Win32:Malware - gen

[pavel112]

Dobrý den,
včera mi avast začal hlásit, že našel Win32:Malware-gen ve složce C:\WINDOWS\system32\364554.exe.
Po přesunutí do truhly se během pár minut objeví znova s jiným číslem na konci
Vím,že se tady tento problém nedávno řešil, ale po přečtení těchto topiců jsem nabyl dojmu, že na tuto potvoru nelze použít žádný generální návod, ale je potřeba problém řešt individuálně (pokud jsem to špatně pochopil, tak mě opravte a nasměrujte )

Posílám log z RSIT

Díky za pomoc

Logfile of random's system information tool 1.06 (written by random/random)
Run by kuba at 2010-02-03 17:43:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 431 GB (90%) free of 477 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:48, on 3.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\kuba\qmae.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\common files\ulead systems\vio\videostudioulead.exe
C:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe
C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
C:\program files\common files\ulead systems\vio\videostudioulead.exe
C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
C:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\kuba\Plocha\RSIT.exe
C:\Program Files\trend micro\kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\kuba\qmae.exe \s
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [msvynliomsvynlio] C:\Documents and Settings\kuba\Local Settings\Temp\.d65.tmp
O4 - HKLM\..\Run: [orpya] C:\WINDOWS\system32\orpya.exe \u
O4 - HKLM\..\Run: [Desktop Security 2010] C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe
O4 - HKLM\..\Run: [VideoStudioVideoStudio] c:\program files\common files\ulead systems\vio\videostudioulead.exe
O4 - HKLM\..\Run: [scriptleMicrosoft] c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe
O4 - HKLM\..\Run: [KernelSetup] c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
O4 - HKLM\..\Run: [DVACMUlead] C:\program files\common files\ulead systems\vio\videostudioulead.exe
O4 - HKLM\..\Run: [InstallShieldEngine] C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
O4 - HKLM\..\Run: [resdllwzcnfrc] C:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe
O4 - HKLM\..\Run: [StudioBasic] C:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe
O4 - HKLM\..\RunServices: [Setupmsvynlio] C:\Documents and Settings\kuba\Local Settings\Temp\.d65.tmp
O4 - HKLM\..\RunServices: [ComponentComponent] c:\program files\ati technologies\ati.ace\core-implementation\th\controlskinfactory.exe
O4 - HKLM\..\RunServices: [TransCodeWizard] c:\program files\ati technologies\ati.ace\graphics-full-new\es\wizardresources2.0.2736.38622.exe
O4 - HKLM\..\RunServices: [wzcnfrcresdll] c:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe
O4 - HKLM\..\RunServices: [VideoStudioDVACM] C:\program files\common files\ulead systems\vio\videostudioulead.exe
O4 - HKLM\..\RunServices: [UserSetup] C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
O4 - HKLM\..\RunServices: [resdllwzcnfrc] C:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe
O4 - HKLM\..\RunServices: [VisualStudioTeamCoreStudio] C:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3131467654
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11594 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"msvynliomsvynlio"=C:\Documents and Settings\kuba\Local Settings\Temp\.d65.tmp [2010-02-02 131072]
"orpya"=C:\WINDOWS\system32\orpya.exe [2010-02-02 57344]
"Desktop Security 2010"=C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe [2010-02-02 953344]
"VideoStudioVideoStudio"=c:\program files\common files\ulead systems\vio\videostudioulead.exe [2010-02-02 131072]
"scriptleMicrosoft"=c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe [2010-02-02 131072]
"KernelSetup"=c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe [2010-02-02 131072]
"DVACMUlead"=C:\program files\common files\ulead systems\vio\videostudioulead.exe [2010-02-02 131072]
"InstallShieldEngine"=C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe [2010-02-02 131072]
"resdllwzcnfrc"=C:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe [2010-02-02 131072]
"StudioBasic"=C:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe [2010-02-02 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-05-15 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]

C:\Documents and Settings\kuba\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\orpya.exe"="C:\WINDOWS\system32\orpya.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\kuba\qmae.exe"="C:\Documents and Settings\kuba\qmae.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-03 17:43:41 ----D---- C:\rsit
2010-02-03 17:43:41 ----D---- C:\Program Files\trend micro
2010-02-03 13:15:49 ----A---- C:\WINDOWS\system32\102168.exe
2010-02-03 06:41:12 ----A---- C:\WINDOWS\system32\63371.exe
2010-02-03 06:40:06 ----A---- C:\WINDOWS\system32\601878.exe
2010-02-03 06:37:32 ----A---- C:\WINDOWS\system32\78230.exe
2010-02-02 16:22:33 ----D---- C:\Program Files\Desktop Security 2010
2010-02-02 16:21:56 ----A---- C:\WINDOWS\system32\orpya.exe
2010-02-01 21:03:51 ----D---- C:\Program Files\VirtualDJ
2010-01-17 10:25:13 ----D---- C:\Program Files\Metin2
2010-01-13 21:36:16 ----A---- C:\moduleName.txt
2010-01-13 21:36:14 ----D---- C:\Documents and Settings\kuba\Data aplikací\Google
2010-01-13 20:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 20:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-03 17:43:41 ----RD---- C:\Program Files
2010-02-03 17:42:59 ----D---- C:\WINDOWS\system32
2010-02-03 17:25:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 17:24:59 ----D---- C:\Program Files\Mozilla Firefox
2010-02-03 17:24:31 ----D---- C:\WINDOWS\Temp
2010-02-03 13:19:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-02 16:22:33 ----D---- C:\WINDOWS\Prefetch
2010-02-01 21:03:54 ----RSD---- C:\WINDOWS\Fonts
2010-01-30 21:29:28 ----D---- C:\Documents and Settings\kuba\Data aplikací\Skype
2010-01-30 16:04:32 ----D---- C:\Documents and Settings\kuba\Data aplikací\skypePM
2010-01-28 14:12:57 ----HD---- C:\WINDOWS\inf
2010-01-27 19:54:54 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-23 09:01:04 ----D---- C:\WINDOWS
2010-01-22 23:50:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 23:50:49 ----D---- C:\Program Files\Internet Explorer
2010-01-22 23:50:43 ----D---- C:\WINDOWS\ie8updates
2010-01-22 23:50:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 18:57:13 ----D---- C:\Documents and Settings\kuba\Data aplikací\dvdcss
2010-01-13 21:36:05 ----SHD---- C:\WINDOWS\Installer
2010-01-13 21:35:51 ----D---- C:\Program Files\Google
2010-01-13 21:35:10 ----SD---- C:\WINDOWS\Tasks
2010-01-13 20:54:25 ----D---- C:\WINDOWS\AppPatch
2010-01-13 20:52:25 ----A---- C:\WINDOWS\imsins.BAK
2010-01-10 19:19:44 ----D---- C:\Program Files\QuickMediaConverter
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-27 2303488]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-27 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-13 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Unlimited_Killer]

Každý log je nutno řešit individuálně.

~~~

Vložte sem log z ComboFix.

Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.

[pavel112]

Tady je log z combofix

ComboFix 10-02-03.01 - kuba 03.02.2010 18:05:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1358 [GMT 1:00]
Spuštěný z: c:\documents and settings\kuba\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100203-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kuba\nyjlmes.exe
c:\documents and settings\kuba\secupdat.dat
c:\program files\Desktop Security 2010
c:\program files\Desktop Security 2010\daily.cvd
c:\program files\Desktop Security 2010\Desktop Security 2010.exe
c:\program files\Desktop Security 2010\guide.chm
c:\program files\Desktop Security 2010\mfc71.dll
c:\program files\Desktop Security 2010\MFC71ENU.DLL
c:\program files\Desktop Security 2010\msvcp71.dll
c:\program files\Desktop Security 2010\msvcr71.dll
c:\program files\Desktop Security 2010\pthreadVC2.dll
c:\program files\Desktop Security 2010\securitycenter.exe
c:\program files\Desktop Security 2010\uninstall.exe
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\102168.exe
c:\windows\system32\601878.exe
c:\windows\system32\63371.exe
c:\windows\system32\78230.exe
c:\windows\system32\kr_done1
c:\windows\system32\secupdat.dat
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-03 16:43 . 2010-02-03 16:43 -------- d-----w- C:\rsit
2010-02-03 16:43 . 2010-02-03 16:43 -------- d-----w- c:\program files\trend micro
2010-02-02 15:21 . 2010-02-02 15:21 57344 ---h--w- c:\documents and settings\kuba\qmae.exe
2010-02-02 15:21 . 2010-02-02 15:21 57344 ----a-w- c:\windows\system32\orpya.exe
2010-02-01 20:03 . 2010-02-02 15:22 -------- d-----w- c:\program files\VirtualDJ
2010-01-17 09:25 . 2010-01-20 14:48 -------- d-----w- c:\program files\Metin2
2010-01-13 11:08 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 20:35 . 2009-10-02 17:29 -------- d-----w- c:\program files\Google
2010-01-10 18:19 . 2009-12-06 20:40 -------- d-----w- c:\program files\QuickMediaConverter
2009-12-23 19:45 . 2009-09-21 15:01 -------- d-----w- c:\program files\rajce
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-02 20:07 . 2006-03-02 12:00 86926 ----a-w- c:\windows\system32\perfc005.dat
2009-12-02 20:07 . 2006-03-02 12:00 450108 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2009-09-16 17:52 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-16 17:52 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-09-16 17:52 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-16 17:52 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-16 17:52 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-16 17:52 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"orpya"="c:\windows\system32\orpya.exe \u" [X]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"VideoStudioVideoStudio"="c:\program files\common files\ulead systems\vio\videostudioulead.exe" [2010-02-02 131072]
"scriptleMicrosoft"="c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe" [2010-02-02 131072]
"KernelSetup"="c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe" [2010-02-02 131072]
"DVACMUlead"="c:\program files\common files\ulead systems\vio\videostudioulead.exe" [2010-02-02 131072]
"InstallShieldEngine"="c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe" [2010-02-02 131072]
"resdllwzcnfrc"="c:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe" [2010-02-02 131072]
"StudioBasic"="c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe" [2010-02-02 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\orpya.exe"=
"c:\\Documents and Settings\\kuba\\qmae.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.9.2009 18:52 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [16.9.2009 20:52 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.9.2009 18:52 20560]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [16.9.2009 20:52 65576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.1.2010 21:35 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 15:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 20:35]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 20:35]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kuba\Data aplikací\Mozilla\Firefox\Profiles\89rm2iyf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Desktop Security 2010 - c:\program files\Desktop Security 2010\Desktop Security 2010.exe
AddRemove-Desktop Security 2010 - c:\program files\Desktop Security 2010\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 18:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\wdmaud.drv
.
Celkový čas: 2010-02-03 18:17:35
ComboFix-quarantined-files.txt 2010-02-03 17:17

Před spuštěním: Volných bajtů: 455 603 900 416
Po spuštění: Volných bajtů: 456 748 834 816

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2F5AC65CABB4D64F3DF97A7A7E451D2A

[Unlimited_Killer]

Neý napíšu skript, budu chtít něco otestovat.

~~~

Otestujte na VirusTotal soubory:

Kód: Vybrat vše

c:\documents and settings\kuba\qmae.exe
c:\windows\system32\orpya.exe
c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe
c:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe

Jednoduše tam vkopírujete cesty, co jsem napsal do code, když Vám to napíše, že soubor byl testován, dejte otestovat znovu. Poté jsem vložíte linky (odkazy) na jednotlivé testy.

[pavel112]

Tady jsou linky


http://www.virustotal.com/cs/analisis/2 ... 1265218618

http://www.virustotal.com/cs/analisis/2 ... 1265218852

http://www.virustotal.com/cs/analisis/b ... 1265219084

http://www.virustotal.com/cs/analisis/b ... 1265219246


Doufám, že jsem linky vybral ve správné podobě, pokud ne dejte vědět, zatím je mám všechny v otevřených panelech

[Unlimited_Killer]

Jsou správně.
Jdeme na skript.

~~~

Otevřete si Poznámkový blok a vkopírujte do něj

Kód: Vybrat vše

KillAll::

Folder::
C:\Program Files\Yahoo!

File::
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
c:\documents and settings\kuba\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk

Collect::
c:\documents and settings\kuba\qmae.exe
c:\windows\system32\orpya.exe

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\\WINDOWS\\system32\\userinit.exe,"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"orpya"=-
"RemoteControl"=-
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-

Extra::

Reboot::

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (musí být na Ploše) a pusťte (vizte obrázek).



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem vložte log, který na Vás po dočistění vybafne.

[pavel112]

Tady je log po restartu


ComboFix 10-02-03.01 - kuba 03.02.2010 19:11:36.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1363 [GMT 1:00]
Spuštěný z: c:\documents and settings\kuba\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\kuba\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100203-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\documents and settings\kuba\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"

file zipped: c:\documents and settings\kuba\qmae.exe
file zipped: c:\windows\system32\orpya.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kuba\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
c:\documents and settings\kuba\qmae.exe
c:\program files\Yahoo!
c:\program files\Yahoo!\Companion\Data\dlg_as.html
c:\program files\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files\Yahoo!\Companion\Data\dlg_opt.html
c:\program files\Yahoo!\Companion\Data\dlg_pub.html
c:\program files\Yahoo!\Companion\Data\feed4.data
c:\program files\Yahoo!\Companion\Icons\1.ico
c:\program files\Yahoo!\Companion\Icons\3.ico
c:\program files\Yahoo!\Companion\Icons\4.ico
c:\program files\Yahoo!\Companion\Installs\cpn\INSTALL.LOG
c:\program files\Yahoo!\Companion\Installs\cpn\pubmod.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ypubc.dll
c:\windows\system32\orpya.exe
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-03 16:43 . 2010-02-03 16:43 -------- d-----w- C:\rsit
2010-02-03 16:43 . 2010-02-03 16:43 -------- d-----w- c:\program files\trend micro
2010-02-01 20:03 . 2010-02-02 15:22 -------- d-----w- c:\program files\VirtualDJ
2010-01-17 09:25 . 2010-01-20 14:48 -------- d-----w- c:\program files\Metin2
2010-01-13 11:08 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 20:35 . 2009-10-02 17:29 -------- d-----w- c:\program files\Google
2010-01-10 18:19 . 2009-12-06 20:40 -------- d-----w- c:\program files\QuickMediaConverter
2009-12-23 19:45 . 2009-09-21 15:01 -------- d-----w- c:\program files\rajce
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-02 20:07 . 2006-03-02 12:00 86926 ----a-w- c:\windows\system32\perfc005.dat
2009-12-02 20:07 . 2006-03-02 12:00 450108 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2009-09-16 17:52 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-16 17:52 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-09-16 17:52 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-16 17:52 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-16 17:52 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-16 17:52 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-03_17.14.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 18:17 . 2010-02-03 18:17 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat
+ 2010-02-03 18:17 . 2010-02-03 18:17 16384 c:\windows\Temp\Perflib_Perfdata_148.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"VideoStudioVideoStudio"="c:\program files\common files\ulead systems\vio\videostudioulead.exe" [2010-02-02 131072]
"scriptleMicrosoft"="c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe" [2010-02-02 131072]
"KernelSetup"="c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe" [2010-02-02 131072]
"DVACMUlead"="c:\program files\common files\ulead systems\vio\videostudioulead.exe" [2010-02-02 131072]
"InstallShieldEngine"="c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe" [2010-02-02 131072]
"resdllwzcnfrc"="c:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe" [2010-02-02 131072]
"StudioBasic"="c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe" [2010-02-02 131072]
"WizardWizard"="c:\program files\ati technologies\ati.ace\graphics-full-new\es\wizardresources2.0.2736.38622.exe" [2010-02-02 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"VisualStudioTeamCoreStudio"="c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe" [2010-02-02 131072]
"resourcesComponent"="c:\program files\ati technologies\ati.ace\core-implementation\th\controlskinfactory.exe" [2010-02-02 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.9.2009 18:52 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [16.9.2009 20:52 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.9.2009 18:52 20560]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [16.9.2009 20:52 65576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.1.2010 21:35 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 15:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kuba\Data aplikací\Mozilla\Firefox\Profiles\89rm2iyf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 19:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2328)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
.
**************************************************************************
.
Celkový čas: 2010-02-03 19:23:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-03 18:23
ComboFix2.txt 2010-02-03 17:17

Před spuštěním: Volných bajtů: 456 777 310 208
Po spuštění: Volných bajtů: 456 729 731 072

- - End Of File - - B60140B1CAE13D93CDC4F6A256C7AB4A

[Unlimited_Killer]

Dobrá, Avast by již neměl nic hlásit a PC by měl být rychlejší, je tak?
Teď prosím o nový RSIT log.

[pavel112]

OK avast nic nehlásí, PC rychlejší skutečně je , jen při startu nebo restartu PC vybíhá chybová hláška

cmddefwindows.exe - chyba aplikace
Instrukce na adrese xxx odkazovala na adresu paměti xyz . s pamětí nelze provést operaci read

a

security- informace o zabezpečení jeneplatná nebo byla změněná . Tento program bude ukončen

(nejde mi vložit obrázek s printscreenem)

Tyto hlášky vyběhly i při restartu PC způsobeným combofixem



tady je log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by kuba at 2010-02-03 19:55:01
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 436 GB (91%) free of 477 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:04, on 3.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\program files\common files\ulead systems\vio\videostudioulead.exe
C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
C:\program files\common files\ulead systems\vio\videostudioulead.exe
C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe
C:\program files\ati technologies\ati.ace\graphics-full-new\es\wizardresources2.0.2736.38622.exe
C:\program files\ati technologies\ati.ace\core-implementation\th\controlskinfactory.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\kuba\Plocha\RSIT.exe
C:\Program Files\trend micro\kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VideoStudioVideoStudio] c:\program files\common files\ulead systems\vio\videostudioulead.exe
O4 - HKLM\..\Run: [scriptleMicrosoft] c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe
O4 - HKLM\..\Run: [KernelSetup] c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
O4 - HKLM\..\Run: [DVACMUlead] C:\program files\common files\ulead systems\vio\videostudioulead.exe
O4 - HKLM\..\Run: [InstallShieldEngine] C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe
O4 - HKLM\..\Run: [resdllwzcnfrc] C:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe
O4 - HKLM\..\Run: [StudioBasic] C:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe
O4 - HKLM\..\Run: [WizardWizard] c:\program files\ati technologies\ati.ace\graphics-full-new\es\wizardresources2.0.2736.38622.exe
O4 - HKLM\..\Run: [resourcesresources] c:\program files\ati technologies\ati.ace\core-implementation\th\controlskinfactory.exe
O4 - HKLM\..\RunServices: [VideoStudioDVACM] C:\program files\common files\ulead systems\vio\videostudioulead.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3131467654
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9339 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"VideoStudioVideoStudio"=c:\program files\common files\ulead systems\vio\videostudioulead.exe [2010-02-02 131072]
"scriptleMicrosoft"=c:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe [2010-02-02 131072]
"KernelSetup"=c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe [2010-02-02 131072]
"DVACMUlead"=C:\program files\common files\ulead systems\vio\videostudioulead.exe [2010-02-02 131072]
"InstallShieldEngine"=C:\program files\common files\installshield\professional\runtime\11\00\intel32\iscriptuser11.00.exe [2010-02-02 131072]
"resdllwzcnfrc"=C:\program files\common files\microsoft shared\database replication\resources\1029\wzcnfrcresdll.exe [2010-02-02 131072]
"StudioBasic"=C:\program files\microsoft office\office11\vs runtime\cmddefwindows.exe [2010-02-02 131072]
"WizardWizard"=c:\program files\ati technologies\ati.ace\graphics-full-new\es\wizardresources2.0.2736.38622.exe [2010-02-02 131072]
"resourcesresources"=c:\program files\ati technologies\ati.ace\core-implementation\th\controlskinfactory.exe [2010-02-02 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-05-15 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-03 19:23:51 ----A---- C:\ComboFix.txt
2010-02-03 18:03:30 ----A---- C:\Boot.bak
2010-02-03 18:03:26 ----RASHD---- C:\cmdcons
2010-02-03 18:01:51 ----A---- C:\WINDOWS\zip.exe
2010-02-03 18:01:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-03 18:01:51 ----A---- C:\WINDOWS\SWSC.exe
2010-02-03 18:01:51 ----A---- C:\WINDOWS\SWREG.exe
2010-02-03 18:01:51 ----A---- C:\WINDOWS\sed.exe
2010-02-03 18:01:51 ----A---- C:\WINDOWS\PEV.exe
2010-02-03 18:01:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-03 18:01:51 ----A---- C:\WINDOWS\MBR.exe
2010-02-03 18:01:51 ----A---- C:\WINDOWS\grep.exe
2010-02-03 18:01:39 ----D---- C:\WINDOWS\ERDNT
2010-02-03 18:00:57 ----D---- C:\Qoobox
2010-02-03 17:43:41 ----D---- C:\rsit
2010-02-03 17:43:41 ----D---- C:\Program Files\trend micro
2010-02-01 21:03:51 ----D---- C:\Program Files\VirtualDJ
2010-01-17 10:25:13 ----D---- C:\Program Files\Metin2
2010-01-13 21:36:16 ----A---- C:\moduleName.txt
2010-01-13 21:36:14 ----D---- C:\Documents and Settings\kuba\Data aplikací\Google
2010-01-13 20:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 20:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-03 19:39:22 ----D---- C:\Program Files\Mozilla Firefox
2010-02-03 19:35:25 ----AD---- C:\WINDOWS\Temp
2010-02-03 19:33:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 19:33:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-03 19:23:56 ----D---- C:\WINDOWS\system32\drivers
2010-02-03 19:18:16 ----D---- C:\WINDOWS
2010-02-03 19:18:16 ----A---- C:\WINDOWS\system.ini
2010-02-03 19:15:47 ----RD---- C:\Program Files
2010-02-03 19:15:45 ----SD---- C:\WINDOWS\Tasks
2010-02-03 19:15:43 ----D---- C:\WINDOWS\system32
2010-02-03 19:13:57 ----D---- C:\WINDOWS\AppPatch
2010-02-03 19:13:55 ----D---- C:\Program Files\Common Files
2010-02-03 18:03:31 ----RASH---- C:\boot.ini
2010-02-02 16:22:33 ----D---- C:\WINDOWS\Prefetch
2010-02-01 21:03:54 ----RSD---- C:\WINDOWS\Fonts
2010-01-30 21:29:28 ----D---- C:\Documents and Settings\kuba\Data aplikací\Skype
2010-01-30 16:04:32 ----D---- C:\Documents and Settings\kuba\Data aplikací\skypePM
2010-01-28 14:12:57 ----HD---- C:\WINDOWS\inf
2010-01-27 19:54:54 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-22 23:50:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 23:50:49 ----D---- C:\Program Files\Internet Explorer
2010-01-22 23:50:43 ----D---- C:\WINDOWS\ie8updates
2010-01-22 23:50:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 18:57:13 ----D---- C:\Documents and Settings\kuba\Data aplikací\dvdcss
2010-01-13 21:36:05 ----SHD---- C:\WINDOWS\Installer
2010-01-13 21:35:51 ----D---- C:\Program Files\Google
2010-01-13 20:52:25 ----A---- C:\WINDOWS\imsins.BAK
2010-01-10 19:19:44 ----D---- C:\Program Files\QuickMediaConverter
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-27 2303488]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-27 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-13 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Unlimited_Killer]

Zatím na to zkuste CCleaner, napište, zda zabral.

~~~

Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.

Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.

Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.

CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

[pavel112]

Pročištěno CCleanerem dle doporučení, chybová hláška při nabíhání PC vyskakuje pořád, ale s tím bych se smířil, když PC pojede jak má.

Ještě jsem pak nechal proskenovat PC avastem - našel několik souborů napadených Malvare-gen v adresáři System volume information/restore - ty jsem přesunul do truhly
a na C:/ byl adresář Qoobox v kterém byly složky z Desktop security 2010 a v nich byly soubory s příponou .vir, na které avast taky hulákal - ty jsem smazal
Teď ještě jednou nechám projet počítač avastem a eventuelně dám vědět

Zatím děkuji za velkou pomoc v boji s havětí

[Unlimited_Killer]

Čistil jste registry? Nebo jen cookies atp? Já potřebuji toto:


Prosím o zazipování složky C:\Qoobox a uploadnutí na server http://www.leteckaposta.cz (odkaz mi pošlete přes soukromou zprávu!) - je to do mé sbírky havěti. Jen škoda, že tam již není Desktop security 2010 Jinak složka Qoobox je karanténa ComboFixu, tudíž soubory v ní jsou naprosto bezmocné.

[pavel112]

Čistil jsem obě dvě záložky, jak cookies a spol, tak registry, dle doporučení.
Při startu PC se nepravidelně střídá několik chybových hlášek, někdy jedna, někdy víc, někdy žádná, jen varování že informace o zabezpečení je neplatná se objevuje pokaždé. Ale s tím se nějak srovnám, pokud to nebude mít nějaké další důsledky.

Složku Qoobox Vám pošlu, ale už tam nejsou soubory .vir, na které avast hulákal, ty jsem hned smazal a a v rámci úklidu jsem mezitím i vysypal koš, aby na to nikdo neklikl. Že soubory v této složce jsou bezmocné jsem bohužel nevěděl, až tak do problematiky nevidím.

Po druhém projetí PC avastem (po promazání souborů na které avast předtím hulákal) už je počítač čistý

Ještě jednou děkuji za pomoc a Váš čas

[Unlimited_Killer]

Ještě to není vše, něco vymyslím s těmi hláškami.

[pavel112]

Dopředu dík, zítra navečer, až přijdu z práce se ozvu...