vir soubor

[Mari13]

Dobrý den,potřebovala bych poradit
Tohle mi přišlo při komunikaci na chatu :http://www.facebook.com.img8016.tk/Photo-11A02847m.jpeg
A od té doby co jsem soubor otevřela se mi to neustále zobrazuje při chatu
děkuji

[vyosek]

Zdravim a pekny den preji

Nechala jste se nachytat tzv. Facebook virem

Dejte mi prosim log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 at se podivame kde se havet ukryva

[Mari13]

Logfile of random's system information tool 1.09 (written by random/random)
Run by MiiLan at 2011-10-03 18:01:19
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 111 MB (1%) free of 16 GB
Total RAM: 1023 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\One-Click Tweak.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "DTToolbar@toolbarnet.com:1.1.2.0185, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.7&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\extensions\
DTToolbar@toolbarnet.com
OberonGameHost@OberonGames.com
radiobar@toolbar
staged-xpis
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\
daemon-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - d:\hra\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2007-12-16 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-10-02 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21 3853984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-10-02 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2007-12-16 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2007-12-16 245760]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-10-02 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-12 20480]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe [2006-10-16 202312]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"BrowserChoice"=C:\WINDOWS\system32\browserchoice.exe /run []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-09-26 19554952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-10-02 39408]

C:\Documents and Settings\MiiLan\Nabídka Start\Programy\Po spuštění
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Zaloha Disk C\inst\StrongDC++\StrongDC.exe"="D:\Zaloha Disk C\inst\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"D:\vietkonk\vietcong.exe"="D:\vietkonk\vietcong.exe:*:Enabled:vietcong"
"C:\Documents and Settings\MiiLan\Plocha\StrongDC.exe"="C:\Documents and Settings\MiiLan\Plocha\StrongDC.exe:*:Enabled:StrongDC++"
"D:\setlers\bin\settlershok.exe"="D:\setlers\bin\settlershok.exe:*:Enabled:THE SETTLERS - Heritage of Kings"
"C:\game spy\Aphex.exe"="C:\game spy\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\DEAD MANS HAND\System\Udebugger.exe"="D:\DEAD MANS HAND\System\Udebugger.exe:*:Enabled:Udebugger"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\Nová složka\HoI.exe"="D:\Nová složka\HoI.exe:*:Enabled:Hearts of Iron"
"D:\pan prstenu\game.dat"="D:\pan prstenu\game.dat:*:Enabled:Battle for Middle-earth"
"D:\pan prstenu\patchget.dat"="D:\pan prstenu\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\hra\vietkonk\vietcong.exe"="D:\hra\vietkonk\vietcong.exe:*:Enabled:vietcong"
"C:\Documents and Settings\MiiLan\Local Settings\Temporary Internet Files\Content.IE5\0SG34EXU\incredimail_install[1].exe"="C:\Documents and Settings\MiiLan\Local Settings\Temporary Internet Files\Content.IE5\0SG34EXU\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"D:\Cull of cutty\CoD2\CoD2MP_s.exe"="D:\Cull of cutty\CoD2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\game spy\Aphex.exe"="D:\game spy\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\EA SPORTS\NHL06\nhl06.exe"="D:\EA SPORTS\NHL06\nhl06.exe:*:Enabled:nhl06"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Metin2_CZ\metin2.bin"="D:\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\Pinnacle\Studio 10\programs\RM.exe"="C:\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Pinnacle\Studio 10\programs\Studio.exe"="C:\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Pinnacle\Studio 10\programs\umi.exe"="C:\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Electronic Arts\EA Downloader\Core.exe"="C:\Program Files\Electronic Arts\EA Downloader\Core.exe:*:Enabled:EA Download Manager"
"D:\Pinnacle\Studio 12\Programs\RM.exe"="D:\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Pinnacle\Studio 12\Programs\Studio.exe"="D:\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"D:\Pinnacle\Studio 12\Programs\umi.exe"="D:\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\hra\vietkonk\vcded.exe"="D:\hra\vietkonk\vcded.exe:*:Enabled:vcded"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"vidc.ffds"=ffdshow.ax
"MSVideo8"=VfWWDM32.dll
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.MJPG"=Pvmjpg30.dll
"VIDC.I420"=vdrcodec.dll

======List of files/folders created in the last 1 month======

2011-10-03 17:49:37 ----A---- C:\Documents and Settings\MiiLan\Data aplikací\E6.exe
2011-10-02 23:42:43 ----RD---- C:\Program Files\Skype
2011-10-02 22:43:33 ----D---- C:\Program Files\trend micro
2011-10-02 22:43:32 ----D---- C:\rsit
2011-10-02 19:07:32 ----A---- C:\Documents and Settings\MiiLan\Data aplikací\1C.tmp
2011-10-02 19:07:29 ----A---- C:\Documents and Settings\MiiLan\Data aplikací\1B.exe
2011-09-20 20:06:26 ----A---- C:\Documents and Settings\MiiLan\Data aplikací\79.tmp
2011-09-19 14:42:04 ----A---- C:\Documents and Settings\MiiLan\Data aplikací\7.tmp
2011-09-16 05:26:33 ----A---- C:\Documents and Settings\MiiLan\Data aplikací\6.tmp
2011-09-11 14:09:21 ----A---- C:\Documents and Settings\MiiLan\Data aplikací\5.tmp

======List of files/folders modified in the last 1 month======

2011-10-03 17:23:37 ----D---- C:\Documents and Settings\MiiLan\Data aplikací\Skype
2011-10-03 11:24:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-03 08:55:51 ----D---- C:\WINDOWS\Temp
2011-10-03 07:26:11 ----D---- C:\WINDOWS\system32
2011-10-03 07:26:11 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-03 07:24:27 ----AC---- C:\Documents and Settings\MiiLan\Data aplikací\8.exe
2011-10-03 07:22:49 ----D---- C:\WINDOWS\Prefetch
2011-10-03 00:03:57 ----SHD---- C:\WINDOWS\Installer
2011-10-02 23:47:18 ----D---- C:\Program Files\Google
2011-10-02 23:45:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2011-10-02 23:42:43 ----RD---- C:\Program Files
2011-10-02 23:42:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-10-02 23:32:01 ----D---- C:\Program Files\Mozilla Firefox
2011-10-02 20:04:17 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-22 20:16:13 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-09-22 06:32:49 ----A---- C:\Documents and Settings\MiiLan\Data aplikací\3.exe
2011-09-21 20:40:38 ----AC---- C:\WINDOWS\TextSpy.ini
2011-09-18 19:19:33 ----D---- C:\Program Files\PokerStars
2011-09-08 17:12:41 ----D---- C:\Program Files\Full Tilt Poker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2004-08-04 46464]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-02-20 36608]
R0 SiSide;SiSide; C:\WINDOWS\system32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sisidex;sisidex; C:\WINDOWS\system32\drivers\sisidex.sys [2002-10-17 49024]
R0 sisperf;Add Performance Filter Driver; C:\WINDOWS\system32\drivers\sisperf.sys [2002-08-20 9472]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-11 691696]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-07-01 733248]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-09-17 9856]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2007-09-20 114496]
S3 auveiowh;auveiowh; C:\WINDOWS\system32\drivers\auveiowh.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-21 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-21 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-02 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Mari13]

a kde tohle najdu na svém PC:
Pokud mate Win XP spustte pod uctem Spravce\Administratora
děkuji

[vyosek]

Pokud muzete normalne instalovat aplikace, tak mate administratorska opravneni a muzete normalne aplikace spoustet

[Mari13]

ComboFix 11-10-03.01 - MiiLan 03.10.2011 20:06:09.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.621 [GMT 2:00]
Spuštěný z: c:\documents and settings\MiiLan\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MiiLan\Data aplikací\1C.tmp
c:\documents and settings\MiiLan\Data aplikací\4.tmp
c:\documents and settings\MiiLan\Data aplikací\4F.tmp
c:\documents and settings\MiiLan\Data aplikací\5.tmp
c:\documents and settings\MiiLan\Data aplikací\6.tmp
c:\documents and settings\MiiLan\Data aplikací\62.tmp
c:\documents and settings\MiiLan\Data aplikací\7.tmp
c:\documents and settings\MiiLan\Data aplikací\79.tmp
c:\documents and settings\MiiLan\Data aplikací\Wnjxjt.exe
c:\documents and settings\MiiLan\WINDOWS
c:\program files\Save
c:\program files\Save\ffext.mod
c:\program files\Save\save.db
c:\program files\Save\save.htm
c:\program files\Save\store.db
c:\program files\UNWISE.EXE
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
c:\windows\system32\skype
c:\windows\system32\skype\klog.dat
c:\windows\system32\skype\winhost.exe
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-03 do 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 15:49 . 2011-10-03 15:49 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\E6.exe
2011-10-02 21:42 . 2011-10-02 21:45 -------- d-----r- c:\program files\Skype
2011-10-02 20:43 . 2011-10-02 20:43 -------- d-----w- c:\program files\trend micro
2011-10-02 20:43 . 2011-10-02 20:43 -------- d-----w- C:\rsit
2011-10-02 17:07 . 2011-10-02 17:07 703102 ----a-w- c:\documents and settings\MiiLan\Data aplikací\1B.exe
2011-09-21 07:35 . 2011-09-21 07:35 4566176 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 05:24 . 2011-08-29 11:52 703102 -c--a-w- c:\documents and settings\MiiLan\Data aplikací\8.exe
2011-09-22 04:32 . 2011-08-26 06:25 406478 ----a-w- c:\documents and settings\MiiLan\Data aplikací\3.exe
2011-09-02 10:03 . 2011-09-02 10:03 406478 -c--a-w- c:\documents and settings\MiiLan\Data aplikací\8F.exe
2011-08-29 14:10 . 2011-08-26 03:14 398630 -c--a-w- c:\documents and settings\MiiLan\Data aplikací\4.exe
2011-08-25 21:46 . 2011-08-25 21:46 398630 -c--a-w- c:\documents and settings\MiiLan\Data aplikací\61.exe
2011-08-21 10:09 . 2011-08-21 10:09 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2007-12-16 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 19554952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\hra\\vietkonk\\vietcong.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\hra\\vietkonk\\vcded.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.4.2008 16:53 691696]
S1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [20.9.2007 20:14 114496]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.8.2011 12:09 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.8.2011 12:09 136176]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 10:09]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 10:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 10.129.0.13:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{793D68D5-2455-4C8B-B60A-AFB44DCD5F4C}: NameServer = 90.183.115.6,90.183.115.11,194.228.2.1,80.79.29.8
FF - ProfilePath - c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-BrowserChoice - c:\windows\system32\browserchoice.exe
HKCU-Run-Wnjxjt - c:\documents and settings\MiiLan\Data aplikací\Wnjxjt.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 20:13
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1637723038-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:70,67,51,8b,01,3a,49,2f,ab,9a,89,fe,91,60,6e,9e,f2,0f,bf,d3,0c,43,a1,
dc,5c,b9,31,15,cb,f7,11,44,e6,57,bb,39,13,2d,28,8d,e4,78,41,6f,fb,0a,34,52,\
"??"=hex:71,8e,cc,46,6a,b9,4a,0c,98,ec,b6,f7,84,61,f0,bc
.
[HKEY_USERS\S-1-5-21-117609710-1637723038-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:41,99,b7,5e,50,98,ed,f1,98,64,69,d2,12,f1,4a,43,42,8c,5b,c7,55,
45,5e,8a,35,4d,f3,3b,83,89,28,f0,4c,8b,97,5c,10,51,90,9c,5b,8d,1d,60,79,d6,\
"rkeysecu"=hex:4e,b4,f4,88,c0,6e,d3,09,23,d3,39,5c,e2,b4,83,f5
.
Celkový čas: 2011-10-03 20:15:43
ComboFix-quarantined-files.txt 2011-10-03 18:15
.
Před spuštěním: 1 238 360 064
Po spuštění: 1 304 604 672
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CB5E13DCD0F3F4B09FF0937E6366E754

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\documents and settings\MiiLan\Data aplikací\E6.exe
  c:\documents and settings\MiiLan\Data aplikací\1B.exe
  c:\documents and settings\MiiLan\Data aplikací\8.exe
  c:\documents and settings\MiiLan\Data aplikací\3.exe
  c:\documents and settings\MiiLan\Data aplikací\8F.exe
  c:\documents and settings\MiiLan\Data aplikací\4.exe
  c:\documents and settings\MiiLan\Data aplikací\61.exe
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "LaunchList"=-
  "DAEMON Tools Lite"=-
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RemoteControl"=-
  "WinampAgent"=-
  "SunJavaUpdateSched"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  
  Driver::
  gupdatem
  gupdate
  ICQ Service
  
  Folder::
  c:\program files\AskTBar
  C:\Program Files\ICQ6Toolbar
  C:\Program Files\DAEMON Tools Toolbar
  
  File::
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\One-Click Tweak.job
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\daemon-search.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-1.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-10.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-11.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-12.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-13.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-14.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-15.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-16.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-17.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-18.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-19.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-2.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-20.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-21.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-22.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-3.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-4.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-5.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-6.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-7.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-8.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-9.xml
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.gif
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.src
  C:\Documents and Settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.xml
  
  DDS::
  uStart Page = hxxp://www.bing.com/?pc=AVBR
  uInternet Settings,ProxyServer = 10.129.0.13:3128
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  
  RegNull::
  [HKEY_USERS\S-1-5-21-117609710-1637723038-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-117609710-1637723038-725345543-1003\Software\SecuROM\License information*]
  
  AtJob::
  
  ClearJavaCache::
  
  FixCSet::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Mari13]

Po vložení souboru CFSscript do programu ComboFix dojde ke spuštění programu ComboFix ale dojde k chybě:
CFSscript chyba názvu
Zkoušeli jste aplikovat CFSscript?
Název CFSscript se zdá být nesprávně hlasovaný

[vyosek]

Mate jej spatne pojmenovany, ma se jmenovat CFScript ne CFSscript

[Mari13]

ComboFix 11-10-03.01 - MiiLan 06.10.2011 16:39:37.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.667 [GMT 2:00]
Spuštěný z: c:\documents and settings\MiiLan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MiiLan\Plocha\CFScript.txt
.
FILE ::
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\daemon-search.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-1.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-10.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-11.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-12.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-13.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-14.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-15.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-16.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-17.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-18.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-19.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-2.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-20.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-21.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-22.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-3.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-4.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-5.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-6.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-7.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-8.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-9.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.gif"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.src"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.xml"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\One-Click Tweak.job"
.
file zipped: c:\documents and settings\MiiLan\Data aplikací\1B.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\3.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\4.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\61.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\8.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\8F.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\E6.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MiiLan\Data aplikací\14.tmp
c:\documents and settings\MiiLan\Data aplikací\4.exe
c:\documents and settings\MiiLan\Data aplikací\61.exe
c:\documents and settings\MiiLan\Data aplikací\8.exe
c:\documents and settings\MiiLan\Data aplikací\8F.exe
c:\program files\AskTBar
c:\program files\AskTBar\bar\1.bin\A5POPSWT.DLL
c:\program files\AskTBar\bar\1.bin\ASKTBAR.DLL
c:\program files\AskTBar\bar\Cache\00037BF7
c:\program files\AskTBar\bar\Cache\00037D30.bin
c:\program files\AskTBar\bar\Cache\000A84BF
c:\program files\AskTBar\bar\Cache\00436BB4.bin
c:\program files\AskTBar\bar\Cache\00436E06.bin
c:\program files\AskTBar\bar\Cache\00436F7D.bin
c:\program files\AskTBar\bar\Cache\files.ini
c:\program files\AskTBar\bar\History\search2
c:\program files\AskTBar\bar\Settings\prevcfg2.htm
c:\program files\AskTBar\PopSwatr\History\allowed
c:\program files\AskTBar\PopSwatr\History\notallow
c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-06 do 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-06 14:50 . 2011-10-06 14:50 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\2.exe
2011-10-05 14:25 . 2011-10-05 14:25 703102 ----a-w- c:\documents and settings\MiiLan\Data aplikací\96.exe
2011-10-05 14:25 . 2011-10-05 14:25 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\95.exe
2011-10-03 15:49 . 2011-10-03 15:49 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\E6.exe
2011-10-02 21:42 . 2011-10-02 21:45 -------- d-----r- c:\program files\Skype
2011-10-02 20:43 . 2011-10-02 20:43 -------- d-----w- c:\program files\trend micro
2011-10-02 20:43 . 2011-10-02 20:43 -------- d-----w- C:\rsit
2011-10-02 17:07 . 2011-10-02 17:07 703102 ----a-w- c:\documents and settings\MiiLan\Data aplikací\1B.exe
2011-09-21 07:35 . 2011-09-21 07:35 4566176 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 04:38 . 2011-08-26 06:25 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\3.exe
2011-08-21 10:09 . 2011-08-21 10:09 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-03_18.13.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-06 14:49 . 2011-10-06 14:49 16384 c:\windows\temp\Perflib_Perfdata_73c.dat
- 2001-10-25 14:00 . 2011-10-03 05:26 71846 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2011-10-06 04:39 71846 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2011-10-03 05:26 83306 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-10-06 04:39 83306 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-10-06 04:39 443588 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-10-03 05:26 443588 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-10-03 05:26 439966 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2011-10-06 04:39 439966 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\hra\\vietkonk\\vietcong.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\hra\\vietkonk\\vcded.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.4.2008 16:53 691696]
S1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [20.9.2007 20:14 114496]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\MiiLan\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\MiiLan\LOCALS~1\Temp\CFcatchme.sys [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{793D68D5-2455-4C8B-B60A-AFB44DCD5F4C}: NameServer = 90.183.115.6,90.183.115.11,194.228.2.1,80.79.29.8
FF - ProfilePath - c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Y - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 16:50
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Wnjxjt = c:\documents and settings\MiiLan\Data aplikac?\Wnjxjt.exe
.
skenování skrytých souborů ...
.
.
c:\documents and settings\MiiLan\Data aplikací\Wnjxjt.exe 150016 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wnjxjt"="c:\\Documents and Settings\\MiiLan\\Data aplikací\\Wnjxjt.exe"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\MiiLan\LOCALS~1\Temp\x30811.exe
.
**************************************************************************
.
Celkový čas: 2011-10-06 16:54:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-06 14:54
ComboFix2.txt 2011-10-03 18:15
.
Před spuštěním: 4 295 217 152
Po spuštění: 4 451 622 912
.
- - End Of File - - 7B73871CA063C704D276AC7FE46A5F02


déle se oběvilo:
ComboFix potřebuje podrobyt vzorky malware další analýze.
Prosím ujistěte se,že jse připojeni k Internetu,než kliknete na OK

[vyosek]

Ano, to je v poradku, CF uploadoval vzorky haveti na ftp sUSBse - autora ComboFixu, aby mohl byt dale zlepsovan

Nicmene, ne vse se smazalo, budem na to muset jeste jinak

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Wnjxjt"=-
  
  :files
  c:\documents and settings\MiiLan\Data aplikací\*.exe
  c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin*.xml
  c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\daemon-search.xml
  c:\documents and settings\MiiLan\Data aplikací\Wnjxjt.exe
  c:\docume~1\MiiLan\LOCALS~1\Temp
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[Mari13]

jěště k předešlé akci:
Prosím ujistěte se,že jse připojeni k Internetu,než kliknete na OK
tak jsem dala ok:
ComboFix 11-10-03.01 - MiiLan 06.10.2011 16:39:37.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.667 [GMT 2:00]
Spuštěný z: c:\documents and settings\MiiLan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MiiLan\Plocha\CFScript.txt
.
FILE ::
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\daemon-search.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-1.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-10.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-11.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-12.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-13.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-14.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-15.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-16.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-17.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-18.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-19.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-2.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-20.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-21.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-22.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-3.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-4.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-5.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-6.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-7.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-8.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin-9.xml"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.gif"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.src"
"c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\searchplugins\icqplugin.xml"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\One-Click Tweak.job"
.
file zipped: c:\documents and settings\MiiLan\Data aplikací\1B.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\3.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\4.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\61.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\8.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\8F.exe
file zipped: c:\documents and settings\MiiLan\Data aplikací\E6.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MiiLan\Data aplikací\14.tmp
c:\documents and settings\MiiLan\Data aplikací\4.exe
c:\documents and settings\MiiLan\Data aplikací\61.exe
c:\documents and settings\MiiLan\Data aplikací\8.exe
c:\documents and settings\MiiLan\Data aplikací\8F.exe
c:\program files\AskTBar
c:\program files\AskTBar\bar\1.bin\A5POPSWT.DLL
c:\program files\AskTBar\bar\1.bin\ASKTBAR.DLL
c:\program files\AskTBar\bar\Cache\00037BF7
c:\program files\AskTBar\bar\Cache\00037D30.bin
c:\program files\AskTBar\bar\Cache\000A84BF
c:\program files\AskTBar\bar\Cache\00436BB4.bin
c:\program files\AskTBar\bar\Cache\00436E06.bin
c:\program files\AskTBar\bar\Cache\00436F7D.bin
c:\program files\AskTBar\bar\Cache\files.ini
c:\program files\AskTBar\bar\History\search2
c:\program files\AskTBar\bar\Settings\prevcfg2.htm
c:\program files\AskTBar\PopSwatr\History\allowed
c:\program files\AskTBar\PopSwatr\History\notallow
c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-06 do 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-06 14:50 . 2011-10-06 14:50 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\2.exe
2011-10-05 14:25 . 2011-10-05 14:25 703102 ----a-w- c:\documents and settings\MiiLan\Data aplikací\96.exe
2011-10-05 14:25 . 2011-10-05 14:25 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\95.exe
2011-10-03 15:49 . 2011-10-03 15:49 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\E6.exe
2011-10-02 21:42 . 2011-10-02 21:45 -------- d-----r- c:\program files\Skype
2011-10-02 20:43 . 2011-10-02 20:43 -------- d-----w- c:\program files\trend micro
2011-10-02 20:43 . 2011-10-02 20:43 -------- d-----w- C:\rsit
2011-10-02 17:07 . 2011-10-02 17:07 703102 ----a-w- c:\documents and settings\MiiLan\Data aplikací\1B.exe
2011-09-21 07:35 . 2011-09-21 07:35 4566176 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 04:38 . 2011-08-26 06:25 398081 ----a-w- c:\documents and settings\MiiLan\Data aplikací\3.exe
2011-08-21 10:09 . 2011-08-21 10:09 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-03_18.13.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-06 14:49 . 2011-10-06 14:49 16384 c:\windows\temp\Perflib_Perfdata_73c.dat
- 2001-10-25 14:00 . 2011-10-03 05:26 71846 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2011-10-06 04:39 71846 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2011-10-03 05:26 83306 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-10-06 04:39 83306 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-10-06 04:39 443588 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-10-03 05:26 443588 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-10-03 05:26 439966 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2011-10-06 04:39 439966 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
c:\documents and settings\MiiLan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
PowerReg Scheduler.exe [2008-4-15 256000]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\hra\\vietkonk\\vietcong.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\hra\\vietkonk\\vcded.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.4.2008 16:53 691696]
S1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [20.9.2007 20:14 114496]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\MiiLan\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\MiiLan\LOCALS~1\Temp\CFcatchme.sys [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{793D68D5-2455-4C8B-B60A-AFB44DCD5F4C}: NameServer = 90.183.115.6,90.183.115.11,194.228.2.1,80.79.29.8
FF - ProfilePath - c:\documents and settings\MiiLan\Data aplikací\Mozilla\Firefox\Profiles\cq5d9xie.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Y - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 16:50
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Wnjxjt = c:\documents and settings\MiiLan\Data aplikac?\Wnjxjt.exe
.
skenování skrytých souborů ...
.
.
c:\documents and settings\MiiLan\Data aplikací\Wnjxjt.exe 150016 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wnjxjt"="c:\\Documents and Settings\\MiiLan\\Data aplikací\\Wnjxjt.exe"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\MiiLan\LOCALS~1\Temp\x30811.exe
.
**************************************************************************
.
Celkový čas: 2011-10-06 16:54:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-06 14:54
ComboFix2.txt 2011-10-03 18:15
.
Před spuštěním: 4 295 217 152
Po spuštění: 4 451 622 912
.
- - End Of File - - 7B73871CA063C704D276AC7FE46A5F02
Nahr nˇ probŘhlo ŁspŘçnŘ

[vyosek]

Super, vzorky byly nahrany

Ted vzhuru do OTM

[Mari13]

nahrála jsem otm-spustila červeným tl. a objeví se:
No fix has beeen provieded
Do you want to load it from a file<