win32 malware gen virus/červ

[borjir]

Zdravim mohl by mi nekdo poradit co s timto virem? Po kazdem spusteni windows a pak behem prace mi avast zahlasi tento vir vzdy je to nejake cislo napr 128991.exe apod. v system32. Po odstraneni nebo presunuti do truhly se vzdy zmeni cislo a vir se znova objevi. Projel jsem to uz vsim co jsem na netu nasel, ale zadny program stim nic nedokazal a davat preinstalovavat windows se mi nechce a sam si netroufám. Poradite mi prosim nekdo? pro dukaz prikladam printscreen avast Díky Jirka

[JaRon]

ahoj
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[borjir]

Tady to je:

2010-01-11 14:21 . 2010-01-11 14:21 -------- d-----w- c:\program files\TGTSoft
2010-01-11 08:01 . 2010-01-11 08:01 -------- d-----w- c:\program files\FileSubmit
2010-01-11 08:01 . 2010-01-11 08:01 -------- d-----w- c:\windows\Icons

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 10:48 . 2001-10-25 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2009-12-23 10:48 . 2001-10-25 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2009-12-21 20:46 . 2009-04-19 19:06 -------- d-----w- c:\program files\Google
2009-12-17 10:32 . 2009-12-17 10:30 -------- d-----w- c:\program files\Common Files\eSellerate
2009-12-17 10:32 . 2009-12-17 10:18 -------- d-----w- c:\program files\Western Digital
2009-12-09 18:48 . 2009-07-12 16:35 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-09 18:48 . 2009-07-12 16:35 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-09 18:43 . 2009-02-18 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 17:03 . 2009-12-09 17:03 -------- d-----w- c:\program files\CCleaner
2009-12-08 20:43 . 2009-12-09 12:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-08 20:36 . 2009-12-08 20:36 -------- d-----w- c:\program files\Lavasoft
2009-12-08 17:37 . 2009-12-08 17:37 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-12-08 17:37 . 2009-12-08 17:37 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-12-08 16:42 . 2009-11-29 09:31 -------- d-----w- c:\program files\VITSOFT
2009-12-08 16:20 . 2009-07-12 16:35 -------- d-----w- c:\program files\OpenAL
2009-11-28 17:16 . 2009-11-28 15:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-24 23:54 . 2009-02-18 13:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-02-18 13:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-02-18 13:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-02-19 19:09 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-02-19 19:09 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-02-18 13:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-02-18 13:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-02-18 13:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-02-18 13:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"exduh"="c:\windows\system32\exduh.exe \u" [X]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-11-10 1725440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 148888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Games\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\User\\exavo.exe"=
"c:\\WINDOWS\\system32\\exduh.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8.12.2009 21:43 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.2.2009 20:09 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.2.2009 20:09 20560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 1044808]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [24.7.2008 15:22 102400]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [18.2.2009 14:22 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [18.2.2009 14:22 7808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.2.2009 20:42 717296]
S2 gupdate1c9c1221c2fe98;Google Update Service (gupdate1c9c1221c2fe98);c:\program files\Google\Update\GoogleUpdate.exe [19.4.2009 20:06 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 19:06]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\eqi7lafj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 13:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(292)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-18 13:04:04
ComboFix-quarantined-files.txt 2010-01-18 12:04
ComboFix2.txt 2010-01-18 10:15
ComboFix3.txt 2010-01-18 09:48
ComboFix4.txt 2010-01-18 09:08

Před spuštěním: Volných bajtů: 40 132 669 440
Po spuštění: Volných bajtů: 40 086 011 904

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 48D44FF549AC4020DE29BFA4163AA518
2010-01-11 14:21 . 2010-01-11 14:21 -------- d-----w- c:\program files\TGTSoft
2010-01-11 08:01 . 2010-01-11 08:01 -------- d-----w- c:\program files\FileSubmit
2010-01-11 08:01 . 2010-01-11 08:01 -------- d-----w- c:\windows\Icons

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 10:48 . 2001-10-25 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2009-12-23 10:48 . 2001-10-25 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2009-12-21 20:46 . 2009-04-19 19:06 -------- d-----w- c:\program files\Google
2009-12-17 10:32 . 2009-12-17 10:30 -------- d-----w- c:\program files\Common Files\eSellerate
2009-12-17 10:32 . 2009-12-17 10:18 -------- d-----w- c:\program files\Western Digital
2009-12-09 18:48 . 2009-07-12 16:35 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-09 18:48 . 2009-07-12 16:35 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-09 18:43 . 2009-02-18 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 17:03 . 2009-12-09 17:03 -------- d-----w- c:\program files\CCleaner
2009-12-08 20:43 . 2009-12-09 12:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-08 20:36 . 2009-12-08 20:36 -------- d-----w- c:\program files\Lavasoft
2009-12-08 17:37 . 2009-12-08 17:37 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-12-08 17:37 . 2009-12-08 17:37 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-12-08 16:42 . 2009-11-29 09:31 -------- d-----w- c:\program files\VITSOFT
2009-12-08 16:20 . 2009-07-12 16:35 -------- d-----w- c:\program files\OpenAL
2009-11-28 17:16 . 2009-11-28 15:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-24 23:54 . 2009-02-18 13:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-02-18 13:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-02-18 13:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-02-19 19:09 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-02-19 19:09 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-02-18 13:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-02-18 13:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-02-18 13:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-02-18 13:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"exduh"="c:\windows\system32\exduh.exe \u" [X]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-11-10 1725440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 148888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Games\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\User\\exavo.exe"=
"c:\\WINDOWS\\system32\\exduh.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8.12.2009 21:43 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.2.2009 20:09 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.2.2009 20:09 20560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 1044808]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [24.7.2008 15:22 102400]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [18.2.2009 14:22 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [18.2.2009 14:22 7808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.2.2009 20:42 717296]
S2 gupdate1c9c1221c2fe98;Google Update Service (gupdate1c9c1221c2fe98);c:\program files\Google\Update\GoogleUpdate.exe [19.4.2009 20:06 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 19:06]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\eqi7lafj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 13:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(292)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-18 13:04:04
ComboFix-quarantined-files.txt 2010-01-18 12:04
ComboFix2.txt 2010-01-18 10:15
ComboFix3.txt 2010-01-18 09:48
ComboFix4.txt 2010-01-18 09:08

Před spuštěním: Volných bajtů: 40 132 669 440
Po spuštění: Volných bajtů: 40 086 011 904

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 48D44FF549AC4020DE29BFA4163AA518

[JaRon]

tak teda pokracujeme
Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"exduh"=-

File::
c:\windows\system32\exduh.exe 
c:\\Documents and Settings\User\exavo.exe

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[borjir]

Tak je to tu:


ComboFix 10-01-17.02 - User 18.01.2010 13:32:10.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.513 [GMT 1:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\\Documents and Settings\User\exavo.exe"
"c:\windows\system32\exduh.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\Documents and Settings\User\exavo.exe
c:\windows\system32\exduh.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-18 do 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-18 11:03 . 2002-01-05 10:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-18 11:03 . 2002-01-05 04:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-18 11:03 . 2002-01-05 05:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-18 11:03 . 2010-01-18 11:03 -------- d-----w- c:\program files\AML Products
2010-01-18 07:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-18 07:17 . 2010-01-18 07:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 07:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 09:44 . 2009-12-17 23:08 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-17 09:38 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-17 09:37 . 2010-01-17 09:44 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-16 10:39 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 11:00 . 2010-01-12 11:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-11 15:30 . 2010-01-12 16:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-11 14:21 . 2010-01-11 14:21 -------- d-----w- c:\program files\TGTSoft
2010-01-11 08:01 . 2010-01-11 08:01 -------- d-----w- c:\program files\FileSubmit
2010-01-11 08:01 . 2010-01-11 08:01 -------- d-----w- c:\windows\Icons

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 10:48 . 2001-10-25 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2009-12-23 10:48 . 2001-10-25 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2009-12-21 20:46 . 2009-04-19 19:06 -------- d-----w- c:\program files\Google
2009-12-17 10:32 . 2009-12-17 10:30 -------- d-----w- c:\program files\Common Files\eSellerate
2009-12-17 10:32 . 2009-12-17 10:18 -------- d-----w- c:\program files\Western Digital
2009-12-09 18:48 . 2009-07-12 16:35 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-09 18:48 . 2009-07-12 16:35 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-09 18:43 . 2009-02-18 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 17:03 . 2009-12-09 17:03 -------- d-----w- c:\program files\CCleaner
2009-12-08 20:43 . 2009-12-09 12:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-08 20:36 . 2009-12-08 20:36 -------- d-----w- c:\program files\Lavasoft
2009-12-08 17:37 . 2009-12-08 17:37 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-12-08 17:37 . 2009-12-08 17:37 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-12-08 16:42 . 2009-11-29 09:31 -------- d-----w- c:\program files\VITSOFT
2009-12-08 16:20 . 2009-07-12 16:35 -------- d-----w- c:\program files\OpenAL
2009-11-28 17:16 . 2009-11-28 15:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-24 23:54 . 2009-02-18 13:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-02-18 13:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-02-18 13:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-02-19 19:09 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-02-19 19:09 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-02-18 13:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-02-18 13:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-02-18 13:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-02-18 13:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-11-10 1725440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 148888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Games\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8.12.2009 21:43 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.2.2009 20:09 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.2.2009 20:09 20560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 1044808]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [24.7.2008 15:22 102400]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [18.2.2009 14:22 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [18.2.2009 14:22 7808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.2.2009 20:42 717296]
S2 gupdate1c9c1221c2fe98;Google Update Service (gupdate1c9c1221c2fe98);c:\program files\Google\Update\GoogleUpdate.exe [19.4.2009 20:06 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 10:31]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 19:06]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\eqi7lafj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 13:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(292)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-18 13:39:27
ComboFix-quarantined-files.txt 2010-01-18 12:39
ComboFix2.txt 2010-01-18 12:04
ComboFix3.txt 2010-01-18 10:15
ComboFix4.txt 2010-01-18 09:48
ComboFix5.txt 2010-01-18 12:28

Před spuštěním: Volných bajtů: 40 100 581 376
Po spuštění: Volných bajtů: 40 077 574 144

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3FF1BAD74FD74C75116796A7D4636FB1

[JaRon]

myslim, ze moze byt
nechaj este prescanovat s AVAST-om a hotovo

[borjir]

Jooo super uz mi to bezi hodku a nic avast jeste neco smazl tak uvidme, ale zatim neni problem tak dekuji moc za pomoc super ze existuji tyto stranky jeste jednou DEKUJI !!!!!

[JaRon]

rado sa stalo

[vitadob]

Mám stejný problém, také Avast, stejná hláška a přikládám log , prosím o pomoc


Logfile of random's system information tool 1.06 (written by random/random)
Run by Dobíci at 2010-01-23 15:03:42
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 31 GB (44%) free of 71 GB
Total RAM: 2046 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:05, on 23.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Users\Dobíci\caspk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
C:\Users\DOBCI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iTV\iTV.exe
C:\Users\Dobíci\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dobíci\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dobíci\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dobíci\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Dobíci.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\Dobíci\caspk.exe \s
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fnvma] C:\Windows\system32\fnvma.exe \u
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [iTV] C:\Program Files\iTV\iTV.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10419 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759686051-2656836165-4264736882-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759686051-2656836165-4264736882-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-18 4468736]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-06-11 1286144]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"Acer Tour"= []
"PLFSet"=C:\Windows\PLFSet.dll [2007-04-24 45056]
"SetPanel"=C:\Acer\APanel\APanel.cmd []
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-06-27 752136]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-04-05 270336]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-06 8433664]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-06 81920]
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-12-08 258134]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-11 149280]
"fnvma"=C:\Windows\system32\fnvma.exe [2010-01-17 58368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"iTV"=C:\Program Files\iTV\iTV.exe [2010-01-23 573952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Dobíci\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-19 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-05-24 206952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
TMMonitor.lnk - C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe

C:\Users\Dobíci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
YoWindow.lnk - C:\Program Files\YoWindow\yowindow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c87439-d788-11de-893b-001b384d4f98}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb94a44d-da05-11de-8734-001b384d4f98}]
shell\AutoRun\command - F:\setup-karkulka.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-23 15:03:42 ----D---- C:\rsit
2010-01-23 15:03:42 ----D---- C:\Program Files\trend micro
2010-01-22 15:34:31 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 15:34:30 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 15:34:28 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 15:34:28 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 15:34:27 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 15:34:27 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 15:34:26 ----A---- C:\Windows\system32\occache.dll
2010-01-22 15:34:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 15:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 15:34:26 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 15:34:26 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 15:34:26 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 15:34:26 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 15:34:25 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 15:34:25 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 15:34:25 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 15:34:25 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 15:34:25 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-20 20:04:33 ----A---- C:\ComboFix.txt
2010-01-20 19:46:53 ----D---- C:\ComboFix
2010-01-20 18:55:21 ----D---- C:\Qoobox
2010-01-18 16:28:36 ----D---- C:\Program Files\Common Files\SWF Studio
2010-01-18 16:27:23 ----D---- C:\Users\Dobíci\AppData\Roaming\Disney Interactive
2010-01-18 15:49:45 ----A---- C:\Windows\Disney.ini
2010-01-18 15:48:51 ----R---- C:\Windows\system32\Winstr.dll
2010-01-18 15:48:51 ----R---- C:\Windows\system32\Winsdec.dll
2010-01-18 15:48:51 ----R---- C:\Windows\system32\Winplay.dll
2010-01-18 15:48:51 ----R---- C:\Windows\system32\EDEC.DLL
2010-01-18 15:48:51 ----R---- C:\Windows\system32\DEC130.DLL
2010-01-18 15:47:53 ----D---- C:\Program Files\Disney Interactive
2010-01-17 18:12:33 ----A---- C:\Windows\system32\fnvma.exe
2010-01-16 19:35:14 ----D---- C:\Users\Dobíci\AppData\Roaming\YoWindow
2010-01-16 19:32:13 ----D---- C:\Program Files\YoWindow
2010-01-14 20:04:30 ----A---- C:\Windows\pdf2word.INI
2010-01-14 20:03:47 ----D---- C:\Program Files\VeryPDF PDF2Word v3.0
2010-01-13 18:09:16 ----D---- C:\Program Files\Windows Live Safety Center
2010-01-13 09:34:31 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 09:34:31 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 17:09:49 ----D---- C:\Program Files\Cool2000
2010-01-09 17:47:55 ----A---- C:\Windows\cool.ini
2010-01-08 14:38:57 ----A---- C:\Windows\wordpad.ini
2010-01-08 14:38:18 ----D---- C:\Temp
2010-01-07 18:31:25 ----A---- C:\Windows\TALKTOME.INI
2010-01-07 18:31:03 ----D---- C:\TALKTOME
2010-01-05 21:37:52 ----D---- C:\AdmWin
2010-01-05 16:30:22 ----D---- C:\Program Files\Motherboard Monitor 5
2010-01-04 15:21:29 ----D---- C:\Program Files\SpeedFan
2010-01-04 10:42:36 ----D---- C:\Windows\Sun
2010-01-03 22:08:08 ----D---- C:\Program Files\iWEB Studio
2010-01-03 22:07:59 ----A---- C:\Windows\GPInstall.exe
2010-01-03 17:48:14 ----A---- C:\Windows\NeroDigital.ini
2009-12-30 22:11:47 ----D---- C:\Program Files\Combined Community Codec Pack
2009-12-26 20:13:28 ----D---- C:\Program Files\FormatFactory
2009-12-26 17:48:32 ----A---- C:\Windows\system32\nvconrm.dll

======List of files/folders modified in the last 1 months======

2010-01-23 15:03:54 ----D---- C:\Windows\Prefetch
2010-01-23 15:03:46 ----D---- C:\Windows\Temp
2010-01-23 15:03:42 ----RD---- C:\Program Files
2010-01-23 15:02:37 ----D---- C:\Windows\System32
2010-01-23 14:59:15 ----D---- C:\Program Files\Mozilla Firefox
2010-01-23 14:59:05 ----A---- C:\Windows\system32\REMOTEDEVICE.INI
2010-01-23 14:40:51 ----D---- C:\Program Files\iTV
2010-01-23 14:40:46 ----D---- C:\Windows\inf
2010-01-23 14:40:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-23 14:37:32 ----D---- C:\Windows
2010-01-23 14:37:12 ----D---- C:\Users\Dobíci\AppData\Roaming\skypePM
2010-01-23 14:37:10 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2010-01-23 14:37:10 ----A---- C:\Windows\system32\LOCALDEVICE.INI
2010-01-23 14:37:10 ----A---- C:\Windows\system32\bscs.ini
2010-01-23 14:37:06 ----D---- C:\Users\Dobíci\AppData\Roaming\Skype
2010-01-23 14:32:59 ----D---- C:\Windows\system32\migration
2010-01-23 14:32:59 ----D---- C:\Program Files\Internet Explorer
2010-01-23 14:27:31 ----D---- C:\Windows\winsxs
2010-01-23 14:25:44 ----SHD---- C:\System Volume Information
2010-01-22 15:32:52 ----D---- C:\Windows\system32\catroot
2010-01-22 15:32:47 ----D---- C:\Windows\system32\catroot2
2010-01-21 21:40:46 ----D---- C:\Users\Dobíci\AppData\Roaming\Hamachi
2010-01-20 20:39:12 ----D---- C:\Windows\Tasks
2010-01-20 20:39:12 ----D---- C:\Windows\system32\Msdtc
2010-01-20 20:39:09 ----D---- C:\Windows\system32\wbem
2010-01-20 20:38:12 ----D---- C:\Windows\system32\config
2010-01-20 20:37:56 ----SHD---- C:\Windows\Installer
2010-01-20 20:37:56 ----D---- C:\Windows\system32\Tasks
2010-01-20 20:37:56 ----D---- C:\Windows\system32\spool
2010-01-20 20:37:56 ----D---- C:\Windows\system32\drivers
2010-01-20 20:37:56 ----D---- C:\Windows\system32\cs-CZ
2010-01-20 20:37:56 ----D---- C:\Windows\system32\CodeIntegrity
2010-01-20 20:37:54 ----SHD---- C:\$RECYCLE.BIN
2010-01-20 19:57:47 ----D---- C:\Windows\AppPatch
2010-01-20 19:57:46 ----D---- C:\Program Files\Common Files
2010-01-20 19:12:28 ----D---- C:\Boot
2010-01-18 16:28:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-16 15:52:24 ----A---- C:\Windows\win.ini
2010-01-16 15:52:24 ----A---- C:\Windows\system.ini
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 22:18:03 ----D---- C:\ProgramData\Microsoft Help
2010-01-13 22:17:03 ----D---- C:\Program Files\Windows Mail
2010-01-13 18:09:16 ----SD---- C:\Windows\Downloaded Program Files
2010-01-09 13:36:02 ----A---- C:\Windows\system32\SHORTCUT.INI
2010-01-07 18:31:25 ----D---- C:\Windows\system
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-04 16:55:04 ----SD---- C:\ProgramData\Microsoft
2010-01-03 19:18:10 ----D---- C:\Users\Dobíci\AppData\Roaming\Vso
2010-01-02 12:36:00 ----HD---- C:\ProgramData
2009-12-31 11:51:51 ----D---- C:\Windows\system32\WDI
2009-12-29 16:58:07 ----D---- C:\Users\Dobíci\AppData\Roaming\FileZilla
2009-12-27 21:17:41 ----D---- C:\Program Files\Google
2009-12-26 11:40:00 ----D---- C:\Users\Dobíci\AppData\Roaming\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-01-24 8704]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-05-17 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 8192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\Windows\system32\DRIVERS\Amps2prt.sys [2007-03-06 14336]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-05-17 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-05-17 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-18 1775712]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-07-27 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-07-16 1062304]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-06 7120768]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 12032]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-11-29 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-07 1729152]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VHidMinidrv;Bluetooth HID Device Service; C:\Windows\system32\drivers\VHIDMini.sys [2007-03-05 19472]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-05-17 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
S3 AF15BDA;AF9015 BDA Filter; C:\Windows\system32\DRIVERS\AF15BDA.sys [2009-11-19 306816]
S3 ALSysIO;ALSysIO; \??\C:\Users\DOBCI~1\AppData\Local\Temp\ALSysIO.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-04-05 14336]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-14 154624]
S3 awlxemxs;awlxemxs; C:\Windows\system32\drivers\awlxemxs.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-12-04 15440]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-12-08 1155180]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-23 266343]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-05-17 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-27 135664]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []

-----------------EOF-----------------

[motji]

Dobrý večer
prosím příště si založte vlastní topic

Co máte jednotku F?
Poprosím o tento log C:\ComboFix.txt

[oldaka]

Mam stejny problem, prosim o pomoc. tady je log:


ComboFix 11-09-21.04 - Vojtěch 22.09.2011 12:45:39.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1033.18.2029.992 [GMT 2:00]
Spuštěný z: c:\users\Vojtých\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vojtěch\AppData\Roaming\5BE8.tmp
c:\users\Vojtěch\AppData\Roaming\winup.exe
c:\users\Vojtěch\AppData\Roaming\Zlaaaz.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-22 do 2011-09-22 )))))))))))))))))))))))))))))))
.
.
2011-09-22 10:59 . 2011-09-22 10:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-21 16:04 . 2011-09-21 16:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 18:38 . 2011-03-27 18:38 882696 ----a-w- c:\program files\MediaPluginSetup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programy\Spybot\TeaTimer.exe" [2009-03-05 2260480]
"RocketDock"="c:\programy\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMail"="c:\programy\Postak\Postak.exe" [2006-05-18 450560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-14 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-08 685816]
R2 SBSDWSCService;SBSD Security Center Service;c:\programy\Spybot\SDWinSec.exe [2009-01-26 1153368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-01 81920]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-09-06 45648]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA.sys [2008-11-06 530560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-04-28 322848]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mojebanka.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy\ICQ7.5\ICQ.exe
Trusted Zone: line6.net
TCP: DhcpNameServer = 83.240.0.214 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Zlaaaz - c:\users\Vojtěch\AppData\Roaming\Zlaaaz.exe
HKLM-Run-WindowsServices - c:\users\Vojtěch\AppData\Roaming\winup.exe
HKLM-RunOnce-WindowsServices - c:\users\Vojtěch\AppData\Roaming\winup.exe
SSODL-WindowsServices-c:\users\Vojtěch\AppData\Roaming\winup.exe - (no file)
AddRemove-GamePlayLabs Plugin - c:\users\Vojtěch\AppData\Local\GamePlayLabs Plugin\Uninstall.exe
AddRemove-Heroes of Might and Magic® III - c:\hry\HOMAM3\Heroes of Might and Magic® III.isu
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-09-22 13:05:54
ComboFix-quarantined-files.txt 2011-09-22 11:05
.
Před spuštěním: 294 056 779 776 bytes free
Po spuštění: 293 824 274 432 bytes free
.
- - End Of File - - 2CAEC5B436E8E6C517D9531A305C5E9A

[motji]

Dobrý den,
prosím založte si vlastní topic, takto by to bylo nepřehledné. Děkuji za pochopení