Eplorer zatezuje procesor na 100%

[Maltan]

Ahojte , vždy když pohlížím obsah složky tak explorer z niceho nic využívá procesor na 100%

tady je log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Neo at 2010-05-05 12:31:41
WIN_XP Service Pack 3
System drive C: has 1 GB (11%) free of 10 GB
Total RAM: 1022 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:10, on 27.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
D:\Program Files\Winamp\winamp.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
D:\AppZ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WinFastDTV] D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6288DD9-F6E0-4582-A23E-6CC7DED6004B}: NameServer = 62.141.0.1,213.162.65.1,213.162.65.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF6F02E3-C282-4D57-9A68-FF2815BD08CC}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OOODRXUBMV - Unknown owner - C:\DOCUME~1\Neo\LOCALS~1\Temp\OOODRXUBMV.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 5883 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Install_NSS.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"DAEMON Tools-1033"=D:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"HP Software Update"=D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-29 1800464]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"=C:\Program Files\Vuze\nssstub.exe /runonce []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Neo\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_05.05.2010_11-27.lnk - C:\Documents and Settings\Neo\Plocha\Virus Removal Tool\setup_9.0.0.722_05.05.2010_11-27\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCpl"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoVisualStyleChoice"=0
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDesktop"=0
"NoActiveDesktop"=0
"HideClock"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"StartmenuLogoff"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoRun"=0
"NoFind"=0
"NoClose"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoDrives"=0
"NoToolbarCustomize"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\Internet Camera\util\util.exe"="D:\Program Files\Internet Camera\util\util.exe:*:Enabled:util"
"D:\Program Files\VideoLAN\VLC\vlc.exe"="D:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"D:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe"="D:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe:*:Enabled:Cerberus FTP Server"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-05 12:31:41 ----D---- C:\rsit
2010-05-05 12:11:37 ----D---- C:\WINDOWS\LastGood
2010-05-05 12:05:42 ----D---- C:\ComboFix
2010-05-05 12:05:42 ----A---- C:\Start_.cmd
2010-05-05 12:02:33 ----D---- C:\Qoobox
2010-05-05 11:59:19 ----D---- C:\32788R22FWJFW
2010-05-04 23:46:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-15 16:43:03 ----D---- C:\WINDOWS\pss
2010-04-15 07:53:23 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 07:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 07:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 07:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 23:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 23:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-05 12:21:15 ----D---- C:\WINDOWS\system32\drivers
2010-05-05 12:21:15 ----D---- C:\WINDOWS\system32
2010-05-05 12:15:50 ----D---- C:\Program Files\Vuze
2010-05-05 12:13:06 ----SHD---- C:\System Volume Information
2010-05-05 12:11:45 ----HD---- C:\WINDOWS\inf
2010-05-05 12:11:37 ----D---- C:\WINDOWS
2010-05-05 11:58:03 ----D---- C:\WINDOWS\Temp
2010-05-05 10:56:43 ----D---- C:\Documents and Settings\Neo\Data aplikací\vlc
2010-05-05 10:31:56 ----RSH---- C:\boot.ini
2010-05-05 10:31:56 ----A---- C:\WINDOWS\win.ini
2010-05-05 10:31:56 ----A---- C:\WINDOWS\system.ini
2010-05-05 10:31:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-05 03:28:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-05 00:22:33 ----D---- C:\WINDOWS\Prefetch
2010-05-04 23:47:03 ----SHD---- C:\WINDOWS\Installer
2010-05-04 23:47:02 ----HD---- C:\Config.Msi
2010-05-04 23:47:01 ----D---- C:\WINDOWS\WinSxS
2010-05-04 17:23:10 ----D---- C:\Documents and Settings\Neo\Data aplikací\Azureus
2010-05-04 04:15:27 ----D---- C:\Documents and Settings\Neo\Data aplikací\OpenOffice.org2
2010-05-03 15:31:51 ----D---- C:\Documents and Settings\Neo\Data aplikací\dvdcss
2010-05-02 23:51:49 ----D---- C:\WINDOWS\system32\DirectX
2010-05-02 23:51:23 ----RSD---- C:\WINDOWS\assembly
2010-05-02 23:45:19 ----RD---- C:\Program Files
2010-05-01 12:17:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\BlazeVideo
2010-04-29 23:42:18 ----SD---- C:\WINDOWS\Tasks
2010-04-28 17:17:20 ----D---- C:\Documents and Settings\Neo\Data aplikací\FileZilla
2010-04-27 17:26:08 ----D---- C:\Program Files\SpeedFan
2010-04-19 17:11:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2010-04-15 11:49:17 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-04-15 07:53:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 07:53:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 07:53:10 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 07:49:54 ----D---- C:\WINDOWS\ie8updates
2010-04-11 14:08:03 ----D---- C:\WINDOWS\network diagnostic
2010-04-07 15:32:16 ----D---- C:\Program Files\Google
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 91581821;91581821; C:\WINDOWS\system32\DRIVERS\91581821.sys [2009-09-25 128016]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-01 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-29 25160]
R1 setup_9.0.0.722_05.05.2010_11-27drv;setup_9.0.0.722_05.05.2010_11-27drv; C:\WINDOWS\system32\DRIVERS\9158182.sys [2009-10-09 315408]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver; C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-13 281760]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-12-13 25888]
R2 wfcxatun;WinFast TV Analog Tuner Driver; C:\WINDOWS\system32\drivers\wfcxatun.sys [2007-09-19 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-09 7399936]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
R4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys [2003-09-08 255360]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\DOCUME~1\Neo\Plocha\DWL-52~1\dwl-520\DWL-520\PCANDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WFIOCTL;WFIOCTL; \??\D:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-09-23 109056]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-29 723632]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-09 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-01 66872]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-01 107832]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OOODRXUBMV;OOODRXUBMV; C:\DOCUME~1\Neo\LOCALS~1\Temp\OOODRXUBMV.exe []
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-12-07 435016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Driver::
OOODRXUBMV

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[Maltan]

ComboFix 10-05-04.06 - Neo 05.05.2010 13:41:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.524 [GMT 2:00]
Spuštěný z: c:\documents and settings\Neo\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Neo\Plocha\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-05 do 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 11:16 . 2010-05-05 11:20 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-05-05 11:07 . 2010-05-05 11:16 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-05-05 10:31 . 2010-05-05 10:31 -------- d-----w- C:\rsit
2010-05-05 10:11 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\91581822.sys
2010-05-05 10:11 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\9158182.sys
2010-05-05 10:11 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\91581821.sys
2010-04-12 07:54 . 2010-04-12 07:54 -------- d-sh--w- c:\documents and settings\Neo\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 11:17 . 2009-09-28 08:41 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-05 10:15 . 2010-02-17 17:33 -------- d-----w- c:\program files\Vuze
2010-04-27 15:26 . 2009-10-03 18:50 -------- d-----w- c:\program files\SpeedFan
2010-04-19 15:25 . 2009-10-04 14:34 8 ----a-w- c:\windows\system32\nvModes.dat
2010-04-15 09:49 . 2009-12-07 15:33 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-07 13:32 . 2009-10-14 20:26 -------- d-----w- c:\program files\Google
2010-03-28 23:53 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 23:53 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-03-20 19:35 . 2009-09-27 17:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 09:07 . 2009-10-29 15:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-07 09:07 . 2009-12-25 09:41 -------- d-----w- c:\program files\PopCap Games
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-18 02:47 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"DAEMON Tools-1033"="d:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8527872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Neo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_05.05.2010_11-27.lnk - c:\documents and settings\Neo\Plocha\Virus Removal Tool\setup_9.0.0.722_05.05.2010_11-27\startup.exe [2010-5-5 72208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Internet Camera\\util\\util.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Cerberus LLC\\Cerberus FTP Server\\CerberusGUI.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 91581822;91581822 Boot Guard Driver;c:\windows\system32\drivers\91581822.sys [5.5.2010 12:11 37392]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27.9.2009 22:12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27.9.2009 22:12 5248]
R1 91581821;91581821;c:\windows\system32\drivers\91581821.sys [5.5.2010 12:11 128016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [28.9.2009 10:37 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [28.9.2009 10:37 25160]
R1 setup_9.0.0.722_05.05.2010_11-27drv;setup_9.0.0.722_05.05.2010_11-27drv;c:\windows\system32\drivers\9158182.sys [5.5.2010 12:11 315408]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [27.9.2009 20:12 9856]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 16:05 1021256]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [27.9.2009 20:12 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [27.9.2009 20:12 167040]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [27.9.2009 20:12 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [27.9.2009 20:12 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [27.9.2009 20:12 10496]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.10.2009 12:58 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
S3 WFIOCTL;WFIOCTL;\??\d:\program files\WinFast\WFDTV\WFIOCTL.SYS --> d:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-05-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 10:58]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 10:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://10.0.0.200/index.htm
TCP: {A6288DD9-F6E0-4582-A23E-6CC7DED6004B} = 62.141.0.1,213.162.65.1,213.162.65.1
TCP: {BF6F02E3-C282-4D57-9A68-FF2815BD08CC} = 10.0.0.138
DPF: {299385F1-1977-426F-8CE3-07A2407E4498} - hxxp://10.0.0.200/IPCamPluginMJPEG.cab
FF - ProfilePath - c:\documents and settings\Neo\Data aplikací\Mozilla\Firefox\Profiles\h66bv197.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.katedrala.cz/anonym/nph-agent.cgi/0 ... 6d2e637a2f
FF - component: c:\documents and settings\Neo\Data aplikací\Mozilla\Firefox\Profiles\h66bv197.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 13:44
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-05 13:45:52
ComboFix-quarantined-files.txt 2010-05-05 11:45
ComboFix2.txt 2010-05-05 11:36

Před spuštěním: 502 411 264
Po spuštění: 486 199 296

- - End Of File - - 3D8302CC11EC77BE83723FFDFB4FD057

[JaRon]

otestuj subor c:\windows\system32\drivers\91581821.sys na www.virustotal.com - ak uz bol testovany, spust reanalyzu

[Maltan]

Tohle to hodilo ......


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.05 -
AhnLab-V3 2010.05.05.00 2010.05.05 -
AntiVir 8.2.1.236 2010.05.05 -
Antiy-AVL 2.0.3.7 2010.05.05 -
Authentium 5.2.0.5 2010.05.05 -
Avast 4.8.1351.0 2010.05.05 -
Avast5 5.0.332.0 2010.05.05 -
AVG 9.0.0.787 2010.05.04 -
BitDefender 7.2 2010.05.05 -
CAT-QuickHeal 10.00 2010.05.04 -
ClamAV 0.96.0.3-git 2010.05.05 -
Comodo 4770 2010.05.05 -
DrWeb 5.0.2.03300 2010.05.05 -
eSafe 7.0.17.0 2010.05.05 -
eTrust-Vet 35.2.7469 2010.05.05 -
F-Prot 4.5.1.85 2010.05.05 -
F-Secure 9.0.15370.0 2010.05.05 -
Fortinet 4.0.14.0 2010.05.05 -
GData 21 2010.05.05 -
Ikarus T3.1.1.84.0 2010.05.05 -
Jiangmin 13.0.900 2010.05.05 -
Kaspersky 7.0.0.125 2010.05.05 -
McAfee 5.400.0.1158 2010.05.05 -
McAfee-GW-Edition 2010.1 2010.05.05 -
Microsoft 1.5703 2010.05.04 -
NOD32 5087 2010.05.05 -
Norman 6.04.12 2010.05.05 -
nProtect 2010-05-05.01 2010.05.05 -
Panda 10.0.2.7 2010.05.04 -
PCTools 7.0.3.5 2010.05.05 -
Prevx 3.0 2010.05.05 -
Rising 22.46.02.03 2010.05.05 -
Sophos 4.53.0 2010.05.05 -
Sunbelt 6263 2010.05.05 -
Symantec 20091.2.0.41 2010.05.05 -
TheHacker 6.5.2.0.275 2010.05.03 -
TrendMicro 9.120.0.1004 2010.05.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
VBA32 3.12.12.4 2010.05.05 -
ViRobot 2010.5.4.2303 2010.05.05 -
VirusBuster 5.0.27.0 2010.05.04 -
Rozšiřující informace
File size: 128016 bytes
MD5...: 7dd41b7ac1fbb1dbf20bb1f4e4fbe58c
SHA1..: c763c52f8b0dbb6594f1a81246ae2c27c6f74557
SHA256: 16b77fb533986ca6119f1307e52a4d0b863043c3fee572df20c0bc0115cf68d8
ssdeep: 1536:3BJVx78OeKLiS554lvz1VMjRIRorRe2VCQPBiGclS4NcPr/Yeb:rvKXbb1V
MjK+FCQJiGclU/
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2ca0
timedatestamp.....: 0x4abccca4 (Fri Sep 25 13:59:00 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x16bbc 0x16c00 6.38 dddd74c8397a2d3a2410411853fa4365
.4lulz 0x18000 0x500000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x518000 0x2f24 0x3000 2.63 60022989bbf1decad14950fd83d3c909
INIT 0x51b000 0x54a 0x600 5.02 f3397d902be76b809d0b71b529972541
.rsrc 0x51c000 0x408 0x600 2.45 6d0ccd8942a830bc9662b2b4239c83d4
.reloc 0x51d000 0x2d24 0x2e00 1.47 48dc37f0b67e704793035f5299350824

( 3 imports )
> ntoskrnl.exe: swprintf, sprintf, ZwQueryInformationFile, ExFreePool, ExAllocatePoolWithTag, memset, ZwClose, ZwReadFile, memcpy, strncmp, KeWaitForSingleObject, ObfDereferenceObject, ObReferenceObjectByHandle, PsCreateSystemThread, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwEnumerateValueKey, ZwOpenKey, wcsstr, RtlEqualUnicodeString, RtlCopyUnicodeString, KeReleaseMutex, PsSetLoadImageNotifyRoutine, KeInitializeMutex, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, _except_handler3, ZwQueryValueKey, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlPrefixUnicodeString, _stricmp, strchr, ZwQuerySystemInformation, IoAllocateIrp, _strnicmp, IoGetRelatedDeviceObject, KeInitializeSpinLock, InterlockedIncrement, InterlockedDecrement, ZwCreateFile, DbgPrint, IofCompleteRequest, PsGetVersion, wcschr, rand, srand, memmove
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock
> TDI.SYS: TdiMapUserRequest

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Kaspersky Lab
copyright....: Copyright (c) Kaspersky Lab 1997-2009.
product......: Kaspersky Anti-Virus
description..: Kaspersky Unified Driver
original name: KL1.SYS
internal name: KL1
file version.: 6.4.0.11
comments.....: n/a
signers......: Kaspersky Lab
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 3:59 PM 9/25/2009
verified.....: -

[JaRon]

ak su este stale problemy prescanuj PC s MBAM

[Maltan]

Jen tak sem skusil na disku hledat explorer.exe a nasly se hned 3 ..... Ve složce Windows , Windows/ERDNT/cache a Windows/ServicePackFiles/i386 je to v pořádku ???

[Maltan]

MBAM našel
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4068

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.5.2010 14:56:45
mbam-log-2010-05-05 (14-56-45).txt

Typ skenu: Rychlý sken
Skenované objekty: 113348
Uplynulý čas: 6 minuta(y), 58 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\drivers\91581822.sys (Rootkit.Agent.H) -> No action taken.

[JaRon]

ano je to OK

[Maltan]

Bohužel se nic nezmenilo , otevřu složku , v tray se oběví ikonka Ogg Directshow Filter , a Explorer.exe vyuziva 100% CPU nevite co stím ?

[JaRon]

zopakuj akciu s Combofix-om - dalsi CFScript:

Kód: Vybrat vše

Driver::
91581822
91581821
setup_9.0.0.722_05.05.2010_11-27drv

File::
c:\windows\system32\drivers\91581822.sys
c:\windows\system32\drivers\9158182.sys
c:\windows\system32\drivers\91581821.sys