Dorkbot.B

[derrrek4]

Ahoj chytnul sem to na facebooku a nemužu se ho zbavit...poradí nekdo...díky

Logfile of random's system information tool 1.09 (written by random/random)
Run by já at 2012-02-04 19:49:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 61 GB (40%) free of 153 GB
Total RAM: 2038 MB (61% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\6lprsxzf.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?AF=100888&ba ... 270e13d08b"
prefs.js - "keyword.URL" - "http://search.babylon.com/?AF=100888&ba ... e13d08b&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040]
"Description"=6.0.12.1040
"Path"=C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
flashplayer.xpt
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npjp2.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
NPSWF32.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\6lprsxzf.default\extensions\
info@thebflix.com
{5911488E-9D1E-40ec-8CBB-06B231CC153F}
{b0d3574e-b41f-4fe9-b976-1e8e303095b9}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\6lprsxzf.default\searchplugins\
yahoo-zugo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-09-05 64928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E}]
bflix Class - C:\Program Files\BFlix\BFlix.dll [2011-12-19 167936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
StartNow Toolbar Helper - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-10-25 420576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0d3574e-b41f-4fe9-b976-1e8e303095b9}]
MovaviEN Toolbar - C:\Program Files\MovaviEN\prxtbMova.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} - StartNow Toolbar - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2011-10-25 420576]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]
{b0d3574e-b41f-4fe9-b976-1e8e303095b9} - MovaviEN Toolbar - C:\Program Files\MovaviEN\prxtbMova.dll [2011-05-09 176936]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-07-16 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-07-16 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-07-16 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-17 16876032]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-07-17 57344]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2011-11-27 98304]
"NWEReboot"= []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-11-25 641400]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-07-16 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"msacm.iac2"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.avrn"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"=C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"=C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"=C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"=C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"=C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"=C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"=C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"=C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"=C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"=C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"=C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"=C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"=C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"=C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"=C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"=C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"=C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"vidc.divx"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.divxa32"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.iyuv"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"=C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

======List of files/folders created in the last 1 month======

2012-02-04 19:49:49 ----D---- C:\Program Files\trend micro
2012-02-04 19:49:48 ----D---- C:\rsit
2012-02-04 19:45:48 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-02-04 16:36:29 ----A---- C:\WINDOWS\ntbtlog.txt
2012-02-04 16:21:57 ----D---- C:\Documents and Settings\já\Data aplikací\Malwarebytes
2012-02-04 16:21:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-02-04 16:21:17 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-02-04 16:21:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-30 15:46:57 ----A---- C:\Documents and Settings\já\Data aplikací\9A.exe
2012-01-28 14:57:39 ----A---- C:\Documents and Settings\já\Data aplikací\1B.exe
2012-01-27 20:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-01-27 14:52:35 ----A---- C:\Documents and Settings\já\Data aplikací\A3.exe
2012-01-27 14:45:33 ----A---- C:\Documents and Settings\já\Data aplikací\3C.exe
2012-01-26 15:47:49 ----A---- C:\Documents and Settings\já\Data aplikací\1C.exe
2012-01-25 15:56:14 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2012-01-25 15:55:53 ----D---- C:\Program Files\ESET
2012-01-25 15:55:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-25 15:49:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-01-24 18:40:22 ----A---- C:\Documents and Settings\já\Data aplikací\8F.exe
2012-01-17 21:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2012-01-16 21:02:16 ----D---- C:\WINDOWS\system32\XPSViewer
2012-01-16 21:02:12 ----D---- C:\Program Files\MSBuild
2012-01-16 21:02:10 ----D---- C:\WINDOWS\system32\en-US
2012-01-16 21:02:04 ----D---- C:\Program Files\Reference Assemblies
2012-01-16 21:01:41 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2012-01-16 21:01:41 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2012-01-16 21:01:41 ----N---- C:\WINDOWS\system32\prntvpt.dll
2012-01-16 21:01:40 ----D---- C:\ec69dd2977e9fa2fa40c221d29
2012-01-15 15:57:46 ----D---- C:\Program Files\Propellerhead
2012-01-15 15:13:50 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2012-01-15 15:13:50 ----A---- C:\WINDOWS\system32\ReWire.dll
2012-01-15 15:06:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Propellerhead Software
2012-01-15 15:06:18 ----D---- C:\Documents and Settings\já\Data aplikací\Propellerhead Software
2012-01-15 15:02:36 ----RSD---- C:\WINDOWS\assembly
2012-01-15 15:02:03 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-14 21:44:02 ----D---- C:\Program Files\GameTop.com
2012-01-14 00:48:54 ----D---- C:\Program Files\Lavalys
2012-01-13 16:31:16 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2012-01-13 00:46:23 ----D---- C:\Program Files\Electronic Arts
2012-01-13 00:46:20 ----D---- C:\ProgramData
2012-01-13 00:45:54 ----D---- C:\Documents and Settings\já\Data aplikací\Leadertech
2012-01-13 00:38:11 ----D---- C:\Program Files\EA Sports
2012-01-13 00:38:10 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2012-01-13 00:38:10 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2012-01-13 00:38:10 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2012-01-13 00:38:09 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2012-01-13 00:38:09 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2012-01-13 00:38:09 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2012-01-13 00:38:08 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2012-01-13 00:38:08 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2012-01-13 00:38:07 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2012-01-13 00:38:07 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2012-01-13 00:38:06 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2012-01-13 00:38:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2012-01-13 00:38:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2012-01-13 00:38:05 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2012-01-13 00:38:05 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2012-01-13 00:38:05 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2012-01-13 00:38:04 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2012-01-13 00:38:04 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2012-01-13 00:38:04 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2012-01-13 00:38:03 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2012-01-13 00:38:03 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2012-01-13 00:38:03 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2012-01-13 00:38:03 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2012-01-13 00:38:02 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2012-01-13 00:38:02 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2012-01-13 00:38:02 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2012-01-13 00:38:01 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2012-01-13 00:38:01 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2012-01-13 00:38:00 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2012-01-13 00:38:00 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2012-01-13 00:37:59 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2012-01-13 00:37:58 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2012-01-13 00:37:58 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2012-01-13 00:37:57 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2012-01-13 00:37:57 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2012-01-13 00:37:57 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2012-01-13 00:37:56 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2012-01-13 00:37:56 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-01-13 00:37:55 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2012-01-13 00:37:55 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2012-01-13 00:37:44 ----D---- C:\WINDOWS\Logs
2012-01-11 20:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-11 20:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-11 20:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-11 20:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-11 20:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$

======List of files/folders modified in the last 1 month======

2012-02-04 19:49:49 ----RD---- C:\Program Files
2012-02-04 19:45:48 ----D---- C:\WINDOWS\system32\drivers
2012-02-04 19:36:37 ----D---- C:\Documents and Settings\já\Data aplikací\uTorrent
2012-02-04 19:36:08 ----D---- C:\WINDOWS\Temp
2012-02-04 16:42:30 ----D---- C:\WINDOWS\msapps
2012-02-04 16:36:29 ----D---- C:\WINDOWS
2012-02-04 16:35:49 ----RD---- C:\WINDOWS\Offline Web Pages
2012-02-04 16:35:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-04 16:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2012-02-04 14:20:42 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-04 09:30:19 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-03 14:53:21 ----D---- C:\Program Files\Mozilla Firefox
2012-02-01 17:20:24 ----D---- C:\WINDOWS\Prefetch
2012-01-28 14:56:21 ----D---- C:\WINDOWS\system32
2012-01-27 20:27:07 ----HD---- C:\WINDOWS\inf
2012-01-27 20:27:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-27 20:10:53 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-25 17:01:32 ----D---- C:\Program Files\StartNow Toolbar
2012-01-25 15:57:11 ----SHD---- C:\WINDOWS\Installer
2012-01-17 21:35:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-17 21:35:32 ----D---- C:\WINDOWS\WinSxS
2012-01-17 21:25:54 ----A---- C:\WINDOWS\imsins.BAK
2012-01-17 21:25:52 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-17 15:18:49 ----D---- C:\Program Files\PowerISO
2012-01-16 21:02:09 ----RSD---- C:\WINDOWS\Fonts
2012-01-16 21:01:49 ----D---- C:\WINDOWS\system32\spool
2012-01-16 20:59:58 ----D---- C:\Program Files\Internet Explorer
2012-01-15 15:57:46 ----D---- C:\WINDOWS\system
2012-01-14 20:48:25 ----D---- C:\Program Files\Common Files\InstallShield
2012-01-14 20:44:03 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-14 00:48:58 ----SD---- C:\Documents and Settings\já\Data aplikací\Microsoft
2012-01-13 00:45:48 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-01-13 00:38:11 ----D---- C:\WINDOWS\system32\DirectX
2012-01-13 00:33:59 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-07-16 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-17 4745216]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-07-16 106368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[derrrek4]

ComboFix 12-02-05.01 - já 04.02.2012 22:50:10.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2038.1234 [GMT 1:00]
Spuštěný z: c:\documents and settings\jß\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\já\Data aplikací\3C.exe
c:\documents and settings\já\Data aplikací\A3.exe
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\system32\SET63.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET6F.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-04 do 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 18:49 . 2012-02-04 18:49 -------- d-----w- c:\program files\trend micro
2012-02-04 18:49 . 2012-02-04 18:49 -------- d-----w- C:\rsit
2012-02-04 15:21 . 2012-02-04 15:21 -------- d-----w- c:\documents and settings\já\Data aplikací\Malwarebytes
2012-02-04 15:21 . 2012-02-04 15:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-04 15:21 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-04 15:21 . 2012-02-04 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 14:46 . 2012-01-30 14:46 401173 ----a-w- c:\documents and settings\já\Data aplikací\9A.exe
2012-01-28 13:57 . 2012-01-28 13:57 401173 ----a-w- c:\documents and settings\já\Data aplikací\1B.exe
2012-01-26 14:47 . 2012-01-27 19:15 401173 ----a-w- c:\documents and settings\já\Data aplikací\1C.exe
2012-01-25 15:03 . 2012-01-25 15:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-01-25 14:56 . 2012-01-25 14:56 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-01-25 14:55 . 2012-01-25 14:55 -------- d-----w- c:\program files\ESET
2012-01-25 14:55 . 2012-01-25 14:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-01-25 14:49 . 2012-01-25 14:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2012-01-24 17:40 . 2012-01-24 17:40 423381 ----a-w- c:\documents and settings\já\Data aplikací\8F.exe
2012-01-16 20:02 . 2012-01-16 20:02 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-16 20:02 . 2012-01-16 20:02 -------- d-----w- c:\program files\MSBuild
2012-01-16 20:02 . 2012-01-16 20:02 -------- d-----w- c:\program files\Reference Assemblies
2012-01-16 20:01 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-16 20:01 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-16 20:01 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-01-16 20:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-01-16 20:01 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-01-16 20:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-01-16 20:01 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-01-16 20:01 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-16 20:01 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-16 20:01 . 2012-01-16 20:01 -------- d-----w- C:\ec69dd2977e9fa2fa40c221d29
2012-01-15 14:57 . 2012-01-15 14:57 -------- d-----w- c:\program files\Propellerhead
2012-01-15 14:13 . 2012-01-15 14:13 406528 ----a-w- c:\windows\system32\ReWire.dll
2012-01-15 14:13 . 2012-01-15 14:13 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2012-01-15 14:06 . 2012-01-15 14:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Propellerhead Software
2012-01-15 14:06 . 2012-01-15 14:14 -------- d-----w- c:\documents and settings\já\Data aplikací\Propellerhead Software
2012-01-14 20:44 . 2012-01-14 20:44 -------- d-----w- c:\program files\GameTop.com
2012-01-13 23:48 . 2012-01-13 23:48 -------- d-----w- c:\program files\Lavalys
2012-01-13 15:31 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-01-13 15:31 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-01-12 23:46 . 2012-01-12 23:46 -------- d-----w- c:\program files\Electronic Arts
2012-01-12 23:46 . 2012-01-12 23:46 -------- d-----w- C:\ProgramData
2012-01-12 23:45 . 2012-01-12 23:45 -------- d-----w- c:\documents and settings\já\Data aplikací\Leadertech
2012-01-12 23:37 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2012-01-12 23:37 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2012-01-12 23:37 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2012-01-12 23:37 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2012-01-12 23:37 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-01-12 23:37 . 2006-09-28 15:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2012-01-12 23:37 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-01-12 23:37 . 2006-07-28 08:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2012-01-12 23:37 . 2006-07-28 08:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-01-12 23:37 . 2012-01-12 23:37 -------- d-----w- c:\windows\Logs
2012-01-12 23:35 . 2012-01-12 23:46 1110 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-01-12 23:34 . 2012-01-12 23:34 -------- d-----w- c:\documents and settings\já\Local Settings\Data aplikací\Downloaded Installations
2012-01-09 13:41 . 2012-01-09 13:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 13:41 . 2012-01-09 13:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 13:41 . 2012-01-09 13:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 13:41 . 2012-01-09 13:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 23:33 . 2011-12-13 18:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-11-27 17:58 . 2011-11-27 17:58 98304 ----a-w- c:\windows\system32\qttask.exe
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-18 14:08 . 2011-11-18 14:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2012-01-09 13:41 . 2011-11-18 14:05 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{b0d3574e-b41f-4fe9-b976-1e8e303095b9}"= "c:\program files\MovaviEN\prxtbMova.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{b0d3574e-b41f-4fe9-b976-1e8e303095b9}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E}]
2011-12-19 20:25 167936 ----a-w- c:\program files\BFlix\bflix.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0d3574e-b41f-4fe9-b976-1e8e303095b9}]
2011-05-09 08:49 176936 ----a-w- c:\program files\MovaviEN\prxtbMova.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{b0d3574e-b41f-4fe9-b976-1e8e303095b9}"= "c:\program files\MovaviEN\prxtbMova.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{b0d3574e-b41f-4fe9-b976-1e8e303095b9}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{B0D3574E-B41F-4FE9-B976-1E8E303095B9}"= "c:\program files\MovaviEN\prxtbMova.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{b0d3574e-b41f-4fe9-b976-1e8e303095b9}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-11-25 641400]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-17 16876032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2011-11-27 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4.2.2012 16:21 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4.2.2012 16:21 20464]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=a8960de700000000000000270e13d08b
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.20.1
FF - ProfilePath - c:\documents and settings\já\Data aplikací\Mozilla\Firefox\Profiles\6lprsxzf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=a8960de700000000000000270e13d08b
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100888&babsrc=adbartrp&mntrId=a8960de700000000000000270e13d08b&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a8960de700000000000000270e13d08b
FF - user.js: extensions.BabylonToolbar_i.hardId - a8960de700000000000000270e13d08b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-NWEReboot - (no file)
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 22:58
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Nqumuz = c:\documents and settings\j?\Data aplikac?\Nqumuz.exe
.
skenování skrytých souborů ...
.
.
c:\documents and settings\já\Data aplikací\Nqumuz.exe 285807 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nqumuz"="c:\\Documents and Settings\\já\\Data aplikací\\Nqumuz.exe"
.
Celkový čas: 2012-02-04 23:00:51
ComboFix-quarantined-files.txt 2012-02-04 22:00
.
Před spuštěním: Volných bajtů: 66 442 588 160
Po spuštění: Volných bajtů: 70 187 749 376
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9153AFF26098BCD2FC14233FFCBFCDAA

[Rudy]

Ještě dočistíme. Přesuňte Combofix do kořenového adresáře C:\. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\documents and settings\já\Data aplikací\9A.exe
c:\documents and settings\já\Data aplikací\1B.exe
c:\documents and settings\já\Data aplikací\1C.exe
c:\documents and settings\já\Data aplikací\8F.exe
c:\documents and settings\já\Data aplikací\Nqumuz.exe

Folder::
c:\program files\BFlix

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E}]

Firefox::
FF - ProfilePath - c:\documents and settings\já\Data aplikací\Mozilla\Firefox\Profiles\6lprsxzf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100888&ba ... 270e13d08b
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100888&ba ... e13d08b&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a8960de700000000000000270e13d08b
FF - user.js: extensions.BabylonToolbar_i.hardId - a8960de700000000000000270e13d08b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Uložte rovněž do kořenového adresáře jako CFScript.txt. Pak jej myší v průzkumníku Windows přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[derrrek4]

v autoscanu se to zaseklo asi.....pres hodinu jede a nic se nedeje.

[Rudy]

Stopněte, restartujte do nouz. režimu a spusťte v něm.