PC ide pomaly

Zpráva

Dvdrw · #1 Příspěvek od **Dvdrw** » 17 říj 2010 16:31

Pls skontrolujte mi to .. PC sa mi volako spomalil...

Logfile of random's system information tool 1.08 (written by random/random)
Run by uzivatel at 2010-10-17 16:05:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 43 GB (84%) free of 51 GB
Total RAM: 255 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:05:47, on 17. 10. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\redivihoo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\Program Files\Windows Defender\MsMpEng.exe
D:\Dokumenty\Preberanie\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "c:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wasy] C:\WINDOWS\system32\redivihoo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\uzivatel\latn.exe \u
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Canon BJ Memory Card Manager (ja2dohcer) - Unknown owner - C:\WINDOWS\system32\dookuji.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6537 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{75367F92-AD9A-4552-9D21-96883CC492E0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Windows Defender"=c:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-01 5562368]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-04-01 86016]
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe [2007-01-30 57344]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"wasy"=C:\WINDOWS\system32\redivihoo.exe [2010-10-14 200192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
"MSConfig"=C:\Documents and Settings\uzivatel\latn.exe [2010-10-17 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files\Logitech\Vid\Vid.exe [2010-05-11 6061400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
C:\Program Files\Logitech\Vid\vid.exe [2010-05-11 6061400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-02-23 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe [2007-01-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^0a1bm73.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\0a1bm73.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^1vfbwxc.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\1vfbwxc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^6ww6ndz.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\6ww6ndz.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^703e0fv.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\703e0fv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^9c1yuup.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\9c1yuup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^a1mm73ov.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\a1mm73ov.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^bxnnj8aa.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\bxnnj8aa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^e5zvqrw86i.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\e5zvqrw86i.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^fb9hxdjv.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\fb9hxdjv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^fk6mhhyt.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\fk6mhhyt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^h081ozavl.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\h081ozavl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^jzqa3mm3yy3.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\jzqa3mm3yy3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^pvbg3ss3e.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\pvbg3ss3e.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^riiduupggbs.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\riiduupggbs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^sxiy360w.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\sxiy360w.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ufabbsnnez.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\ufabbsnnez.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ufbmhhyttk.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\ufbmhhyttk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^uzkvwrhi.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\uzkvwrhi.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^wriiduup.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\wriiduup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^za6l0hhy.exe]
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\za6l0hhy.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=c:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ayhdsrve.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ayhdsrve.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\msfeedssync.exe"="C:\WINDOWS\system32\msfeedssync.exe:*:Enabled:Microsoft Feeds Synchronization"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Logitech\Vid\Vid.exe"="C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-17 16:05:26 ----D---- C:\Program Files\trend micro
2010-10-17 16:05:20 ----D---- C:\rsit
2010-10-14 20:56:46 ----A---- C:\WINDOWS\system32\drivers\ayhdsrve.sys
2010-10-14 20:56:34 ----A---- C:\WINDOWS\system32\dookuji.exe
2010-10-14 20:55:18 ----A---- C:\WINDOWS\system32\redivihoo.exe
2010-10-14 20:54:17 ----RSH---- C:\Documents and Settings\uzivatel\Data aplikací\juzjf.exe
2010-10-13 21:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-13 21:42:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-13 21:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-13 21:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-13 21:42:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-13 21:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-13 21:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-13 21:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-13 21:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-13 18:35:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-10-13 18:35:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-10-13 18:35:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-10-13 18:35:20 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-10-13 18:35:19 ----A---- C:\WINDOWS\system32\java.exe
2010-09-29 21:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$

======List of files/folders modified in the last 1 months======

2010-10-17 16:05:26 ----RD---- C:\Program Files
2010-10-17 16:03:40 ----SD---- C:\WINDOWS\Tasks
2010-10-17 16:00:42 ----D---- C:\WINDOWS\Debug
2010-10-17 16:00:42 ----D---- C:\WINDOWS
2010-10-17 16:00:41 ----AD---- C:\WINDOWS\Temp
2010-10-17 15:58:49 ----D---- C:\WINDOWS\pss
2010-10-17 15:55:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-17 15:51:33 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Skype
2010-10-17 15:46:40 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-10-17 14:57:47 ----D---- C:\WINDOWS\Prefetch
2010-10-17 10:16:46 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\skypePM
2010-10-16 18:31:45 ----SHD---- C:\RECYCLER
2010-10-14 21:06:31 ----A---- C:\WINDOWS\WINCMD.INI
2010-10-14 20:57:19 ----D---- C:\WINDOWS\system32
2010-10-14 20:56:46 ----D---- C:\WINDOWS\system32\drivers
2010-10-14 20:50:11 ----HD---- C:\WINDOWS\inf
2010-10-14 20:46:37 ----HD---- C:\Config.Msi
2010-10-13 21:42:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-13 21:42:50 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-13 21:42:27 ----D---- C:\WINDOWS\WinSxS
2010-10-13 21:41:21 ----D---- C:\Program Files\Internet Explorer
2010-10-13 21:35:25 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-13 18:35:51 ----SHD---- C:\WINDOWS\Installer
2010-10-13 18:35:50 ----D---- C:\Program Files\Common Files\Java
2010-10-13 18:35:06 ----D---- C:\Program Files\Java
2010-10-13 18:33:54 ----D---- C:\Program Files\Common Files\Adobe
2010-10-13 18:33:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-10-09 13:10:36 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-09 13:10:33 ----RSD---- C:\WINDOWS\assembly
2010-10-08 21:44:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-08 20:42:53 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Adobe
2010-10-08 18:00:52 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2010-10-03 17:59:15 ----RD---- C:\Program Files\Skype
2010-09-18 12:23:38 ----A---- C:\WINDOWS\system32\mfc42u.dll
2010-09-18 08:53:37 ----A---- C:\WINDOWS\system32\mfc42.dll
2010-09-18 08:53:37 ----A---- C:\WINDOWS\system32\mfc40u.dll
2010-09-18 08:53:37 ----A---- C:\WINDOWS\system32\mfc40.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-08-23 158720]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 ayhdsrve;ayhdsrve; C:\WINDOWS\System32\Drivers\ayhdsrve.sys [2010-10-14 40128]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-07-24 32128]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2009-04-30 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2010-07-27 282336]
R3 LVUVC;Logitech Webcam 200(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2010-07-27 6842464]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-01 3454656]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FilterService;UVCFilterService; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2010-07-27 23904]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2010-07-27 114784]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-01 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 WinDefend;Windows Defender; c:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ja2dohcer;Canon BJ Memory Card Manager; C:\WINDOWS\system32\dookuji.exe [2010-10-14 200192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 17 říj 2010 17:10

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Dvdrw · #3 Příspěvek od **Dvdrw** » 17 říj 2010 18:18

log z CF.. PC už ide lepšie

ComboFix 10-10-16.04 - uzivatel . 10. 2010 18:41:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.255.16 [GMT 2:00]
Running from: d:\dokumenty\Preberanie\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uzivatel\ctfmon.exe
c:\documents and settings\uzivatel\latn.exe
c:\documents and settings\uzivatel\secupdat.dat
c:\documents and settings\uzivatel\wuaucldt.exe
c:\windows\system32\dookuji.exe
c:\windows\system32\Drivers\ayhdsrve.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\redivihoo.exe
c:\windows\system32\secupdat.dat
c:\windows\system32\wuaucldt.exe

c:\windows\system32\Drivers\ayhdsrve.sys . . . is infected!! . . . Failed to find a valid replacement.
c:\windows\system32\drivers\cdrom.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ayhdsrve
-------\Legacy_ja2dohcer
-------\Service_ayhdsrve
-------\Service_ja2dohcer

((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 14:05 . 2010-10-17 14:05 -------- d-----w- c:\program files\trend micro
2010-10-17 14:05 . 2010-10-17 14:05 -------- d-----w- C:\rsit
2010-10-16 09:27 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{041A08CA-0D30-4993-A844-4DE57B5B0694}\mpengine.dll
2010-10-14 18:54 . 2010-10-14 18:54 95744 --sh--r- c:\documents and settings\uzivatel\Data aplikací\juzjf.exe
2010-10-13 16:35 . 2010-09-15 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 16:08 . 2010-09-22 16:08 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2009-05-01 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"nwiz"="nwiz.exe" [2005-04-01 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^0a1bm73.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\0a1bm73.exe
backup=c:\windows\pss\0a1bm73.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^0c3oo3a.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\0c3oo3a.exe
backup=c:\windows\pss\0c3oo3a.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^1vfbwxc.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\1vfbwxc.exe
backup=c:\windows\pss\1vfbwxc.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^6rxsj8f.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\6rxsj8f.exe
backup=c:\windows\pss\6rxsj8f.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^6ww6ndz.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\6ww6ndz.exe
backup=c:\windows\pss\6ww6ndz.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^703e0fv.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\703e0fv.exe
backup=c:\windows\pss\703e0fv.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^9c1yuup.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\9c1yuup.exe
backup=c:\windows\pss\9c1yuup.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^9r1nojp.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\9r1nojp.exe
backup=c:\windows\pss\9r1nojp.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^a1mm73ov.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\a1mm73ov.exe
backup=c:\windows\pss\a1mm73ov.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^bxnnj8aa.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\bxnnj8aa.exe
backup=c:\windows\pss\bxnnj8aa.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^e5zvqrw86i.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\e5zvqrw86i.exe
backup=c:\windows\pss\e5zvqrw86i.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^fb9hxdjv.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\fb9hxdjv.exe
backup=c:\windows\pss\fb9hxdjv.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^fk6mhhyt.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\fk6mhhyt.exe
backup=c:\windows\pss\fk6mhhyt.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^g6rxsj8ffb.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\g6rxsj8ffb.exe
backup=c:\windows\pss\g6rxsj8ffb.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^h081ozavl.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\h081ozavl.exe
backup=c:\windows\pss\h081ozavl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ii0o70ll.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\ii0o70ll.exe
backup=c:\windows\pss\ii0o70ll.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^jzqa3mm3yy3.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\jzqa3mm3yy3.exe
backup=c:\windows\pss\jzqa3mm3yy3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^lw0xijpf.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\lw0xijpf.exe
backup=c:\windows\pss\lw0xijpf.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^pvbg3ss3e.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\pvbg3ss3e.exe
backup=c:\windows\pss\pvbg3ss3e.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^riiduupggbs.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\riiduupggbs.exe
backup=c:\windows\pss\riiduupggbs.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^sxiy360w.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\sxiy360w.exe
backup=c:\windows\pss\sxiy360w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ttzalwrri.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\ttzalwrri.exe
backup=c:\windows\pss\ttzalwrri.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ufabbsnnez.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\ufabbsnnez.exe
backup=c:\windows\pss\ufabbsnnez.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ufbmhhyttk.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\ufbmhhyttk.exe
backup=c:\windows\pss\ufbmhhyttk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^uzkvwrhi.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\uzkvwrhi.exe
backup=c:\windows\pss\uzkvwrhi.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^w7ttzalwrri.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\w7ttzalwrri.exe
backup=c:\windows\pss\w7ttzalwrri.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^wriiduup.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\wriiduup.exe
backup=c:\windows\pss\wriiduup.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^xy70zvqq6c.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\xy70zvqq6c.exe
backup=c:\windows\pss\xy70zvqq6c.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^za6l0hhy.exe]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\za6l0hhy.exe
backup=c:\windows\pss\za6l0hhy.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-05-11 14:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
2010-05-11 14:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 08:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-02-23 14:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-01-05 15:12 258048 ----a-w- c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\msfeedssync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [7. 6. 2009 18:43 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [7. 6. 2009 18:43 5248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23. 8. 2009 19:22 136704]
.
Contents of the 'Scheduled Tasks' folder

2010-10-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{75367F92-AD9A-4552-9D21-96883CC492E0}.job
- c:\windows\system32\msfeedssync.exe [2008-06-30 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fkdj9i3e.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-wuaucldt - c:\documents and settings\uzivatel\wuaucldt.exe
HKLM-Run-wasy - c:\windows\system32\redivihoo.exe
HKU-Default-Run-Nokia.PCSync - d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-ayhdsrve.sys

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x817B9C70]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf9a76f28
\Driver\ACPI -> ACPI.sys @ 0xf99c2cb8
\Driver\atapi -> 0x817b9c70
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C -> SendCompleteHandler -> NDIS.sys @ 0xf9837b0a
PacketIndicateHandler -> NDIS.sys @ 0xf9842a21
SendHandler -> NDIS.sys @ 0xf9837949
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1592)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-10-17 18:57:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-17 16:57

Pre-Run: Volných bajtů: 44 529 012 736
Post-Run: Volných bajtů: 44 439 973 888

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B80A2F65BD5A4FBC4BE8A6831552E810

#4 Příspěvek od **Rudy** » 17 říj 2010 19:31

Ještě není zdaleka čisto. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\documents and settings\uzivatel\Data aplikací\juzjf.exe
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\0a1bm73.exe
c:\windows\pss\0a1bm73.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\0c3oo3a.exe
c:\windows\pss\0c3oo3a.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\1vfbwxc.exe
c:\windows\pss\1vfbwxc.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\6rxsj8f.exe
c:\windows\pss\6ww6ndz.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\6rxsj8f.exe
c:\windows\pss\6rxsj8f.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\703e0fv.exe
c:\windows\pss\703e0fv.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\9r1nojp.exe
c:\windows\pss\a1mm73ov.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\bxnnj8aa.exe
c:\windows\pss\e5zvqrw86i.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\fb9hxdjv.exe
c:\windows\pss\fk6mhhyt.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\h081ozavl.exe
c:\windows\pss\h081ozavl.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\ii0o70ll.exe
c:\windows\pss\ii0o70ll.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\jzqa3mm3yy3.exe
c:\windows\pss\jzqa3mm3yy3.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\lw0xijpf.exe
c:\windows\pss\lw0xijpf.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\pvbg3ss3e.exe
c:\windows\pss\pvbg3ss3e.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\sxiy360w.exe
c:\windows\pss\sxiy360w.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\ufabbsnnez.exe
c:\windows\pss\ufabbsnnez.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\ttzalwrri.exe
c:\windows\pss\ufabbsnnez.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\ufbmhhyttk.exe
c:\windows\pss\ufbmhhyttk.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\uzkvwrhi.exe
c:\windows\pss\uzkvwrhi.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\w7ttzalwrri.exe
c:\windows\pss\wriiduup.exeStartup
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\za6l0hhy.exe
c:\windows\pss\za6l0hhy.exeStartup

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^za6l0hhy.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^xy70zvqq6c.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^wriiduup.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^w7ttzalwrri.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^uzkvwrhi.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ufbmhhyttk.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ufabbsnnez.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ttzalwrri.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^sxiy360w.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^riiduupggbs.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^pvbg3ss3e.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^lw0xijpf.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^jzqa3mm3yy3.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^ii0o70ll.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^h081ozavl.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^g6rxsj8ffb.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^fk6mhhyt.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^fb9hxdjv.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^e5zvqrw86i.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^bxnnj8aa.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^a1mm73ov.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^9r1nojp.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^9c1yuup.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^703e0fv.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^6ww6ndz.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^6rxsj8f.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^1vfbwxc.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^0c3oo3a.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^0a1bm73.exe]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Dvdrw · #5 Příspěvek od **Dvdrw** » 18 říj 2010 14:05

ComboFix 10-10-17.04 - uzivatel . 10. 2010 14:42:09.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.255.18 [GMT 2:00]
Running from: d:\dokumenty\Preberanie\ComboFix.exe
Command switches used :: d:\dokumenty\Preberanie\CFScript.txt

file zipped: c:\documents and settings\uzivatel\Data aplikací\juzjf.exe
file zipped: c:\windows\pss\0a1bm73.exeStartup
file zipped: c:\windows\pss\0c3oo3a.exeStartup
file zipped: c:\windows\pss\1vfbwxc.exeStartup
file zipped: c:\windows\pss\6rxsj8f.exeStartup
file zipped: c:\windows\pss\6ww6ndz.exeStartup
file zipped: c:\windows\pss\703e0fv.exeStartup
file zipped: c:\windows\pss\a1mm73ov.exeStartup
file zipped: c:\windows\pss\e5zvqrw86i.exeStartup
file zipped: c:\windows\pss\fk6mhhyt.exeStartup
file zipped: c:\windows\pss\h081ozavl.exeStartup
file zipped: c:\windows\pss\ii0o70ll.exeStartup
file zipped: c:\windows\pss\jzqa3mm3yy3.exeStartup
file zipped: c:\windows\pss\lw0xijpf.exeStartup
file zipped: c:\windows\pss\pvbg3ss3e.exeStartup
file zipped: c:\windows\pss\sxiy360w.exeStartup
file zipped: c:\windows\pss\ufabbsnnez.exeStartup
file zipped: c:\windows\pss\ufbmhhyttk.exeStartup
file zipped: c:\windows\pss\uzkvwrhi.exeStartup
file zipped: c:\windows\pss\wriiduup.exeStartup
file zipped: c:\windows\pss\za6l0hhy.exeStartup
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\pss\0a1bm73.exeStartup
c:\windows\pss\0c3oo3a.exeStartup
c:\windows\pss\1vfbwxc.exeStartup
c:\windows\pss\6rxsj8f.exeStartup
c:\windows\pss\6ww6ndz.exeStartup
c:\windows\pss\703e0fv.exeStartup
c:\windows\pss\a1mm73ov.exeStartup
c:\windows\pss\e5zvqrw86i.exeStartup
c:\windows\pss\fk6mhhyt.exeStartup
c:\windows\pss\h081ozavl.exeStartup
c:\windows\pss\ii0o70ll.exeStartup
c:\windows\pss\jzqa3mm3yy3.exeStartup
c:\windows\pss\lw0xijpf.exeStartup
c:\windows\pss\pvbg3ss3e.exeStartup
c:\windows\pss\sxiy360w.exeStartup
c:\windows\pss\ufabbsnnez.exeStartup
c:\windows\pss\ufbmhhyttk.exeStartup
c:\windows\pss\uzkvwrhi.exeStartup
c:\windows\pss\wriiduup.exeStartup
c:\windows\pss\za6l0hhy.exeStartup

c:\windows\system32\drivers\cdrom.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))
.

2010-10-17 14:05 . 2010-10-17 14:05 -------- d-----w- c:\program files\trend micro
2010-10-17 14:05 . 2010-10-17 14:05 -------- d-----w- C:\rsit
2010-10-16 09:27 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{041A08CA-0D30-4993-A844-4DE57B5B0694}\mpengine.dll
2010-10-14 18:54 . 2010-10-14 18:54 95744 --sh--r- c:\documents and settings\uzivatel\Data aplikací\juzjf.exe
2010-10-13 16:35 . 2010-09-15 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 16:08 . 2010-09-22 16:08 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2009-05-01 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"nwiz"="nwiz.exe" [2005-04-01 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-05-11 14:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
2010-05-11 14:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 08:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-02-23 14:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-01-05 15:12 258048 ----a-w- c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\msfeedssync.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [7. 6. 2009 18:43 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [7. 6. 2009 18:43 5248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3. 11. 2006 18:19 13592]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23. 8. 2009 19:22 136704]
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-10-18 c:\windows\Tasks\User_Feed_Synchronization-{75367F92-AD9A-4552-9D21-96883CC492E0}.job
- c:\windows\system32\msfeedssync.exe [2008-06-30 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fkdj9i3e.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x816D13D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf9a76f28
\Driver\ACPI -> ACPI.sys @ 0xf99c2cb8
\Driver\atapi -> 0x816d13d0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C -> SendCompleteHandler -> NDIS.sys @ 0xf9837b0a
PacketIndicateHandler -> NDIS.sys @ 0xf9842a21
SendHandler -> NDIS.sys @ 0xf9837949
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2144)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-10-18 15:00:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-18 13:00
ComboFix2.txt 2010-10-17 16:57

Pre-Run: Volných bajtů: 44 382 277 632
Post-Run: Volných bajtů: 44 381 179 904

- - End Of File - - 2CFBE98E80B7A67C8E5ACD30091D0EB9
Upload was successful

#6 Příspěvek od **Rudy** » 18 říj 2010 17:34

Ještě jednou spusťte CF tímto skriptem:

FCopy::
c:\windows\system32\dllcache\cdrom.sys | c:\windows\system32\drivers\cdrom.sys

VIRY.CZ

PC ide pomaly

PC ide pomaly

Re: PC ide pomaly

Re: PC ide pomaly

Re: PC ide pomaly

Re: PC ide pomaly

Re: PC ide pomaly