RSIT:
ComboFix:Logfile of random's system information tool 1.09 (written by random/random)
Run by OdinAsgard at 2012-01-07 22:50:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (44%) free of 41 GB
Total RAM: 3582 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:39, on 7.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QIP\qip.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Bo-Shot\Bo-Shot.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
H:\Programy\RSIT\RSIT.exe
C:\Program Files\trend micro\OdinAsgard.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [4-Day Forecast] "C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bo-Shot.lnk = C:\Program Files\Bo-Shot\Bo-Shot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6549 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\OdinAsgard\Application Data\Mozilla\Firefox\Profiles\vznhizwi.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\OdinAsgard\Application Data\Mozilla\Firefox\Profiles\vznhizwi.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2006-12-08 241664]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]
"4-Day Forecast"=C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe [2008-07-02 1064960]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"=C:\Program Files\QIP\qip.exe [2008-12-09 3259392]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
Bo-Shot.lnk - C:\Program Files\Bo-Shot\Bo-Shot.exe
C:\Documents and Settings\OdinAsgard\Start Menu\Programs\Startup
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Games\World_of_Tanks\WOTLauncher.exe"="C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.divxa32"=msaud32_divx.acm
"msacm.lhacm"=lhacm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2012-01-07 22:50:23 ----D---- C:\Program Files\trend micro
2012-01-07 22:50:20 ----D---- C:\rsit
2012-01-07 22:42:50 ----A---- C:\ComboFix.txt
2012-01-07 22:28:36 ----A---- C:\Boot.bak
2012-01-07 22:28:20 ----RASHD---- C:\cmdcons
2012-01-07 22:25:44 ----A---- C:\WINDOWS\zip.exe
2012-01-07 22:25:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-01-07 22:25:44 ----A---- C:\WINDOWS\SWSC.exe
2012-01-07 22:25:44 ----A---- C:\WINDOWS\SWREG.exe
2012-01-07 22:25:44 ----A---- C:\WINDOWS\sed.exe
2012-01-07 22:25:44 ----A---- C:\WINDOWS\PEV.exe
2012-01-07 22:25:44 ----A---- C:\WINDOWS\NIRCMD.exe
2012-01-07 22:25:44 ----A---- C:\WINDOWS\MBR.exe
2012-01-07 22:25:44 ----A---- C:\WINDOWS\grep.exe
2012-01-07 22:25:13 ----D---- C:\WINDOWS\ERDNT
2012-01-07 22:23:20 ----D---- C:\Qoobox
2012-01-07 20:12:16 ----D---- C:\Config.Msi
2012-01-07 13:19:14 ----D---- C:\Program Files\Sunbelt Software
2012-01-02 21:12:25 ----D---- C:\Program Files\Veetle
2011-12-25 17:19:08 ----D---- C:\Documents and Settings\OdinAsgard\Application Data\VitySoft
2011-12-24 19:14:31 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2011-12-23 11:23:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-23 11:22:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-23 11:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-23 11:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-23 11:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-23 11:22:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-23 11:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
======List of files/folders modified in the last 1 month======
2012-01-07 22:50:25 ----D---- C:\WINDOWS\Temp
2012-01-07 22:50:23 ----RD---- C:\Program Files
2012-01-07 22:47:18 ----D---- C:\Program Files\Mozilla Firefox
2012-01-07 22:45:54 ----D---- C:\Program Files\SpeedFan
2012-01-07 22:44:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-07 22:44:18 ----D---- C:\Documents and Settings\OdinAsgard\Application Data\Skype
2012-01-07 22:43:03 ----D---- C:\WINDOWS\Prefetch
2012-01-07 22:40:57 ----D---- C:\WINDOWS
2012-01-07 22:40:57 ----A---- C:\WINDOWS\system.ini
2012-01-07 22:40:35 ----D---- C:\WINDOWS\system32\drivers\etc
2012-01-07 22:39:47 ----D---- C:\Program Files\TNod User & Password Finder
2012-01-07 22:38:21 ----D---- C:\WINDOWS\system32\drivers
2012-01-07 22:38:21 ----D---- C:\WINDOWS\system32
2012-01-07 22:38:21 ----D---- C:\WINDOWS\AppPatch
2012-01-07 22:38:18 ----D---- C:\Program Files\Common Files
2012-01-07 22:34:19 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-07 22:28:36 ----RASH---- C:\boot.ini
2012-01-07 20:14:50 ----SHD---- C:\WINDOWS\Installer
2012-01-07 20:12:16 ----HD---- C:\WINDOWS\inf
2012-01-07 19:39:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-07 13:17:34 ----D---- C:\WINDOWS\system32\appmgmt
2012-01-07 13:17:32 ----SD---- C:\WINDOWS\Tasks
2012-01-03 00:08:32 ----A---- C:\WINDOWS\NeroDigital.ini
2011-12-28 23:47:45 ----A---- C:\WINDOWS\wincmd.ini
2011-12-28 18:16:17 ----D---- C:\Program Files\PokerStars
2011-12-26 18:24:16 ----D---- C:\Program Files\Bo-Shot
2011-12-24 19:14:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-23 14:01:56 ----A---- C:\WINDOWS\system32\MRT.exe
2011-12-23 11:23:03 ----A---- C:\WINDOWS\imsins.BAK
2011-12-23 11:22:50 ----D---- C:\Program Files\Internet Explorer
2011-12-23 11:22:37 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2005-06-15 4096]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-08-30 611064]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2007-07-17 114944]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 262144]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aje2jebv;aje2jebv; C:\WINDOWS\system32\drivers\aje2jebv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ODINAS~1\LOCALS~1\Temp\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2006-07-14 14848]
S3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2006-07-14 9984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2004-10-27 1912832]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-30 136176]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-08-30 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-11-26 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-30 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
ComboFix 12-01-07.02 - OdinAsgard 07.01.2012 22:35:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3582.2557 [GMT 1:00]
Spuštěný z: h:\programy\ComboFix\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *Enabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
FW: Sunbelt Personal Firewall *Disabled* {C665E66B-E8EF-49DB-B30B-81BB5E60462C}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TNod User & Password Finder\TNODUP.exe
c:\windows\alcrmv.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-07 do 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 12:19 . 2012-01-07 12:19 -------- d-----w- c:\program files\Sunbelt Software
2012-01-02 20:12 . 2012-01-02 20:12 -------- d-----w- c:\program files\Veetle
2011-12-25 16:19 . 2011-12-25 16:19 -------- d-----w- c:\documents and settings\OdinAsgard\Application Data\VitySoft
2011-12-24 18:14 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-12-24 18:14 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 17:20 . 2011-08-30 11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-03 21:17 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-03 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-08-03 22:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-03 22:56 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-03 22:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-03 21:20 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-03 22:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-08-30 10:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-25 00:36 . 2011-08-30 11:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3259392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"4-Day Forecast"="c:\program files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" [2008-07-02 1064960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\OdinAsgard\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2005-11-7 2472448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bo-Shot.lnk - c:\program files\Bo-Shot\Bo-Shot.exe [2003-5-5 259072]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.8.2011 12:01 611064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 94872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2.11.2004 10:00 262144]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 15:41 810144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.8.2011 14:29 136176]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [30.8.2011 12:28 14848]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [30.8.2011 12:28 9984]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.8.2011 14:29 136176]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - KPF4
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-30 13:29]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-30 13:29]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.146.238.22 10.146.254.253
FF - ProfilePath - c:\documents and settings\OdinAsgard\Application Data\Mozilla\Firefox\Profiles\vznhizwi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-07 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\System32\dimsntfy.dll
.
Celkový čas: 2012-01-07 22:42:49
ComboFix-quarantined-files.txt 2012-01-07 21:42
.
Před spuštěním: 17 475 760 128 bytes free
Po spuštění: 18 642 358 272 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DD11F4D68FAE99F3431B107C6D7ED3CB
Nedávej logy ani do Quote ani do Code, špatně se to čte!
Ten ComboFix Ti poradil který dobrák?! 
Nebezpečí CFka:
Jako první ovšem odnistaluj ten nelegální ESET NOD32 Antivirus ze svého počítače, protože nelegálním software se tu vážně nezabýváme! 
.
To je jako mít "bezpečně zamknuté všechny dveře u baráku a okna nechat otevřená.
Přispějete na provoz fóra?