ComboFix 14-04-29.01 - Honza 29.04.2014  15:30:57.3.1 - x86
Systm Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.2047.1626 [GMT 2:00]
Sputn z: c:\documents and settings\Honza\Plocha\ComboFix.exe
Pouit ovldac pepnae :: c:\documents and settings\Honza\Plocha\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
VAROVN - NA TOMTO POTAI NEN NAINSTALOVNA KONZOLA PRO ZOTAVEN !!
.
FILE ::
"c:\windows\system32\roboot.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Ovladae/Sluby   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PARDRV
-------\Service_pardrv
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2014-03-28 do 2014-04-29  )))))))))))))))))))))))))))))))
.
.
2014-10-03 13:51 . 2014-10-03 13:51	--------	d-sh--w-	c:\documents and settings\Honza\PrivacIE
2014-10-03 13:49 . 2014-10-03 13:49	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2014-10-03 13:46 . 2012-11-06 02:00	1371648	-c----w-	c:\windows\system32\dllcache\msxml6.dll
2014-10-03 13:46 . 2012-11-06 02:00	1371648	------w-	c:\windows\system32\msxml6.dll
2014-10-03 13:46 . 2008-04-14 06:00	80896	-c----w-	c:\windows\system32\dllcache\msxml6r.dll
2014-10-03 13:46 . 2008-04-14 06:00	80896	------w-	c:\windows\system32\msxml6r.dll
2014-10-03 13:44 . 2014-10-03 13:44	--------	d-----w-	c:\windows\ServicePackFiles
2014-10-03 13:44 . 2008-04-14 06:52	294912	------w-	c:\program files\Windows Media Player\dlimport.exe
2014-10-03 13:44 . 2008-04-14 06:52	294912	-c----w-	c:\windows\system32\dllcache\dlimport.exe
2014-10-03 12:49 . 2014-10-03 12:49	--------	d-----w-	C:\4f81d5a010bae36af628e4ed5dbb268c
2014-10-03 12:32 . 2014-10-03 12:32	--------	d-sh--w-	c:\documents and settings\Honza\IETldCache
2014-10-03 01:07 . 2009-01-07 16:20	26144	----a-w-	c:\windows\system32\spupdsvc.exe
2014-10-03 01:07 . 2014-10-03 01:07	--------	dc-h--w-	c:\windows\ie8
2014-10-03 01:07 . 2014-03-16 12:55	--------	d-----w-	c:\windows\system32\cs-CZ
2014-10-02 23:33 . 2014-03-18 07:36	--------	d-----w-	c:\program files\AIDA32 - Enterprise System Information
2014-04-28 17:57 . 2014-04-28 17:57	--------	d-----w-	c:\documents and settings\Administrator
2014-04-28 13:56 . 2014-04-28 13:56	--------	d-----w-	C:\rsit
2014-04-28 13:56 . 2014-04-28 13:56	--------	d-----w-	c:\program files\trend micro
2014-04-28 06:26 . 2014-04-28 06:26	--------	d-----w-	c:\documents and settings\Honza\Data aplikac\AVG2012
2014-04-28 06:26 . 2014-04-28 06:26	--------	d-----w-	c:\documents and settings\Honza\Data aplikac\TuneUp Software
2014-04-28 06:26 . 2014-04-28 06:26	--------	d-----w-	c:\program files\Dropbox
2014-04-27 06:19 . 2014-04-28 06:26	--------	d-----w-	C:\$AVG
2014-04-27 06:16 . 2014-04-28 17:53	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\MFAData
2014-04-26 17:44 . 2014-04-26 17:46	--------	d-----w-	c:\documents and settings\Honza\Data aplikac\Dropbox
2014-04-25 16:00 . 2014-04-28 06:26	--------	d-----w-	c:\documents and settings\Honza\Data aplikac\Systweak
2014-04-25 16:00 . 2013-02-28 14:27	18776	----a-w-	c:\windows\system32\roboot.exe
2014-04-25 08:04 . 2014-04-24 10:31	55232	----a-w-	c:\windows\system32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gt.sys
2014-04-19 09:51 . 2014-04-14 17:47	145408	----a-w-	c:\windows\system32\javacpl.cpl
2014-04-19 09:51 . 2014-04-14 18:13	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-04-14 21:30 . 2014-04-25 07:37	--------	d-----w-	c:\documents and settings\Honza\Data aplikac\vlc
2014-04-14 21:29 . 2014-04-14 21:29	--------	d-----w-	c:\program files\VideoLAN
2014-04-14 11:45 . 2014-04-14 11:45	287	----a-w-	C:\cleaner.bat
2014-04-14 09:34 . 2013-02-18 16:46	4216840	----a-w-	c:\program files\Common Files\vcredist_2008_sp1_x86.exe
2014-04-13 11:27 . 2014-04-13 11:27	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\McAfee
2014-04-12 20:42 . 2014-04-12 20:42	--------	d-----w-	c:\documents and settings\Honza\Local Settings\Data aplikac\Mozilla
2014-04-12 20:42 . 2014-04-12 20:42	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2014-04-09 10:03 . 2014-04-09 10:03	--------	d-----w-	c:\program files\CCleaner
2014-04-05 18:30 . 2014-04-05 18:30	--------	d-----w-	c:\documents and settings\Honza\Data aplikac\ElevatedDiagnostics
2014-04-05 15:06 . 2014-04-05 15:06	--------	d-----w-	c:\documents and settings\Honza\AppData
2014-04-05 15:06 . 2014-04-05 15:06	--------	d-----w-	c:\documents and settings\Honza\Data aplikac\searchresultstb
2014-04-05 15:03 . 2014-04-05 18:52	--------	d-----w-	c:\documents and settings\Honza\Local Settings\Data aplikac\Torch
2014-04-05 15:01 . 2014-04-28 06:24	--------	d-----w-	c:\documents and settings\Honza\Local Settings\Data aplikac\iLivid
2014-04-04 18:51 . 2014-04-06 18:34	--------	d-----w-	c:\program files\HD Tune
2014-04-04 10:23 . 2008-04-14 06:52	26624	----a-w-	c:\documents and settings\LocalService\Data aplikac\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2014-04-04 10:09 . 2014-04-04 10:09	--------	d-----w-	c:\program files\Windows Media Connect 2
2014-04-04 10:07 . 2014-04-28 21:04	--------	d-----w-	c:\windows\system32\drivers\UMDF
2014-04-04 10:07 . 2014-04-04 10:07	--------	d-----w-	c:\windows\system32\LogFiles
2014-04-04 09:57 . 2014-04-04 09:57	--------	d-----w-	c:\documents and settings\Honza\Local Settings\Data aplikac\Temp
2014-04-04 09:43 . 2014-04-28 06:26	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\AVAST Software
2014-04-01 09:31 . 2014-04-01 09:31	--------	d-----w-	c:\program files\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 09:21 . 2014-03-15 18:31	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-04-15 09:21 . 2014-03-15 18:31	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:58 . 2004-08-18 12:00	920064	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2004-08-18 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2004-08-18 12:00	18944	----a-w-	c:\windows\system32\corpol.dll
2014-03-06 17:58 . 2004-08-18 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2004-08-18 12:00	385024	----a-w-	c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-18 07:07	13312	------w-	c:\windows\system32\xp_eos.exe
2001-05-24 02:00 . 2014-03-18 10:18	397312	----a-w-	c:\program files\USS650F.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Chyba ifrovac sluby !!
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\documents and settings\Honza\Data aplikac\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\documents and settings\Honza\Data aplikac\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\documents and settings\Honza\Data aplikac\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\documents and settings\Honza\Data aplikac\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"iLivid"="c:\documents and settings\Honza\Local Settings\Data aplikac\iLivid\iLivid.exe" [2014-02-11 7307776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-01-05 61440]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
PUSH650C.lnk - c:\windows\twain_32\PUSH650C.exe [2014-3-18 36864]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Honza\\Local Settings\\Data aplikac\\iLivid\\iLivid.exe"=
"c:\\Documents and Settings\\Honza\\Data aplikac\\Dropbox\\bin\\Dropbox.exe"=
.
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
S1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gt;{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gt;c:\windows\system32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gt.sys [2014-04-24 55232]
S3 VM650FVM11;UMAX AstraSlim Scanner ProdID x0104;c:\windows\system32\Drivers\USB650C.sys [2001-05-24 10830]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [2007-02-02 474368]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys [2007-03-08 1466624]
.
.
Obsah adrese 'Naplnovan lohy'
.
2014-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 09:21]
.
2014-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-04 09:46]
.
2014-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-04 09:46]
.
2014-04-08 c:\windows\Tasks\Msn oznamovn konce poskytovn slueb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
2014-04-29 c:\windows\Tasks\Pihlen k oznamovn konce poskytovn slueb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-18 23:28]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.google.cz/advanced_search?hl=cs&authuser=0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\documents and settings\Honza\Data aplikac\Mozilla\Firefox\Profiles\kaxfsxno.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/advanced_search?hl=cs&authuser=0
FF - prefs.js: keyword.URL - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-29 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1752)
c:\documents and settings\Honza\Data aplikac\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jin sputen procesy ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Celkov as: 2014-04-29  15:39:40 - pota byl restartovn
ComboFix-quarantined-files.txt  2014-04-29 13:39
ComboFix2.txt  2014-04-29 10:20
ComboFix3.txt  2014-04-29 09:58
.
Ped sputnm: Volnch bajt: 34400387072
Po sputn: Volnch bajt: 34388140032
.
- - End Of File - - 354FA36BE3F23467C8254F848A925874
413FC2A0C716421B3158746D63736515
