Problém s Explorerem

Zdena.Sladky · Příspěvekod **Zdena.Sladky** » 15 kvě 2009 16:58

Ahoj všem, mohli byste se mi prosím mrknout na log? Poslední dobou mě zlobí explorer, hlavně při zobrazování fotek a prohlížení internetu, někdy i při přístupu na disk. Děkuju předem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:16, on 15.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {32595559-0000-0010-8000-00AA00389B71} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F9152AEC-3462-4632-8087-EEE3C3CDDA24} - http://activex.microsoft.com/objects/ocget.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c98e2e143a6682) (gupdate1c98e2e143a6682) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8264 bytes

Reklama

Příspěvekod **memphisto** » 15 kvě 2009 17:06

Vyloženě nic špatného nevidím. Nerozhodil sis systém tím StyleXP?

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Zdena.Sladky · Příspěvekod **Zdena.Sladky** » 15 kvě 2009 17:11

Zkusim to. Style XP mám od začátku ( cca. od Vánoc ) problémy začaly asi minulý týden.

Zdena.Sladky · Příspěvekod **Zdena.Sladky** » 15 kvě 2009 17:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:16, on 15.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {32595559-0000-0010-8000-00AA00389B71} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F9152AEC-3462-4632-8087-EEE3C3CDDA24} - http://activex.microsoft.com/objects/ocget.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c98e2e143a6682) (gupdate1c98e2e143a6682) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8264 bytes

Příspěvekod **memphisto** » 15 kvě 2009 17:21

hoď sem log z Mbam. Problém s Explorer.exe bývá u videa pokud máš v PC více kodeků a nebo poškozené náhledy videa nebo fotek

Zdena.Sladky · Příspěvekod **Zdena.Sladky** » 15 kvě 2009 17:28

sorry,

zkopíroval sem špatný soubor... :oops:

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2135
Windows 5.1.2600 Service Pack 2

15.5.2009 17:19:55
mbam-log-2009-05-15 (17-19-55).txt

Typ skenu: Rychlý sken
Objektu skenováno: 77392
Uplynulý cas: 2 minute(s), 13 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Příspěvekod **memphisto** » 15 kvě 2009 18:02

Tak poslední sken :smile:

Mbam a HJT je relativně ok a problém tam nevidím. Viděl bych to spíše na ten rozhozený Win

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Zdena.Sladky · Příspěvekod **Zdena.Sladky** » 15 kvě 2009 19:25

ComboFix 09-05-14.07 - Zdeněk 15.05.2009 19:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3070.2566 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zdeněk\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1290 [VPS 090514-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-15 do 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-15 15:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-15 15:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 15:16 . 2009-05-15 15:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-15 14:59 . 2009-05-15 14:59 -------- d-----w c:\program files\Trend Micro
2009-05-14 13:23 . 2009-05-14 13:23 -------- d-----w c:\program files\Phenomedia AG
2009-05-14 13:23 . 1998-11-17 11:44 328704 ----a-w c:\windows\IsUn0407.exe
2009-05-06 13:09 . 2009-05-06 13:09 -------- d-----w c:\program files\Popisovač CD-DVD
2009-04-23 07:43 . 2009-04-23 07:43 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-23 07:43 . 2009-04-23 07:43 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-23 07:43 . 2001-11-19 17:05 3972 ----a-w c:\windows\system32\drivers\PciBus.sys
2009-04-23 07:43 . 2004-06-22 13:44 5632 ----a-w c:\windows\system32\drivers\Entech64.sys
2009-04-23 07:43 . 2004-10-25 18:02 21664 ----a-w c:\windows\system32\drivers\Entech.sys
2009-04-23 07:43 . 2009-04-23 07:43 -------- d-----w c:\windows\system32\Futuremark

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 15:39 . 2008-11-26 19:42 196608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-05-15 15:00 . 2006-03-02 12:00 82372 ----a-w c:\windows\system32\perfc005.dat
2009-05-15 15:00 . 2006-03-02 12:00 437558 ----a-w c:\windows\system32\perfh005.dat
2009-05-14 13:41 . 2008-11-27 18:27 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-14 13:40 . 2009-03-31 20:02 -------- d-----w c:\program files\Boris FX, Inc
2009-04-23 08:15 . 2008-11-26 19:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-31 20:03 . 2009-03-31 20:03 -------- d-----w c:\program files\LooksBuilderSE
2009-03-31 20:01 . 2008-12-01 16:26 -------- d-----w c:\program files\Pinnacle
2009-03-31 19:46 . 2009-03-31 19:46 -------- d-----w c:\program files\Common Files\Pinnacle
2009-03-31 19:42 . 2009-03-31 19:42 -------- d-----w c:\program files\Common Files\Yahoo!
2009-03-30 17:18 . 2009-02-20 10:58 -------- d-----w c:\program files\SpeedFan
2009-03-29 14:27 . 2009-01-06 15:11 138464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-29 14:27 . 2009-01-06 15:11 111928 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-10 21:04 . 2009-03-10 21:04 74703 ----a-w c:\windows\system32\mfc45.dll
2009-03-06 14:47 . 2006-03-02 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 15:16 . 2009-01-06 15:11 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-25 15:14 . 2008-11-26 19:38 8 ----a-w c:\windows\system32\nvModes.dat
2009-02-23 17:55 . 2009-02-23 17:55 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-20 17:13 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-17 22:22 . 2008-11-26 20:54 737280 ----a-w c:\windows\iun6002.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 1359872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-12 3276288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-16 13533184]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-05-28 380928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-16 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-16 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-27 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [29.3.2009 15:15 40368]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26.11.2008 23:25 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.11.2008 23:25 20560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2.3.2006 14:00 69120]
S2 gupdate1c98e2e143a6682;Služba Google Update (gupdate1c98e2e143a6682);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 0:54 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{102907dc-13d4-11de-ad1c-0017319313e5}]
\Shell\AutoRun\command - b:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
\Shell\open\command - b:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b48f0e6-3a3a-11de-ad6e-0017319313e5}]
\sHEll\AUToplay\cOmmAnD - F:\uwru.exe
\sHEll\AutoRun\command - F:\uwru.exe
\sHEll\exPLoRe\cOMmaNd - F:\uwru.exe
\sHEll\OPEn\ComMaNd - F:\uwru.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-05-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-13 08:31]

2009-05-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 22:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Zdeněk\Data aplikací\Mozilla\Firefox\Profiles\l4rdk5dn.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 19:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,86,f2,7c,29,ec,
5a,21,23,c8,28,51,af,b0,29,a3,98,11,17,d2,da,5b,6c,41,b6,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,82,1c,88,fb,d4,
23,ae,c0,71,3b,04,66,8b,46,0d,96,8e,85,96,cc,6b,e6,c5,2f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,8f,42,53,79,
a2,51,e3,25,da,ec,7e,55,20,c9,26,62,00,a4,0c,c4,17,7f,10,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b4,8a,43,75,fd,
44,89,42,3e,1e,9e,e0,57,5a,93,61,16,88,53,34,03,be,9f,7d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c9,ef,e3,3a,d5,
5d,f5,6d,cd,44,cd,b9,a6,33,6c,cd,53,73,21,cc,1e,9c,ed,1e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,74,52,56,9e,b0,
aa,5a,0b,b0,18,ed,a7,3f,8d,37,a4,89,d3,f4,c9,02,a2,5e,3e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,93,5d,46,cd,d3,
c8,1b,9f,31,77,e1,ba,b1,f8,68,02,ed,ee,66,de,99,3f,20,ad,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ec,37,97,3f,f1,
92,91,1e,83,6c,56,8b,a0,85,96,ab,53,54,69,32,ac,50,5f,36,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a1,e5,6d,8b,7d,
28,99,57,51,fa,6e,91,28,9e,14,cc,b1,bb,81,56,8f,7f,3e,d8,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,83,f2,63,3c,0d,
36,08,71,b1,cd,45,5a,a8,c4,f8,b9,61,5f,08,af,12,ca,40,54,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1f,95,39,3f,eb,
40,aa,7e,e3,0e,66,d5,eb,bc,2f,6b,7c,fe,c1,a0,e6,80,b7,f1,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,0b,75,ec,f0,cf,
43,0c,7c,fa,ea,66,7f,d4,3b,6b,70,07,27,a2,16,f0,c3,e1,10,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="395BB1CCF4D9EE18FD17E4FD872916E91ABEC4631449D55F5ED0138E7879759701E64BA8D96CEE6D974CE43AC86712085E25DE0B2DF37A82D32599890C1852141FD484C5142C66DF48E91DFA02B30C39BF2A362CC8CFD6143A669BCC9F399AEBD6FEF67BC5D3C04D18F8904EA74AECE4AB28DDAB53BC6FA5035FD835B3FD12753F40AEC0A0651E77E2073C66462D4F55FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A9C6AECB7A5D1407E6DB46C7F90F8F4A28E119D302A234823C607D5BE8BBBDC35FCF7EC5C52509AC83DBA6572816C4C304B8F53F761050BC368532AB9FCBF4643C4B02F99AB5E88EAD7A59EF3804269C9288368342CA0A0AAB11ADB86CB44E940990458915B84A69F329A462D6EE0C6FA6F50F2CE6EB368FD4F8AE65C5313A200689B4CEC2A85BD13ADFC023C6B48037E72B24E57BD1DCD0BEB6E8B8B840DFB5431FAFC9C1C3FE41381B5BCB5BF4C457535491822A9CBA3B49C7035D62229769273F0A9DC78ECA9176DA94987F93CB153621E3F8B131BF1BAA2D98A2775F7032EBDD8B941C4F0B055321816AAF383D18B6C71D62E33891A26AEDB7FA3F40296C9EF1F1981D91BC3F84F52BC67DD074EFCBFEB47D26A009E9E513E3FC94D239D5A0F46C3A3824144A8EE60FD60E0B800DC005922BF41B306ACD2A9365E56A4B1328659EADF49AF410CD021E661ADD26C4B69A17715C9B4A8227453311389DBAABBFC721CAE84BFBE26F5ABC67EF7FDA509F0312FB005C4AF4C979A084A2C4980AC4A0FE8C40D3F7F5F588C56DEFEB4D4D4587CA1694D9D967E261AE64CD7F2D7E697CB893BD8F69E23AA704339064D9BD41F47BB26656D3E47419A5FD7CAE6F3C31E8432333A488A466D839935AEC1606059CD06852564BDCD1C33F3E01F98ED9797705250BF83F1DF7BE9B91E94D48F0D3D16EEF4BA2021FA4062B3AC0C9EBD36D415BA2BFB72D104200D2D0F0906C2AC4EDE9A8D7C77263680A0C27B8CD1B090FDF16CD62D023A5EC4AFB99B60AB2C3C44D4C929118C7C570FDF9E0F7F7683D357178F91677A86AF14BA8DA90CA7D3493D115D5A7296341DE127F6522FD4F9788193B9D95A178CE2038DC246FABE45344DE35BADA53D9BBAD7D1A58ED5A03A388FC8A56AA0AFE271BC8142A53C935DFBD5D13AE82B37378A9783F80264A665084C806E337B1622CD7B6B8465084EC7A3E3A08C5882CAC2472425448AAD01771242AC1A92F5BF57923C2AC7511013FA75365E334EBE036CBFD9A34BEEEB35EBDE05445AE9A0D46909931455952A515D2E2546854BEBAF3E216C8AF17F9FDC0D2877E8DA0169311D530C94B356620094823FEC82426E700BFD5950828677C722DBBE10A4ED0FB4890"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\nview.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-05-15 19:27
ComboFix-quarantined-files.txt 2009-05-15 17:27

Před spuštěním: 2 331 815 936
Po spuštění: 2 468 667 392

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

223 --- E O F --- 2009-05-14 13:01

Příspěvekod **jaro3** » 16 kvě 2009 14:57

Nejprve toto:
Toto otestuj na Virustotal
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\PciBus.sys
c:\windows\system32\nvModes.dat
Vlož sem pak odkazy výsledků.

Zdena.Sladky · Příspěvekod **Zdena.Sladky** » 16 kvě 2009 19:22

http://www.virustotal.com/cs/analisis/b ... 7ede24c6a5

http://www.virustotal.com/cs/analisis/d ... af8b66597a

http://www.virustotal.com/cs/analisis/b ... 6025c32f57

Příspěvekod **jaro3** » 16 kvě 2009 20:09

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\iun6002.exe
b:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
F:\uwru.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{102907dc-13d4-11de-ad1c-0017319313e5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b48f0e6-3a3a-11de-ad6e-0017319313e5}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Zdena.Sladky · Příspěvekod **Zdena.Sladky** » 17 kvě 2009 22:03

aComboFix 09-05-14.07 - Zdeněk 17.05.2009 22:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3070.2633 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zdeněk\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Zdeněk\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1290 [VPS 090514-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
b:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
c:\windows\iun6002.exe
F:\uwru.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-17 do 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-15 15:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-15 15:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 15:16 . 2009-05-15 15:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-15 14:59 . 2009-05-15 14:59 -------- d-----w c:\program files\Trend Micro
2009-05-14 13:23 . 2009-05-14 13:23 -------- d-----w c:\program files\Phenomedia AG
2009-05-14 13:23 . 1998-11-17 11:44 328704 ----a-w c:\windows\IsUn0407.exe
2009-05-06 13:09 . 2009-05-06 13:09 -------- d-----w c:\program files\Popisovač CD-DVD
2009-04-23 07:43 . 2009-04-23 07:43 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-23 07:43 . 2009-04-23 07:43 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-23 07:43 . 2001-11-19 17:05 3972 ----a-w c:\windows\system32\drivers\PciBus.sys
2009-04-23 07:43 . 2004-06-22 13:44 5632 ----a-w c:\windows\system32\drivers\Entech64.sys
2009-04-23 07:43 . 2004-10-25 18:02 21664 ----a-w c:\windows\system32\drivers\Entech.sys
2009-04-23 07:43 . 2009-04-23 07:43 -------- d-----w c:\windows\system32\Futuremark

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 19:47 . 2008-11-26 19:42 196608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-05-17 19:39 . 2006-03-02 12:00 82372 ----a-w c:\windows\system32\perfc005.dat
2009-05-17 19:39 . 2006-03-02 12:00 437558 ----a-w c:\windows\system32\perfh005.dat
2009-05-14 13:41 . 2008-11-27 18:27 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-14 13:40 . 2009-03-31 20:02 -------- d-----w c:\program files\Boris FX, Inc
2009-04-23 08:15 . 2008-11-26 19:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-31 20:03 . 2009-03-31 20:03 -------- d-----w c:\program files\LooksBuilderSE
2009-03-31 20:01 . 2008-12-01 16:26 -------- d-----w c:\program files\Pinnacle
2009-03-31 19:46 . 2009-03-31 19:46 -------- d-----w c:\program files\Common Files\Pinnacle
2009-03-31 19:42 . 2009-03-31 19:42 -------- d-----w c:\program files\Common Files\Yahoo!
2009-03-30 17:18 . 2009-02-20 10:58 -------- d-----w c:\program files\SpeedFan
2009-03-29 14:27 . 2009-01-06 15:11 138464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-29 14:27 . 2009-01-06 15:11 111928 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-10 21:04 . 2009-03-10 21:04 74703 ----a-w c:\windows\system32\mfc45.dll
2009-03-06 14:47 . 2006-03-02 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 15:16 . 2009-01-06 15:11 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-25 15:14 . 2008-11-26 19:38 8 ----a-w c:\windows\system32\nvModes.dat
2009-02-23 17:55 . 2009-02-23 17:55 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-20 17:13 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-15_17.26.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-17 19:35 . 2009-05-17 19:35 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat
+ 2006-03-02 12:00 . 2009-05-17 19:39 71060 c:\windows\system32\perfc009.dat
- 2006-03-02 12:00 . 2009-05-15 15:00 71060 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2009-05-17 19:39 441124 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2009-05-15 15:00 441124 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 1359872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-12 3276288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-16 13533184]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-05-28 380928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-16 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-16 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-27 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [29.3.2009 15:15 40368]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26.11.2008 23:25 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.11.2008 23:25 20560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2.3.2006 14:00 69120]
S2 gupdate1c98e2e143a6682;Služba Google Update (gupdate1c98e2e143a6682);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 0:54 133104]
.
Obsah adresáře 'Naplánované úlohy'

2009-05-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-13 08:31]

2009-05-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 22:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Zdeněk\Data aplikací\Mozilla\Firefox\Profiles\l4rdk5dn.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 22:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,86,f2,7c,29,ec,
5a,21,23,c8,28,51,af,b0,29,a3,98,11,17,d2,da,5b,6c,41,b6,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,82,1c,88,fb,d4,
23,ae,c0,71,3b,04,66,8b,46,0d,96,8e,85,96,cc,6b,e6,c5,2f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,8f,42,53,79,
a2,51,e3,25,da,ec,7e,55,20,c9,26,62,00,a4,0c,c4,17,7f,10,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b4,8a,43,75,fd,
44,89,42,3e,1e,9e,e0,57,5a,93,61,16,88,53,34,03,be,9f,7d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c9,ef,e3,3a,d5,
5d,f5,6d,cd,44,cd,b9,a6,33,6c,cd,53,73,21,cc,1e,9c,ed,1e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,74,52,56,9e,b0,
aa,5a,0b,b0,18,ed,a7,3f,8d,37,a4,89,d3,f4,c9,02,a2,5e,3e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,93,5d,46,cd,d3,
c8,1b,9f,31,77,e1,ba,b1,f8,68,02,ed,ee,66,de,99,3f,20,ad,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ec,37,97,3f,f1,
92,91,1e,83,6c,56,8b,a0,85,96,ab,53,54,69,32,ac,50,5f,36,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a1,e5,6d,8b,7d,
28,99,57,51,fa,6e,91,28,9e,14,cc,b1,bb,81,56,8f,7f,3e,d8,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,83,f2,63,3c,0d,
36,08,71,b1,cd,45,5a,a8,c4,f8,b9,61,5f,08,af,12,ca,40,54,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1f,95,39,3f,eb,
40,aa,7e,e3,0e,66,d5,eb,bc,2f,6b,7c,fe,c1,a0,e6,80,b7,f1,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,0b,75,ec,f0,cf,
43,0c,7c,fa,ea,66,7f,d4,3b,6b,70,07,27,a2,16,f0,c3,e1,10,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="395BB1CCF4D9EE18FD17E4FD872916E91ABEC4631449D55F5ED0138E7879759701E64BA8D96CEE6D974CE43AC86712085E25DE0B2DF37A82D32599890C1852141FD484C5142C66DF48E91DFA02B30C39BF2A362CC8CFD6143A669BCC9F399AEBD6FEF67BC5D3C04D18F8904EA74AECE4AB28DDAB53BC6FA5035FD835B3FD12753F40AEC0A0651E77E2073C66462D4F55FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A9C6AECB7A5D1407E6DB46C7F90F8F4A28E119D302A234823C607D5BE8BBBDC35FCF7EC5C52509AC83DBA6572816C4C304B8F53F761050BC368532AB9FCBF4643C4B02F99AB5E88EAD7A59EF3804269C9288368342CA0A0AAB11ADB86CB44E940990458915B84A69F329A462D6EE0C6FA6F50F2CE6EB368FD4F8AE65C5313A200689B4CEC2A85BD13ADFC023C6B48037E72B24E57BD1DCD0BEB6E8B8B840DFB5431FAFC9C1C3FE41381B5BCB5BF4C457535491822A9CBA3B49C7035D62229769273F0A9DC78ECA9176DA94987F93CB153621E3F8B131BF1BAA2D98A2775F7032EBDD8B941C4F0B055321816AAF383D18B6C71D62E33891A26AEDB7FA3F40296C9EF1F1981D91BC3F84F52BC67DD074EFCBFEB47D26A009E9E513E3FC94D239D5A0F46C3A3824144A8EE60FD60E0B800DC005922BF41B306ACD2A9365E56A4B1328659EADF49AF410CD021E661ADD26C4B69A17715C9B4A8227453311389DBAABBFC721CAE84BFBE26F5ABC67EF7FDA509F0312FB005C4AF4C979A084A2C4980AC4A0FE8C40D3F7F5F588C56DEFEB4D4D4587CA1694D9D967E261AE64CD7F2D7E697CB893BD8F69E23AA704339064D9BD41F47BB26656D3E47419A5FD7CAE6F3C31E8432333A488A466D839935AEC1606059CD06852564BDCD1C33F3E01F98ED9797705250BF83F1DF7BE9B91E94D48F0D3D16EEF4BA2021FA4062B3AC0C9EBD36D415BA2BFB72D104200D2D0F0906C2AC4EDE9A8D7C77263680A0C27B8CD1B090FDF16CD62D023A5EC4AFB99B60AB2C3C44D4C929118C7C570FDF9E0F7F7683D357178F91677A86AF14BA8DA90CA7D3493D115D5A7296341DE127F6522FD4F9788193B9D95A178CE2038DC246FABE45344DE35BADA53D9BBAD7D1A58ED5A03A388FC8A56AA0AFE271BC8142A53C935DFBD5D13AE82B37378A9783F80264A665084C806E337B1622CD7B6B8465084EC7A3E3A08C5882CAC2472425448AAD01771242AC1A92F5BF57923C2AC7511013FA75365E334EBE036CBFD9A34BEEEB35EBDE05445AE9A0D46909931455952A515D2E2546854BEBAF3E216C8AF17F9FDC0D2877E8DA0169311D530C94B356620094823FEC82426E700BFD5950828677C722DBBE10A4ED0FB4890"
.
Celkový čas: 2009-05-17 22:03
ComboFix-quarantined-files.txt 2009-05-17 20:03
ComboFix2.txt 2009-05-15 17:27

Před spuštěním: 2 331 758 592
Po spuštění: 2 445 856 768

217 --- E O F --- 2009-05-14 13:01

Problém s Explorerem

Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Re: Problém s Explorerem

Kdo je online