - C:\WINNT\system32\xmesrv.exe

--
End of file - 9566 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\CompOn.job
C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-764733703-1060284298-500Core1cb0e3b6c5abe0c.job
C:\WINNT\tasks\LASTUSED.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-22 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Rádio - C:\WINNT\system32\msdxm.ocx [2005-06-03 849168]
{D5D47440-0750-463D-BAEF-A47D02414806}
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll [2011-01-28 726016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"C-Media Mixer"=Mixer.exe /startup []
"NeroFilterCheck"=C:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2006-03-14 1397760]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2011-01-05 557056]
"EEventManager"=C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2006-03-17 102400]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"gemstrmw"=C:\WINNT\system32\gemstrmw.exe [2004-08-09 24576]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-06-10 185896]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-09-12 63048]
"Dimension4"=C:\Program Files\D4\D4.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"STICAP"=C:\WINNT\Twain_32\iCam Tracer CCD\SnapTrap.exe [2005-04-27 155648]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-05-10 3459712]
"SmartSync - ScheduleSync"=C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE [2005-10-21 45056]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-01-28 526336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=C:\WINNT\system32\internat.exe [2003-07-03 20752]
"PowerBar"= []
"WiFiSiStr"= []
"Camsrv"= []
"Namedate"=C:\Nezmeskej\nezmeskej.exe s s []
"mxClock"=C:\Documents and Settings\Administrator\Local Settings\Temp\mxClock.exe [2006-10-12 720482]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
"nDVDControl"= []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
IO Control.lnk - C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe
Port pro program Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINNT\system32\wlnotify.dll [2005-06-03 57104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=223

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - C:\WINNT\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-05-28 13:42:03 ----D---- C:\rsit
2011-05-28 13:42:03 ----D---- C:\Program Files\trend micro
2011-05-28 13:33:29 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Uniblue
2011-05-28 13:33:19 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-05-28 13:33:18 ----D---- C:\Program Files\Uniblue
2011-05-28 13:24:11 ----SD---- C:\ComboFix
2011-05-28 13:15:50 ----D---- C:\Program Files\ATSoftware
2011-05-28 13:06:48 ----D---- C:\WINNT\ERDNT
2011-05-28 13:06:03 ----D---- C:\Qoobox
2011-05-17 17:02:11 ----D---- C:\Program Files\EA Sports
2011-05-17 07:51:53 ----D---- C:\Program Files\vso
2011-05-17 07:47:02 ----A---- C:\WINNT\Easy Video to DVD.INI
2011-05-17 07:46:48 ----D---- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2011-05-16 16:15:57 ----D---- C:\Program Files\uTorrent
2011-05-16 16:15:26 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2011-05-14 11:13:54 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PSpad
2011-05-14 11:13:00 ----D---- C:\Program Files\PSPad editor
2011-05-14 09:56:11 ----D---- C:\Program Files\Real Alternative
2011-05-14 09:56:04 ----A---- C:\WINNT\system32\ff_vfw.dll.manifest
2011-05-14 09:56:04 ----A---- C:\WINNT\system32\ff_vfw.dll
2011-05-14 09:55:59 ----A---- C:\WINNT\system32\pthreadGC2.dll
2011-05-14 09:52:34 ----D---- C:\Program Files\The FilmMachine
2011-05-07 06:45:28 ----A---- C:\WINNT\system32\drivers\aswSnx.sys
2011-04-30 06:50:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache

======List of files/folders modified in the last 1 months======

2011-05-28 13:42:03 ----RAD---- C:\Program Files
2011-05-28 13:33:27 ----SHD---- C:\WINNT\Installer
2011-05-28 13:33:27 ----ASHD---- C:\Config.Msi
2011-05-28 13:06:48 ----AD---- C:\WINNT
2011-05-28 13:06:18 ----AD---- C:\WINNT\system32\drivers
2011-05-28 12:40:33 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2011-05-28 12:40:33 ----AD---- C:\WINNT\system32
2011-05-28 12:24:49 ----AD---- C:\WINNT\Temp
2011-05-28 06:52:53 ----D---- C:\WINNT\system32\NtmsData
2011-05-28 06:52:40 ----A---- C:\WINNT\lgfwup.ini
2011-05-28 06:52:39 ----A---- C:\WINNT\ModemLog_WELL FM-56PCI-RWM.txt
2011-05-28 06:52:39 ----A---- C:\WINNT\ModemLog_Standardní modem 33 600 bitů za sekundu #2.txt
2011-05-28 06:52:38 ----A---- C:\WINNT\AVerTV.ini
2011-05-28 06:52:37 ----D---- C:\Program Files\lg_fwupdate
2011-05-28 06:52:29 ----AD---- C:\WINNT\Debug
2011-05-28 06:51:56 ----A---- C:\lastused.txt
2011-05-28 06:51:51 ----AD---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2011-05-27 22:46:23 ----A---- C:\WINNT\SchedLgU.Txt
2011-05-27 19:43:33 ----D---- C:\Program Files\Mozilla Firefox
2011-05-27 00:22:45 ----D---- C:\Program Files\CDex
2011-05-27 00:20:47 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-23 18:57:48 ----SHD---- C:\WINNT\CSC
2011-05-23 16:10:40 ----A---- C:\WINNT\NeroDigital.ini
2011-05-17 20:34:38 ----AD---- C:\WINNT\security
2011-05-17 07:52:06 ----HD---- C:\WINNT\inf
2011-05-15 09:06:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2011-05-14 09:55:11 ----D---- C:\Program Files\AviSynth 2.5
2011-05-10 14:10:55 ----A---- C:\WINNT\system32\aswBoot.exe
2011-05-07 23:27:10 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2011-05-07 21:45:00 ----AD---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\WINNT\system32\DRIVERS\ACPI.sys [2003-07-03 163152]
R0 atapi;Standardní řadič disku IDE či ESDI; C:\WINNT\system32\DRIVERS\atapi.sys [2003-07-03 86672]
R0 Disk;Ovladač disku; C:\WINNT\system32\DRIVERS\disk.sys [2003-07-03 30768]
R0 Diskperf;Diskperf; C:\WINNT\system32\drivers\Diskperf.sys [2003-07-03 7728]
R0 dmio;Ovladač správce logických disků; C:\WINNT\System32\drivers\dmio.sys [2003-07-03 137936]
R0 dmload;dmload; C:\WINNT\System32\drivers\dmload.sys [2003-07-03 7312]
R0 FltMgr;FltMgr; C:\WINNT\system32\drivers\fltmgr.sys [2006-08-22 136912]
R0 Ftdisk;Ovladač správce svazků; C:\WINNT\system32\DRIVERS\ftdisk.sys [2005-06-03 116528]
R0 isapnp;Řadič Plug and Play sběrnice ISA/EISA; C:\WINNT\system32\DRIVERS\isapnp.sys [2003-07-03 46992]
R0 KSecDD;KSecDD; C:\WINNT\system32\drivers\KSecDD.sys [2003-09-20 71888]
R0 lpx;LPX Protocol; C:\WINNT\system32\DRIVERS\lpx.sys [2009-02-10 100840]
R0 MountMgr;MountMgr; C:\WINNT\system32\drivers\MountMgr.sys [2005-08-16 30160]
R0 Mup;Služba Multiple UNC Provider; C:\WINNT\system32\drivers\Mup.sys [2004-12-02 89328]
R0 ndasfs;ndasfs; C:\WINNT\system32\DRIVERS\ndasfs.sys [2009-02-10 285160]
R0 NDIS;Systémový ovladač NDIS; C:\WINNT\system32\drivers\NDIS.sys [2003-07-03 170928]
R0 PartMgr;PartMgr; C:\WINNT\system32\drivers\PartMgr.sys [2003-07-03 11792]
R0 PCI;Řadič sběrnice PCI; C:\WINNT\system32\DRIVERS\pci.sys [2003-07-03 59888]
R0 PxHelp20;PxHelp20; C:\WINNT\System32\Drivers\PxHelp20.sys [2006-08-25 36528]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINNT\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINNT\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINNT\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINNT\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSP;aswSP; C:\WINNT\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINNT\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2006-08-25 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-08-25 2560]
R1 hwinterface;hwinterface; C:\WINNT\System32\Drivers\hwinterface.sys [2009-05-24 3026]
R1 InCDPass;InCDPass; C:\WINNT\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINNT\system32\drivers\incdrm.sys [2006-03-14 28672]
R1 ndasfat;NDAS FAT File System Service; C:\WINNT\system32\DRIVERS\ndasfat.sys [2009-02-10 416232]
R1 ndasrofs;NDAS ROFS File System Service; C:\WINNT\system32\DRIVERS\ndasrofs.sys [2009-02-10 783848]
R1 PQNTDrv;PQNTDrv; C:\WINNT\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 aswFsBlk;aswFsBlk; C:\WINNT\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon.sys [2011-05-10 96344]
R2 DLPortIO;DriverLINX Port I/O Driver; C:\WINNT\system32\drivers\DLPortIO.sys [1996-09-27 3584]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINNT\system32\drivers\LMIRfsDriver.sys []
R2 Nbf;Protokol NetBEUI; C:\WINNT\system32\DRIVERS\nbf.sys [2003-07-03 102160]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINNT\system32\DRIVERS\nwlnkipx.sys [2003-07-03 91408]
R2 NwlnkNb;NWLink NetBIOS; C:\WINNT\system32\DRIVERS\nwlnknb.sys [2003-07-03 65520]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINNT\system32\DRIVERS\nwlnkspx.sys [2003-07-03 58480]
R2 Secdrv;Secdrv; \??\C:\WINNT\system32\drivers\SECDRV.SYS []
R2 WinVd32;WinVd32; \??\C:\WINNT\system32\WinVd32.sys []
R3 actser;actser; C:\WINNT\system32\drivers\actser.sys [2005-11-30 29440]
R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon); C:\WINNT\system32\DRIVERS\Cap7134.sys [2006-03-30 407072]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINNT\system32\drivers\cmaudio.sys [2002-07-16 379726]
R3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINNT\system32\DRIVERS\hidgame.sys [1999-10-21 8720]
R3 lmimirr;lmimirr; C:\WINNT\system32\DRIVERS\lmimirr.sys [2007-09-12 10144]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [1999-09-25 16144]
R3 ndasbus;NDAS Bus Driver; C:\WINNT\system32\DRIVERS\ndasbus.sys [2009-02-10 121320]
R3 ndasscsi;NDAS SCSI Miniport Driver; C:\WINNT\system32\DRIVERS\ndasscsi.sys [2009-02-10 276968]
R3 openhci;Ovladač otevřeného hostitelského řadiče USB; C:\WINNT\system32\DRIVERS\openhci.sys [2003-07-03 24784]
R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2003-09-19 21248]
R3 PhTVTune;Cap7134 TVTuner; C:\WINNT\system32\DRIVERS\PhTVTune.sys [2006-03-30 57152]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2003-07-03 6032]
R3 rtl8139;Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver; C:\WINNT\system32\DRIVERS\RTL8139.SYS [1999-09-25 18704]
R3 SiS630;SiS630; C:\WINNT\system32\DRIVERS\sis630p.sys [2002-07-25 160563]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINNT\system32\DRIVERS\usbhub.sys [2003-07-03 40176]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINNT\system32\DRIVERS\vsb.sys [2005-11-30 15264]
R3 Winacpci;Winacpci; C:\WINNT\system32\DRIVERS\winacpci.sys [1999-11-03 900528]
R4 InCDfs;InCD File System; C:\WINNT\system32\drivers\InCDfs.sys [2005-07-08 99584]
S0 lfsfilt;NDAS Lean File Sharing Service; C:\WINNT\system32\DRIVERS\lfsfilt.sys [2009-02-10 274920]
S1 aswSnx;aswSnx; C:\WINNT\system32\drivers\aswSnx.sys [2011-05-10 441176]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 WinFLdrv;WinFLdrv; C:\WINNT\system32\WinFLdrv.sys [2009-09-16 10752]
S3 BT2KNDFL;Bluetooth LAN Access Server Driver - Filter; C:\WINNT\system32\DRIVERS\bt2kndfl.sys [2005-08-29 3879]
S3 btaudio;Bluetooth Audio Device; C:\WINNT\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINNT\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINNT\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINNT\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth Modem; C:\WINNT\system32\DRIVERS\btwmodem.sys [2005-08-29 30221]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINNT\System32\Drivers\btwusb.sys []
S3 ccdecode;Dekodér Closed Caption; C:\WINNT\system32\drivers\ccdecode.sys [2004-07-09 16384]
S3 C-Dilla;C-Dilla; \??\C:\WINNT\system32\drivers\CDANT.SYS []
S3 Denoiser;USB Denoise Filter; \??\C:\WINNT\System32\Drivers\nfdnz.sys []
S3 GTwinUSB;GTwinUSB; C:\WINNT\System32\Drivers\GTwinUSB.sys [2002-10-04 61776]
S3 InCDFat;Ahead InCDFat File System Driver; \??\C:\WINNT\system32\Drivers\InCDFat.sys []
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 NCHSSVAD;SoundTap Recorder; C:\WINNT\system32\drivers\nchssvad.sys [2010-05-06 21120]
S3 nmwcd;Nokia USB Phone Parent; C:\WINNT\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINNT\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINNT\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINNT\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PAC7311;Trust WB-3300p Mini HiRes Webcam; C:\WINNT\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
S3 pcouffin;Low level access layer for CD devices; C:\WINNT\System32\Drivers\pcouffin.sys []
S3 ppppdvr;ppppdvr; \??\F:\Download\Ovladače LPT\Agilent\PeekPokeNT4\PPPPDVR.SYS []
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINNT\system32\DRIVERS\rt73.sys []
S3 siusbmod;siusbmod; C:\WINNT\system32\DRIVERS\siusbmod.sys [2005-11-30 27008]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SQTECH930B;iCam Tracer CCD; C:\WINNT\System32\Drivers\Capt930b.sys [2005-11-24 305053]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usb65mod;usb65mod; C:\WINNT\system32\DRIVERS\usb65mod.sys [2003-07-17 26240]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINNT\system32\drivers\usbaudio.sys [1999-10-12 68912]
S3 usbprint;Třída USB Printer; C:\WINNT\system32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;Ovladač skeneru USB; C:\WINNT\system32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINNT\System32\DRIVERS\vserial.sys [2005-11-30 47744]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 ZSMC303;Cyber Snipa USB PC Camera; C:\WINNT\System32\Drivers\usbVM303.sys []
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINNT\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 C-DillaSrv;C-DillaSrv; C:\WINNT\system32\DRIVERS\CDANTSRV.EXE [2001-04-07 32256]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-22 153376]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
R2 ndassvc;NDAS Service; C:\Program Files\NDAS\System\ndassvc.exe [2009-02-10 411112]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-07-03 61712]
R2 Tardis;Tardis time service; C:\WINNT\system32\tardisnt.exe [2005-02-16 233472]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
R2 xmengine service;CryptoPlus XME Engine Service; C:\WINNT\system32\xmesrv.exe [2009-10-09 34696]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
S1 InCDFatRec;Ahead InCDFat FSD Recognizer; \??\C:\WINNT\system32\Drivers\InCDFatRec.sys []
S2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-12-08 136584]
S2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-12-08 390528]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINNT\M [2009-09-16 21]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\M [2009-09-16 21]
S3 WmdmPmSN;Služba sériového čísla přenosného zařízení; C:\WINNT\System32\svchost.exe [2003-07-03 7952]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\RunServices: [PcEXEreg] C:\WINNT\system\kl.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

HJT najdeš zde :

C:\Program Files\trend micro\Administrator.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

InCD Helper

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

Díky, za chvíli to bude.

Zastavil a zakázal jsem InCDHelper, CCleanerem vyčistil registry, nástroje, a použil čistič. Pak sem spustil ten malware a tady je ten log: Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 6708

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

29.5.2011 7:42:17
mbam-log-2011-05-29 (07-42-12).txt

Typ kontroly: Rychlý test
Testované objekty: 143929
Uplynulý čas: 7 minut, 41 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 2
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
c:\WINNT\system\kl.exe (Trojan.Banker) -> No action taken.
c:\program files\funwebproducts\Shared\0014451A.dat (Adware.MyWebSearch) -> No action taken.

Od fór s uživateli které měli stejné problémy jsem našel několik rad a podle nich se řídil: Výsledky z rychlého testu (Malwarebyte) jsem hodil do karantény a pak odstranil. Pak jsem resetoval počítač - pořád stejné problémy. Tak jsem spustil celkový test (trval 3,5hod.) a našlo to dalších 6 infikovaných souborů které jsem taky dal do karantény a pak odstranil. Zase resetoval počítač a teď už se výkon zvedá jen každých 30 sec. tak na 30%. Asi tam budou ještě nějaký malý šmejdi. Nevíš jak odstranit i ty co tam zbyly ? Díky

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

Ahoj, včera mi sice počítač chvíli fungoval jako novej ale pak se to vrátilo do normálu a tak jsem spustil Combofix a od té doby se již počítač nezadrhává. Tady je výpis: ComboFix 11-05-27.02 - Administrator 30.05.2011 17:14:33.1.1 - x86
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
/wow section - STAGE 10
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\.#
c:\documents and settings\Administrator\Data aplikací\.#\MBX@214@14637D8.###
c:\documents and settings\Administrator\Data aplikací\.#\MBX@214@14637E8.###
c:\documents and settings\Administrator\Data aplikací\.#\MBX@214@14637F8.###
c:\documents and settings\Deti\Data aplikací\Dealio
c:\documents and settings\Deti\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\Deti\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\winnt\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\winnt\system\Color
c:\winnt\system\Color\HPDESK.ICM
c:\winnt\system32\drivers\hwinterface.sys
c:\winnt\system32\midas.dll
c:\winnt\system32\spool\prtprocs\w32x86\OLFPNT40.DLL
c:\winnt\Web\default.htt
f:\data\cc_20110529_072715.reg
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-28 do 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-29 17:15 . 2011-05-29 18:06 -------- d-----w- c:\program files\TrojanHunter 4.2
2011-05-29 08:36 . 2011-05-29 08:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Secunia PSI
2011-05-29 08:35 . 2011-05-29 08:35 -------- d-----w- c:\program files\Secunia
2011-05-29 05:31 . 2011-05-29 05:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-05-29 05:31 . 2010-12-20 16:09 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-05-29 05:31 . 2011-05-29 05:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-29 05:31 . 2011-05-29 05:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 05:31 . 2010-12-20 16:08 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-05-29 05:05 . 2011-05-29 05:05 388096 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-28 11:42 . 2011-05-29 05:05 -------- d-----w- c:\program files\trend micro
2011-05-28 11:42 . 2011-05-28 11:42 -------- d-----w- C:\rsit
2011-05-28 11:33 . 2011-05-28 11:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PackageAware
2011-05-28 11:15 . 2011-05-28 11:15 -------- d-----w- c:\program files\ATSoftware
2011-05-17 15:02 . 2011-05-17 15:02 -------- d-----w- c:\program files\EA Sports
2011-05-17 05:51 . 2011-05-17 19:00 -------- d-----w- c:\program files\vso
2011-05-17 05:46 . 2011-05-28 17:51 -------- d-----w- c:\program files\Easy MPEG AVI DIVX WMV RM to DVD
2011-05-14 09:13 . 2011-05-14 10:06 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\PSpad
2011-05-14 09:13 . 2011-05-14 09:16 -------- d-----w- c:\program files\PSPad editor
2011-05-14 07:56 . 2011-05-14 07:56 -------- d-----w- c:\program files\Real Alternative
2011-05-14 07:56 . 2007-06-03 12:31 10752 ----a-w- c:\winnt\system32\ff_vfw.dll
2011-05-14 07:55 . 2007-04-24 15:30 60273 ----a-w- c:\winnt\system32\pthreadGC2.dll
2011-05-14 07:52 . 2011-05-14 08:00 -------- d-----w- c:\program files\The FilmMachine
2011-05-07 04:45 . 2011-05-10 12:03 441176 ----a-w- c:\winnt\system32\drivers\aswSnx.sys
2011-05-02 13:10 . 2011-05-02 13:10 1409 ----a-w- c:\winnt\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-07-12 20:22 40112 ----a-w- c:\winnt\avastSS.scr
2011-05-10 12:10 . 2006-12-12 19:29 199304 ----a-w- c:\winnt\system32\aswBoot.exe
2011-05-10 12:03 . 2008-04-04 20:56 307928 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2006-12-12 19:29 49240 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2006-12-12 19:29 102616 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2006-12-12 19:29 96344 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2006-12-12 19:29 25432 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2006-12-12 19:29 30808 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2008-04-04 20:56 19544 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys
2011-03-27 16:16 . 2003-11-07 13:28 444952 -c--a-w- c:\winnt\system32\wrap_oal.dll
2011-03-27 16:16 . 2003-11-07 13:28 109080 -c--a-w- c:\winnt\system32\OpenAL32.dll
2011-03-06 12:21 . 2009-02-01 17:30 107888 ----a-w- c:\winnt\system32\CmdLineExt.dll
2004-10-01 14:00 . 2006-11-29 12:32 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
1999-04-07 17:39 . 1999-04-07 17:39 99840 -c--a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 -c--a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 -c--a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 -c--a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 -c--a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 -c--a-w- c:\program files\Common Files\IRASRIAL.DLL
2011-03-18 17:55 . 2011-03-26 12:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2003-02-01 11:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
.
[-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
.
c:\winnt\System32\comres.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-03 20752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-07-03 111888]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
"gemstrmw"="c:\winnt\system32\gemstrmw.exe" [2004-08-09 24576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"STICAP"="c:\winnt\Twain_32\iCam Tracer CCD\SnapTrap.exe" [2005-04-27 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"THGuard"="c:\program files\TrojanHunter 4.2\THGuard.exe" [2005-02-19 1089024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-03 20752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-07-03 188688]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
IO Control.lnk - c:\program files\Agilent\IO Libraries\bin\iprocsvr.exe [2009-10-6 122880]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2009-2-10 341480]
Port pro program Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1029\OLFSNT40.EXE [1999-4-7 46080]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^QuickTV.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\QuickTV.lnk
backup=c:\winnt\pss\QuickTV.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-03-17 09:30 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
R0 ndasfs;ndasfs;c:\winnt\system32\drivers\ndasfs.sys [10.2.2009 13:49 285160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\winnt\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [4.4.2008 22:56 307928]
R1 ndasfat;NDAS FAT File System Service;c:\winnt\system32\drivers\ndasfat.sys [10.2.2009 13:49 416232]
R1 ndasrofs;NDAS ROFS File System Service;c:\winnt\system32\drivers\ndasrofs.sys [10.2.2009 13:49 783848]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 18:10 387072]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [4.4.2008 22:56 19544]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [12.12.2006 21:29 96344]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\winnt\system32\drivers\DLPORTIO.sys [6.9.2008 2:16 3584]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1.1.2000 0:41 374152]
R2 Tardis;Tardis time service;c:\winnt\system32\tardisnt.exe [28.5.2008 11:03 233472]
R2 xmengine service;CryptoPlus XME Engine Service;c:\winnt\system32\xmesrv.exe [9.10.2009 10:00 34696]
R3 openhci;Ovladač otevřeného hostitelského řadiče USB;c:\winnt\system32\drivers\openhci.sys [3.7.2003 14:00 24784]
R3 PhTVTune;Cap7134 TVTuner;c:\winnt\system32\drivers\PhTVTune.sys [22.11.2006 14:29 57152]
R3 SiS630;SiS630;c:\winnt\system32\drivers\sis630p.sys [22.11.2006 14:23 160563]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2.12.2006 22:17 900528]
S1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [7.5.2011 6:45 441176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [12.9.2007 10:21 12856]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19.4.2011 8:44 993848]
S2 WinFLdrv;WinFLdrv;c:\winnt\system32\WinFLdrv.sys [16.9.2009 18:44 10752]
S3 BT2KNDFL;Bluetooth LAN Access Server Driver - Filter;c:\winnt\system32\drivers\bt2kndfl.sys [3.12.2010 17:36 3879]
S3 Denoiser;USB Denoise Filter;c:\winnt\system32\drivers\nfdnz.SYS [27.3.2008 22:27 18269]
S3 GTwinUSB;GTwinUSB;c:\winnt\system32\drivers\GTwinUSB.sys [23.5.2007 21:36 61776]
S3 InCDFat;Ahead InCDFat File System Driver;c:\winnt\system32\drivers\InCDFat.sys [29.11.2006 14:34 134144]
S3 PAC7311;Trust WB-3300p Mini HiRes Webcam;c:\winnt\system32\drivers\PA707UCM.SYS [27.3.2008 22:27 154752]
S3 ppppdvr;ppppdvr;f:\download\Ovladače LPT\Agilent\PeekPokeNT4\PPPPDVR.SYS [11.10.2008 8:46 12288]
S3 PSI;PSI;c:\winnt\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 siusbmod;siusbmod;c:\winnt\system32\drivers\siusbmod.sys [30.11.2005 17:12 27008]
S3 SQTECH930B;iCam Tracer CCD;c:\winnt\system32\drivers\Capt930b.sys [29.4.2008 20:39 305053]
S3 usb65mod;usb65mod;c:\winnt\system32\drivers\usb65mod.sys [25.12.2006 16:56 26240]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - InCDFatRec
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-16 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
2011-05-30 c:\winnt\Tasks\CompOn.job
- f:\data\VEE\Net\CompOn.vxe [2009-02-11 20:21]
.
2011-05-30 c:\winnt\Tasks\LASTUSED.job
- c:\bat\LASTUSED.BAT [2008-01-29 21:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.razdva.cz/
uInternet Settings,ProxyServer = 198.45.18.113:8080
uSearchAssistant = hxxp://www.google.com/ie
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: business24.cz\www
Trusted Zone: mojebanka.cz\www
Trusted Zone: servis24.cz\www
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\umw4vpx3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&p=
FF - prefs.js: network.proxy.ftp - 198.45.18.113
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 198.45.18.113
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 198.45.18.113
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 198.45.18.113
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 198.45.18.113
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-PowerBar - (no file)
HKCU-Run-WiFiSiStr - (no file)
HKCU-Run-Camsrv - (no file)
HKCU-Run-nDVDControl - (no file)
AddRemove-MediaCellConverter - g:\mediacell converter\Uninst.exe
AddRemove-Zoo Tycoon 2 - h:\program files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 17:32
Windows 5.0.2195 Service Pack 4 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????????????t?@???????(l?????????????????????:???????H*l????8???T??w????????????????t?@??????????F?wo?(l????????????????l?@?8?@?????????Ln?w??Z???4???4?????????????l?@?????/H?w????t?@?H'Y?????????l?@?l?@??????i?w????t?@?????8?@?l?@?l?@???%l???????????
.
skenování skrytých souborů ...
.
.
c:\winnt\TEMP\_avast_\unp98788863.tmp 827956 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-764733703-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8831F575-9F6E-BAE5-A6DB-774CCEA3F9CF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iacflhgkcabpbpchpa"=hex:6a,61,6a,6e,6c,6d,67,65,6c,6f,6f,64,62,70,6d,64,66,6c,
69,6c,00,00
"haifnhdkhdpagbbi"=hex:6a,61,6a,6e,6c,6d,67,65,6c,6f,6f,64,62,70,6d,64,66,6c,
69,6c,00,00
.
[HKEY_USERS\S-1-5-21-1123561945-764733703-1060284298-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:24,b1,56,41,70,a1,45,1c,5d,18,80,12,e0,75,4c,1e,4f,e9,c6,34,15,e2,87,
76,e4,d2,0c,62,93,0c,f0,04,07,e6,9f,73,aa,f2,a9,15,ae,13,2a,4f,0c,e8,ac,7f,\
"??"=hex:45,e8,db,dc,ff,12,90,64,ac,77,62,30,c4,fb,b2,eb
.
[HKEY_USERS\S-1-5-21-1123561945-764733703-1060284298-500\Software\SecuROM\License information*]
"datasecu"=hex:9a,cd,19,53,c0,cd,8b,de,81,a6,71,a3,e2,98,4a,f4,7d,ef,e0,0b,24,
a6,3d,4b,43,7b,96,9d,04,a2,06,1b,1c,a6,8f,f8,4a,f8,08,e4,30,2d,a1,da,a2,9a,\
"rkeysecu"=hex:80,13,05,a1,26,7b,fc,6d,ef,de,de,e1,84,8b,d1,5b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(256)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
- - - - - - - > 'explorer.exe'(552)
c:\winnt\AppPatch\AcLayers.DLL
c:\winnt\system32\SHDOCVW.DLL
c:\winnt\system32\LMIRfsClientNP.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\winnt\System32\SCardSvr.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\winnt\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NDAS\System\ndassvc.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\system32\stisvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\winnt\system32\internat.exe
c:\program files\Agilent\IO Libraries\bin\iproc82357.exe
c:\program files\Agilent\IO Libraries\bin\iproc488.exe
c:\winnt\system32\faxsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-05-30 17:40:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-30 15:40
.
Před spuštěním: 3 113 627 648
Po spuštění: 3 131 043 840
.
- - End Of File - - 93AAD413E245970EBD0BCAD176BE51FD

Stáhni ODTUD chybějící knihovnu comres.dll a rozbal na Plochu, ne jinam.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci