Nelze otevřít stránky s Windows Update

[Padera]

mám stejný úroblém kromě toho AVG. Ale navíc mi v žádném prohlížeči nejdou otevřít všechny stránky okolo Windows Update. Prosím o pomoc uz nevim co s tím.

[Levlard]

Vlož sem pro lepší diagnostiku log z ComboFixu - návod na jeho použití je tady.

[Padera]

To sem mám zkopírovat celý obsah toho souboru? Je to strašně dlouhý.

[kejki3]

Ano.

[Padera]

ComboFix 08-12-26.03 - Honza 2008-12-27 13:26:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.2046.961 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\SLOVA.WAV
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\TRNCOM.INI
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\WDICT32.INI
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\WTRAN32.INI
c:\windows\system32\KBL.LOG
c:\windows\system32\tmp.reg
D:\resycled

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Windows Tribute Service


((((((((((((((((((((((((( Soubory vytvořené od 2008-11-27 do 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-27 11:09 . 2008-12-27 11:11 299,018,533 --a------ c:\windows\MEMORY.DMP
2008-12-26 19:24 . 2008-12-27 11:05 <DIR> d-------- c:\program files\Ski Challenge 09
2008-12-26 18:15 . 2008-12-26 19:22 <DIR> d-------- C:\Games
2008-12-25 16:24 . 2008-12-25 16:24 <DIR> d-------- c:\users\Honza\AppData\Roaming\Iomatic
2008-12-23 21:29 . 2008-12-23 21:29 <DIR> d-------- c:\users\All Users\FTWeak
2008-12-23 21:29 . 2008-12-23 21:29 <DIR> d-------- c:\programdata\FTWeak
2008-12-23 21:29 . 2008-12-23 21:30 <DIR> d-------- c:\program files\FCleaner
2008-12-21 22:26 . 2008-12-21 22:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-19 19:10 . 2008-12-19 19:10 268 --ah----- C:\sqmdata01.sqm
2008-12-19 19:10 . 2008-12-19 19:10 244 --ah----- C:\sqmnoopt01.sqm
2008-12-16 15:46 . 2008-12-16 15:46 1,700,352 --a------ c:\windows\System32\gdiplus.dll
2008-12-16 15:25 . 2008-12-16 15:25 <DIR> d-------- C:\NVIDIA
2008-12-15 20:34 . 2008-12-15 20:34 268 --ah----- C:\sqmdata00.sqm
2008-12-15 20:34 . 2008-12-15 20:34 244 --ah----- C:\sqmnoopt00.sqm
2008-12-15 18:23 . 2008-12-15 18:23 0 --a------ c:\windows\nsreg.dat
2008-12-15 10:51 . 2008-12-15 10:51 <DIR> d-------- c:\windows\System32\xlive
2008-12-15 10:51 . 2008-12-16 15:12 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-15 10:17 . 2008-12-15 10:18 <DIR> d-------- c:\program files\Rockstar Games
2008-12-10 15:01 . 2008-12-10 15:01 <DIR> d-------- c:\program files\WinAVI VideoConverter
2008-12-10 10:10 . 2008-12-10 10:12 <DIR> d-------- c:\program files\Movie Joiner
2008-12-08 17:39 . 2008-12-08 17:39 <DIR> d-------- c:\users\Honza\{f97aed30-0c6f-48c7-9e8c-f8536e909da4}
2008-12-08 17:39 . 2008-12-08 17:39 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-08 17:39 . 2008-12-08 17:39 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-07 19:57 . 2008-12-07 19:57 <DIR> d-------- c:\windows\Sun
2008-12-07 15:02 . 2008-12-10 10:17 38 --a------ c:\windows\avisplitter.INI
2008-12-02 14:04 . 2008-12-02 14:05 <DIR> d-------- c:\program files\ICQ6.5
2008-11-29 18:49 . 1999-05-10 01:00 1,384,448 --a------ c:\windows\System32\temp.000
2008-11-29 18:38 . 2008-11-29 18:54 <DIR> d-------- c:\users\Honza\AppData\Roaming\MiniDm
2008-11-28 17:50 . 2008-11-28 17:50 29,184 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-28 17:37 . 2008-11-28 18:38 <DIR> d-------- c:\users\Honza\AppData\Roaming\GHISLER
2008-11-28 17:37 . 2008-11-28 18:38 <DIR> d-------- c:\program files\totalcmd
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 10:13 137,091 ----a-w c:\users\Honza\AppData\Roaming\nvModes.dat
2008-12-26 21:09 --------- d-----w c:\users\Honza\AppData\Roaming\OpenOffice.org2
2008-12-26 08:47 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-26 08:47 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-25 20:06 --------- d-----w c:\users\Honza\AppData\Roaming\uTorrent
2008-12-21 22:02 --------- d-----w c:\program files\Microsoft Games
2008-12-19 18:32 --------- d-----w c:\program files\EA Sports
2008-12-15 09:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 20:31 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-11 20:08 --------- d-----w c:\program files\GamePark
2008-12-11 20:06 22,328 ----a-w c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2008-12-08 16:36 --------- d-----w c:\program files\Nokia
2008-12-08 16:35 --------- d-----w c:\programdata\Installations
2008-12-05 15:06 --------- d-----w c:\users\Honza\AppData\Roaming\Skype
2008-12-02 22:11 453,152 ----a-w c:\windows\System32\nvudisp.exe
2008-12-02 09:13 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-11-23 12:01 --------- d-----w c:\users\Honza\AppData\Roaming\Ipswitch
2008-11-23 12:01 --------- d-----w c:\programdata\Ipswitch
2008-11-23 12:01 --------- d-----w c:\program files\Ipswitch
2008-11-23 11:55 --------- d-----w c:\program files\NetObjects
2008-11-22 19:29 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-11-20 15:20 --------- d-----w c:\users\Honza\AppData\Roaming\Ahead
2008-11-20 15:13 --------- d-----w c:\program files\Common Files\Nero
2008-11-20 09:59 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-19 14:37 --------- d-----w c:\programdata\NVIDIA
2008-11-19 09:21 --------- d-----w c:\users\Honza\AppData\Roaming\U3
2008-11-19 08:06 6,936 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-11-14 16:13 --------- d-----w c:\programdata\LogMeIn
2008-11-12 10:27 --------- d-----w c:\users\Honza\AppData\Roaming\ICQ
2008-11-12 09:09 --------- d-----w c:\program files\Electronic Arts
2008-11-11 14:14 --------- d-----w c:\users\Honza\AppData\Roaming\Motive
2008-11-11 14:08 --------- d-----w c:\programdata\Motive
2008-11-11 14:08 --------- d-----w c:\program files\TO2SSM
2008-11-11 14:08 --------- d-----w c:\program files\Common Files\Motive
2008-11-11 09:29 --------- d-----w c:\program files\Trust
2008-11-06 14:57 --------- d-----w c:\program files\Mouse Driver
2008-11-05 07:38 --------- d-----w c:\program files\Yahoo!
2008-11-03 05:55 --------- d-----w c:\programdata\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
2008-10-29 05:39 --------- d-----w c:\program files\TO2SAM
2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-28 10:03 --------- d-----w c:\users\Honza\AppData\Roaming\Nokia
2008-10-27 06:14 --------- d-----w c:\users\Honza\AppData\Roaming\PC Suite
2008-10-27 06:13 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-10-22 08:49 316 ----a-w c:\users\Honza\AppData\Roaming\lenovo_config.dat
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 20:24 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-16 19:35 87,352 ----a-w c:\windows\System32\LMIinit.dll
2008-10-16 19:35 83,288 ----a-w c:\windows\System32\LMIRfsClientNP.dll
2008-10-16 19:35 28,984 ----a-w c:\windows\System32\LMIport.dll
2008-10-16 19:35 23,736 ----a-w c:\windows\System32\lmimirr.dll
2008-10-16 19:35 10,040 ----a-w c:\windows\System32\lmimirr2.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 16:39 339,456 ----a-w c:\windows\UIA200.exe
2008-09-19 17:22 174 --sha-w c:\program files\desktop.ini
2008-08-03 20:08 22 --sha-w c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"OEXPRESS"="c:\windows\OETRN.EXE" [2008-08-05 26624]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1232952024-2138483836-3295632490-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{726FF3A1-24CF-4BE4-89A0-DFE08E75E293}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{379E6F41-0E02-4620-9D21-E7337D79BEBA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1A2181CE-0028-4DC6-8D44-007501C5E7BA}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{AC4DDBE8-AF58-465A-B887-B69F6B14AC55}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{84837AEC-9BB8-4E77-AA6F-FD7D893EA5CA}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{FC2CC398-23CE-4F78-B853-F3AD0FC199DD}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{D2A0AB1A-DADD-4593-A0E7-23659E3FDAB9}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6F6A97BA-3114-4E49-8D45-665C3EDDD809}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{D1F04384-2395-459E-AF31-C63877F2FDBF}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{468FAC2C-B446-4129-8A7C-3E3C45ADBC4B}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{719BF90E-3041-4042-A3CC-BCD0477E81F4}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{C3BC0AD3-E12E-44D2-9DDD-A2CEB8BA5361}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{24D58F30-A4F7-41C6-A984-772B8DC5C7D8}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{BE187E4C-6C3D-4FEC-AA01-86B2D7AFC907}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{65B2AA6F-D501-43D4-9637-B078B52A4B99}"= UDP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{9FC0C835-AD0D-4F02-A6D6-99B0B13AE19B}"= TCP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{ACBE3995-396C-42F4-9D1C-D27717837DF7}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{A3601DD2-3317-4998-ACB5-8F4F318D8F0D}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{616AFB29-8152-4D3B-A294-C5351E025D9E}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{9595E406-CA8F-43B2-B155-5012E54E796B}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{6BE2F447-E386-477C-B686-468215BF5EC3}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{FFB09037-2326-455F-A990-D13549DCC43F}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"TCP Query User{1630DBDC-93CD-4D89-9E42-361627FB8574}c:\\program files\\atari\\terminator 3 - war of the machines\\t3.exe"= UDP:c:\program files\atari\terminator 3 - war of the machines\t3.exe:T3
"UDP Query User{0936743D-5459-4679-9834-2B3F230DEA15}c:\\program files\\atari\\terminator 3 - war of the machines\\t3.exe"= TCP:c:\program files\atari\terminator 3 - war of the machines\t3.exe:T3
"TCP Query User{59165E2A-7B96-4737-B3F5-51373EF0D350}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{EEECA4B0-B953-4A86-AF4C-E83210209180}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"TCP Query User{AF0539C8-2125-45C4-905E-B575CA2570E6}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{F0613E8E-CA40-4BB7-AF46-D82EA842BA28}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{32F11776-77BB-4DD6-BEA5-8807E84E2D18}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{44DEFED5-8F64-42CF-B235-62C38F363408}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"{1DDC55FD-8B36-42A3-BC8C-75C1CCFD88C9}"= UDP:c:\users\Honza\Downloads\Call of Duty 4 Modern Warfare Full-Rip Skullptura\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E3BCD337-8447-41D4-B956-74C7BACA7BA8}"= TCP:c:\users\Honza\Downloads\Call of Duty 4 Modern Warfare Full-Rip Skullptura\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{FED0039C-F20A-475A-AB35-646362AF1E60}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C0999C68-2EB9-4BA3-9FA4-61A3E9A6CD45}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{377545D6-F5A8-491F-B3BD-131CA80262B5}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{9AD1E894-75CA-42E4-92EE-5E1A3289DB47}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D1883FDD-062D-4692-AD34-31B3AF0EE04C}"= UDP:c:\program files\Microsoft Games\Age of Empires III\Age3.exe:Age of Empires 3
"{9090F785-4A53-4DC8-AD9F-BEA24CE38E6D}"= TCP:c:\program files\Microsoft Games\Age of Empires III\Age3.exe:Age of Empires 3
"TCP Query User{F56BE120-F0D4-435B-AC91-107715C1C22C}c:\\users\\honza\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\users\honza\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{0E38C8D3-863A-4F41-82AC-33022F588BD3}c:\\users\\honza\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\users\honza\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{0E6F069C-D19A-416F-A7A4-59E7C7DCA000}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{998CA2FB-2F01-49DF-A152-4606201671A3}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{FFE07BF5-2D3F-4C08-BC6C-269D7DB96F59}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0FC028FA-D300-47EC-82F0-0AFCC1FFD64F}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{A4A282AB-6981-492E-9098-82A2B1256979}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= UDP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{B1F2DE2A-4149-4408-9EBA-C36682EABC2C}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= TCP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{E7D73146-BBD9-4825-BC5B-7A1477A1B879}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{DEA5E837-BA7A-42C5-B7F3-EE1A0438B34D}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{D51C53AB-BD22-47BE-BA77-A9C758B5FAA5}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F337FCDC-8C4D-480A-A6ED-6FFFAF01A773}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{7EA97927-70D2-4EF2-AA2D-EEB1AA06CE72}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{15337158-3694-4A17-BDAA-285D44C68435}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{BDB09036-0184-4550-8F5F-CDBF08EFF0EB}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{FBC741D7-0E68-4E1D-B779-8F83C46B887D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{ACBD3ADD-5F59-455A-BEC9-B8F695FA6CB3}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{62D02BA9-AA61-4E9A-9EDD-676D825C95D3}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{828027E1-C3CF-48BC-A4ED-52F2F7FD2FF7}c:\\users\\honza\\desktop\\counter\\hl2.exe"= UDP:c:\users\honza\desktop\counter\hl2.exe:hl2.exe
"UDP Query User{256A792B-0EB4-41CF-A640-627652ED0918}c:\\users\\honza\\desktop\\counter\\hl2.exe"= TCP:c:\users\honza\desktop\counter\hl2.exe:hl2.exe
"TCP Query User{5CE3B008-E583-4AB2-B57D-25465FC3233E}c:\\users\\honza\\desktop\\counter\\hl2.exe"= UDP:c:\users\honza\desktop\counter\hl2.exe:hl2.exe
"UDP Query User{F04BCF9A-F9D2-4608-8455-6CEBD5BCB856}c:\\users\\honza\\desktop\\counter\\hl2.exe"= TCP:c:\users\honza\desktop\counter\hl2.exe:hl2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3805438-b159-11dd-8359-001e68514e55}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2008-12-27 c:\windows\Tasks\User_Feed_Synchronization-{5F7FBC8E-F5D5-4CC2-B481-19C73B6AD42E}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 11:05]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 13:38:33
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\DPPWDFLT.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
c:\program files\Trust\Trust R-Series Mouse\KMCONFIG.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Trust\Trust R-Series Mouse\KMProcess.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Celkový čas: 2008-12-27 13:44:17 - počítač byl restartován [Honza]
ComboFix-quarantined-files.txt 2008-12-27 12:44:01

Před spuštěním: Volných bajtů: 92,255,428,608
Po spuštění: Volných bajtů: 91,408,277,504

320 --- E O F --- 2008-11-28 15:29:08

[Levlard]

Spusť Poznámkový blok přes Start - Programy - Příslušenství a zkopíruj do něj celý tento text:

Kód: Vybrat vše

for %%g in (
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\windows\system32\temp.000
) do (
attrib -r -s -h %%g
if not exist %%g echo Soubor %%g neexistuje.>>log.txt
if exist %%g (
del /a /f /q %%g
if exist %%g (
echo Soubor %%g nemohl být smazán.>>log.txt) else (
echo Soubor %%g byl úspěšně smazán.>>log.txt)))

dir /A /O:N /S "c:\users\Honza\{f97aed30-0c6f-48c7-9e8c-f8536e909da4}">>log.txt

echo.Windows Registry Editor Version 5.00>fix.reg
echo.>>fix.reg
echo.[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\PublicProfile]>>fix.reg
echo."EnableFirewall"=dword:00000001>>fix.reg
echo.[HKEY_LOCAL_MACHINE\software\microsoft\security center]>>fix.reg
echo."AntiVirusDisableNotify"=dword:00000000>>fix.reg
echo."UpdatesDisableNotify"=dword:00000000>>fix.reg
echo.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]>>fix.reg
echo."DisableMonitoring"=dword:00000000>>fix.reg
echo.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]>>fix.reg
echo."DisableMonitoring"=->>fix.reg
echo.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]>>fix.reg
echo."DisableMonitoring"=->>fix.reg
regedit.exe /s fix.reg
del /a /f /q fix.reg

notepad log.txt
del /a /f /q log.txt
del %0

Zvol možnost Uložit soubor jako, pojmenuj soubor fix.bat a zvol Uložit jako typ Všechny soubory. Ulož soubor na plochu a spusť ho.
Po chvíli se zobrazí informační zpráva - zkopíruj sem celý její obsah.

Přetrvávají problémy?

[Padera]

Vyčistil jsem PC aplikací SmitFraudFix od malwaru a vše už funguje jak má.

[Levlard]

Proč SmitFraudFix?

Pokud si neudělal, určitě aplikuj ten .bat soubor výše.

V ComboFixu byla objevena chyba -> jdi přes nabídku Start - Spustit a zadej: msconfig -> pokud ti pak systém nahlásí chybu při jeho spuštění, zadej znovu tentokrát: cmd a do nově otevřeného příkazového řádku zkopíruj příkaz: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE" /ve /t REG_SZ /d "%systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE" /f a potvrď.

Jdi přes Start - Spustit a do volného řádku zkopíruj tento příkaz a potvrď: ComboFix /u - tohle odinstaluje ComboFix.
Aplikuj program T-Cleaner - vymaže pozůstatky po tom SmitFraudFixu - http://sweb.cz/Marinus/T-Cleaner.exe
Pokud už tedy nepozoruješ problémy, bude to vše, případně pouvažuj nad firewallem od specializované společnosti.

[Padera]

Vše jsem udělal a všechno funguje. Díky za pomoc.

[rasto1]

ja mam rovnaky problem, nejde mi windowsupdate ani avg.com nic. mam cistu instalaciu na notbuku z origo cd toshiba (je tam image), windowupdate sa rozbehol presne 1x a potom nic. spybot nenasiel nic. uz som notebuk preinstaloval s tym orig. cd aspon 10x ale toto sa mi stalo prvykrat. proste nejde windowsupdate ani avg web. poradte co s tym.

[Levlard]

Abychom mohli potvrdit nebo vyvrátit zavirování počítače, vlož sem pro začátek log z nějakého diagnostického programu (ideálně ComboFixu): viewtopic.php?p=4526610#p4526610

[matkal]

Ahoj, mám problém s otevřením všech webů známých antivirů, se zastavenými aktualizacemi Win XP, s nemožností instalovat antivir, pomůžete prosím?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:11, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MatKal\Local Settings\Data aplikací\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe
C:\Program Files\QiP Infium\infium.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Ovi Files\Ovi Files_agent.exe
C:\Documents and Settings\MatKal\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\MatKal\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe
C:\Documents and Settings\MatKal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MatKal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MatKal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MatKal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\MatKal\Dokumenty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.10:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Documents and Settings\MatKal\Local Settings\Data aplikací\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QiP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Ovi Files Connector.lnk = C:\Program Files\Ovi Files\Ovi Files_agent.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přizpůsobit Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Uložit formuláře - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://share.ovi.com/tools/uploader/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4633691890
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wxvault.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: wlcrdplauncher - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12103 bytes

[Levlard]

matkal: Proveď sken s ComboFixem a vlož sem jeho log -> návod na jeho použití je zde: viewtopic.php?p=4526610#p4526610

[prasklosklo_gogolak]

Zravim..Mam stejny problem,jako predchozi kolegove..nemuzu se dostat na stranky microsoft.com, AVG atd. Prosim o radu. Prikladam log.txt z ComboBoxu. Diky moc za radu.


ComboFix 10-08-23.02 - pp01 24.08.2010 11:29:30.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.758.301 [GMT 2:00]
Spuštěný z: d:\pp01\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-24 do 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 09:09 . 2010-08-24 09:09 390144 ----a-w- c:\windows\system32\CF28981.exe
2010-08-24 09:08 . 2010-08-24 09:27 -------- d-----w- c:\program files\Malware Scan
2010-08-24 09:07 . 2010-08-24 09:07 22536 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-24 09:07 . 2010-08-24 09:07 -------- d-----w- c:\program files\Prevx
2010-08-24 08:53 . 2010-08-24 08:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-24 07:37 . 2010-08-24 09:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-19 10:36 . 2010-07-07 05:55 545 ----a-w- c:\windows\UC.PIF
2010-08-19 10:36 . 2010-07-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-08-19 10:36 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-08-19 10:36 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-08-19 10:36 . 2010-07-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-08-19 10:36 . 2010-07-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-08-19 10:36 . 2010-07-07 05:55 545 ----a-w- c:\windows\ARJ.PIF
2010-07-28 09:24 . 2010-07-28 09:24 -------- d-----w- c:\windows\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 08:50 . 2008-08-06 10:05 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-24 07:55 . 2009-01-06 08:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-19 09:12 . 2007-02-06 08:04 -------- d-----w- c:\program files\Java
2010-07-28 09:32 . 2009-03-29 18:44 -------- d-----w- c:\program files\HP
2010-07-21 12:36 . 2007-02-06 08:03 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 11:01 . 2009-03-29 18:41 127803 -c--a-w- c:\windows\hpoins11.dat
2010-07-08 07:27 . 2004-08-18 12:00 78056 ----a-w- c:\windows\system32\perfc005.dat
2010-07-08 07:27 . 2004-08-18 12:00 411260 ----a-w- c:\windows\system32\perfh005.dat
2010-07-08 07:07 . 2006-11-07 20:26 -------- d-----w- c:\program files\Microsoft Works
2009-03-21 14:09 . 2004-08-18 12:00 168371 --sha-r- c:\windows\system32\wxmgyyr.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-08 286720]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-08 40960]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 243248]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-08 286720]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"="rmdir" [X]
"supportdir"="rmdir" [X]

c:\documents and settings\lg02\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Device Detector 2.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2008-5-18 81920]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-7 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\dcg\\public\\SW\\tiskarna\\SETUP.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5582:TCP"= 5582:TCP:ahcpajbv

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [24.8.2010 11:07 22536]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [7.11.2006 21:59 16384]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [24.8.2010 11:07 4150840]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [7.11.2006 21:51 13840]
S2 cwvjgh;Windows Installer;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 14:00 14336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.5.2010 13:00 135664]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [10.11.2006 21:58 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [10.11.2006 21:58 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [10.11.2006 21:58 65152]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CSISCANNER
*NewlyCreated* - PXSCAN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cwvjgh
.
Obsah adresáře 'Naplánované úlohy'

2009-04-01 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-06-29 00:38]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 11:00]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 11:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/advanced_search?hl=cs
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: bmnet.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 11:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cwvjgh]
"ServiceDll"="c:\windows\system32\wxmgyyr.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-24 11:35:18
ComboFix-quarantined-files.txt 2010-08-24 09:35
ComboFix2.txt 2010-08-24 09:21

Před spuštěním: 4 638 068 736
Po spuštění: 4 629 123 072

- - End Of File - - 4AA368ACDD028B55A0FE0FEAD2FE15AB

[Levlard]

Vir tam je, sundáme ho ...

Spusť Poznámkový blok přes Start - Programy - Příslušenství a zkopíruj do něj celý tento text:

Kód: Vybrat vše

Driver::
cwvjgh

Collect::
c:\windows\system32\wxmgyyr.dll

Folder::
c:\program files\Malware Scan

NetSvc::
cwvjgh

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"=-
"supportdir"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"5582:TCP"=-

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ Všechny soubory. Ulož soubor vedle ComboFixu.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.

Automaticky se spustí ComboFix, vlož sem log, který vyběhne v závěru čistícího procesu.