Prosím o kontrolu logu,přestal jít prohlížeč Google

[misut]

Prosím o kontrolu logu,přestal jít prohlížeč Google chrome,Avira neustále něco najde,děkuji!!
Logfile of random's system information tool 1.06 (written by random/random)


Run by PC at 2010-04-26 22:34:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (35%) free of 76 GB
Total RAM: 958 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34, on 2010-04-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system\lsm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\ochrana PC\Nepoužívané odkazy plochy\RSIT.exe
C:\Program Files\trend micro\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.cz/nwshp?hl=cs&tab=wn
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup
O4 - HKLM\..\Run: [ISUSPM.EXE] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE -startup
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{F05B655F-DD1B-414B-B6AA-D0447548F817}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IpSect service (darkness) - Unknown owner - C:\WINDOWS\system\lsm.exe
O23 - Service: Služba Google Update (gupdate1cabee622e6b642) (gupdate1cabee622e6b642) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8317 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1715567821-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1715567821-839522115-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1715567821-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1715567821-839522115-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-02-13 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-08 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-01 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-01 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2010-02-13 798771]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-01 263280]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE [2010-02-10 221184]
"ISUSPM.EXE"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE [2010-02-10 221184]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-06-10 286720]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-08 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WEBTRAN"= []
"Google Update"=C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-04-26 136176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=
:\WINDOW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\Documents and Settings\PC\Dokumenty\eMule\emule.exe"="C:\Documents and Settings\PC\Dokumenty\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\PC\Plocha\Az\DCC.version2.80\DCC.exe"="C:\Documents and Settings\PC\Plocha\Az\DCC.version2.80\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Documents and Settings\PC\Plocha\Az\misut\test loga\TuneAZbox\TuneAZbox.exe"="C:\Documents and Settings\PC\Plocha\Az\misut\test loga\TuneAZbox\TuneAZbox.exe:*:Disabled: "
"C:\Program Files\telesat\CAM Wizard\AZBox CAM Wizard.exe"="C:\Program Files\telesat\CAM Wizard\AZBox CAM Wizard.exe:*:Enabled:AZBox CAM Wizard"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\PC\Plocha\share\Sharemax\ShareMax.exe"="C:\Documents and Settings\PC\Plocha\share\Sharemax\ShareMax.exe:*:Enabled:www.mohtarefen.com"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\real\realplayer\realplay.exe"="C:\Program Files\real\realplayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"D:\EasySetupAssistant\fscommand\EASYSETUPASSISTANT.EXE"="D:\EasySetupAssistant\fscommand\EASYSETUPASSISTANT.EXE:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\wmsrvc.exe"="C:\WINDOWS\system32\wmsrvc.exe:*:Enabled:DHCP Router"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4caa130c-a484-11dc-8b38-0a18f3a7d81b}]
shell\AutoRun\command - wins\winsv.exe
shell\explore\command - wins\winsv.exe
shell\open\command - wins\winsv.exe
shell\search\command - wins\winsv.exe


======List of files/folders created in the last 1 months======

2010-04-26 22:34:22 ----DC---- C:\rsit
2010-04-13 22:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-13 22:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-13 21:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-13 21:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-13 21:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-13 21:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-13 21:51:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-03-31 21:32:20 ----D---- C:\Program Files\Texas Instruments Inc
2010-03-31 15:57:54 ----A---- C:\Documents and Settings\PC\Data aplikací\inst.exe

======List of files/folders modified in the last 1 months======

2010-04-26 22:34:41 ----D---- C:\Program Files\Trend Micro
2010-04-26 22:34:29 ----D---- C:\WINDOWS\Prefetch
2010-04-26 22:33:00 ----D---- C:\Program Files\Mozilla Firefox
2010-04-26 22:31:26 ----SD---- C:\WINDOWS\Tasks
2010-04-26 22:29:29 ----D---- C:\WINDOWS\temp
2010-04-26 22:29:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-26 22:26:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-26 22:23:00 ----AC---- C:\WINDOWS\system.ini
2010-04-26 22:22:49 ----HD---- C:\WINDOWS\inf
2010-04-26 21:39:14 ----D---- C:\Documents and Settings\PC\Data aplikací\Skype
2010-04-26 21:36:31 ----D---- C:\Documents and Settings\PC\Data aplikací\LangSoft
2010-04-26 18:57:52 ----D---- C:\Program Files\Google
2010-04-26 18:13:13 ----D---- C:\WINDOWS\system32\config
2010-04-26 18:12:45 ----D---- C:\WINDOWS\system32\wbem
2010-04-26 18:12:44 ----D---- C:\WINDOWS\Registration
2010-04-26 18:12:27 ----D---- C:\WINDOWS\system32\drivers
2010-04-26 18:12:27 ----D---- C:\WINDOWS\system
2010-04-26 18:12:27 ----AD---- C:\WINDOWS
2010-04-26 17:02:21 ----D---- C:\Documents and Settings\PC\Data aplikací\skypePM
2010-04-25 11:40:53 ----SHD---- C:\System Volume Information
2010-04-25 11:40:53 ----D---- C:\WINDOWS\system32\Restore
2010-04-25 10:12:07 ----D---- C:\Inst.programy
2010-04-23 20:59:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-04-21 10:00:58 ----A---- C:\Documents and Settings\PC\Data aplikací\isfree4_0.tmp
2010-04-21 10:00:58 ----A---- C:\Documents and Settings\PC\Data aplikací\fspro2_0.tmp
2010-04-20 16:21:53 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-20 07:52:43 ----D---- C:\WINDOWS\system32
2010-04-14 18:48:41 ----SD---- C:\Documents and Settings\PC\Data aplikací\Microsoft
2010-04-14 18:44:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-13 22:02:58 ----SHD---- C:\WINDOWS\Installer
2010-04-13 22:02:58 ----DC---- C:\Config.Msi
2010-04-13 22:02:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-13 22:01:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-13 22:01:43 ----A---- C:\WINDOWS\imsins.BAK
2010-04-08 19:41:11 ----D---- C:\Program Files\Cell Phone Manager
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-05 22:55:04 ----D---- C:\Program Files\Codec Pack - All In 1
2010-03-31 21:32:20 ----RD---- C:\Program Files
2010-03-31 16:22:31 ----D---- C:\instalace
2010-03-31 16:22:29 ----D---- C:\Documents and Settings\PC\Data aplikací\Vso
2010-03-28 10:15:24 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43008]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-22 5632]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 VRVD302;VRVD302; C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-07-16 11296]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-13 56816]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-11 4015680]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-30 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-13 862922]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-06-30 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-04-13 252416]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-06-17 186592]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-30 30459]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-30 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-10-30 47875]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-10-30 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-30 67672]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-25 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2010-03-31 47360]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-25 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd2;VideoCAM Look; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndis;USB Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBBOX;Settop Box USB driver; C:\WINDOWS\System32\Drivers\USBBOX.sys [2003-12-22 16640]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-11 266295]
R2 darkness;IpSect service; C:\WINDOWS\system\lsm.exe [2010-04-25 54272]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S2 gupdate1cabee622e6b642;Služba Google Update (gupdate1cabee622e6b642); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-10 183280]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-02-10 145696]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client; c:\Program Files\webgencz\602FSVC8.EXE []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[misut]

ComboFix 10-04-26.02 - PC 2010-04-26 22:58:23.25.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.958.612 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

Nakažená kopie c:\windows\system32\drivers\redbook.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DARKNESS
-------\Service_darkness


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 20:34 . 2010-04-26 20:34 -------- dc----w- C:\rsit
2010-04-26 16:12 . 2010-04-26 16:12 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-25 20:58 . 2010-04-26 21:11 823808 ----a-w- c:\windows\system32\drivers\edkgrucm.sys
2010-03-31 19:32 . 2010-03-31 19:32 -------- d-----w- c:\program files\Texas Instruments Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 20:34 . 2008-10-12 12:32 -------- d-----w- c:\program files\Trend Micro
2010-04-26 16:57 . 2008-11-23 13:29 -------- d-----w- c:\program files\Google
2010-04-21 14:20 . 2010-02-12 23:19 676 ----a-w- c:\windows\im32st.dat
2010-04-08 17:41 . 2007-12-21 11:42 -------- d-----w- c:\program files\Cell Phone Manager
2010-04-05 20:55 . 2010-03-16 23:13 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-31 13:57 . 2007-08-31 09:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-28 08:15 . 2001-10-25 12:00 732884 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 08:15 . 2001-10-25 12:00 196636 ----a-w- c:\windows\system32\perfc005.dat
2010-03-21 21:26 . 2010-03-16 22:46 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-03-21 15:52 . 2009-02-11 17:29 -------- d-----w- c:\program files\Magic Video Converter
2010-03-16 23:14 . 2010-03-16 23:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-16 23:13 . 2010-03-16 23:13 737280 ----a-w- c:\windows\iun6002.exe
2010-03-16 22:06 . 2007-03-31 17:20 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-14 14:21 . 2009-12-30 11:11 -------- d-----w- c:\program files\iWisoft Free Video Converter
2010-03-11 22:01 . 2010-03-11 22:01 -------- d-----w- c:\program files\Common Files\Skype
2010-03-09 11:11 . 2004-08-17 13:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:55 . 2010-03-08 17:39 -------- d-----w- c:\program files\Common Files\Real
2010-03-08 17:54 . 2010-03-08 17:54 -------- d-----w- c:\program files\real
2010-03-08 17:54 . 2010-03-08 17:54 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-08 17:39 . 2006-12-11 04:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-08 17:39 . 2006-12-11 04:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-08 11:05 . 2010-03-08 11:05 -------- d-----w- c:\program files\Avira
2010-03-08 10:25 . 2010-03-08 10:25 -------- dc----w- c:\program files\r2 Studios
2010-03-08 10:25 . 2010-03-08 10:25 -------- dc----w- c:\program files\JockerSoft
2010-03-08 10:25 . 2010-03-08 10:25 -------- d-----w- c:\program files\TrendMicro
2010-03-07 23:57 . 2008-12-08 16:14 -------- d-----w- c:\program files\The KMPlayer
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 20:13 . 2009-08-06 15:25 104650 -c--a-w- c:\windows\hpoins04.dat
2010-02-17 12:09 . 2004-08-17 13:45 2192128 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 15:45 2068992 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-13 15:25 . 2010-02-12 23:32 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 04:35 . 2004-08-17 13:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 08:51 . 2007-03-02 20:29 29184 ----a-w- c:\windows\system32\sstunst2.exe
2009-06-28 18:02 . 2009-06-28 18:02 23510720 -c--a-w- c:\program files\dotnetfx.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Documents and Settings\\PC\\Dokumenty\\eMule\\emule.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\Az\\DCC.version2.80\\DCC.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\Az\\misut\\test loga\\TuneAZbox\\TuneAZbox.exe"=
"c:\\Program Files\\telesat\\CAM Wizard\\AZBox CAM Wizard.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-03-01 13696]
R1 VRVD302;VRVD302;c:\windows\system32\drivers\VRVD302.sys [2008-07-16 11296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-08 108289]
S2 gupdate1cabee622e6b642;Služba Google Update (gupdate1cabee622e6b642);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-02-23 27192]
S3 USBBOX;Settop Box USB driver;c:\windows\system32\drivers\USBBOX.sys [2007-03-13 16640]
S4 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - edkgrucm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:31]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:31]

2010-04-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1715567821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1715567821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://news.google.cz/nwshp?hl=cs&tab=wn
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F05B655F-DD1B-414B-B6AA-D0447548F817} = 62.129.50.20,85.135.32.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\a050owr4.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE
HKLM-Run-ISUSPM.EXE - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE
AddRemove-PC Translator - c:\docume~1\PC\LOCALS~1\Temp\UN32.EXE
AddRemove-Tento program nainstaluje překladač textů PC Translator 2010.25 Lite - c:\docume~1\PC\LOCALS~1\Temp\UN32.EXE
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\unyt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 23:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\edkgrucm]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-26 23:21:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-26 21:21

Před spuštěním: Volných bajtů: 27,570,987,008
Po spuštění: Volných bajtů: 27,738,701,824

- - End Of File - - 8130729A356ECC3F7F9C53936C113574

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\drivers\edkgrucm.sys

Driver::
edkgrucm

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[misut]

ComboFix 10-04-26.05 - PC 2010-04-27 21:40:59.26.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.958.513 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\windows\system32\drivers\edkgrucm.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\driVERs\edkgrucm.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EDKGRUCM
-------\Service_edkgrucm


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-27 do 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-26 20:34 . 2010-04-26 20:34 -------- dc----w- C:\rsit
2010-04-26 16:12 . 2010-04-26 16:12 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-31 19:32 . 2010-03-31 19:32 -------- d-----w- c:\program files\Texas Instruments Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 20:34 . 2008-10-12 12:32 -------- d-----w- c:\program files\Trend Micro
2010-04-26 16:57 . 2008-11-23 13:29 -------- d-----w- c:\program files\Google
2010-04-21 14:20 . 2010-02-12 23:19 676 ----a-w- c:\windows\im32st.dat
2010-04-08 17:41 . 2007-12-21 11:42 -------- d-----w- c:\program files\Cell Phone Manager
2010-04-05 20:55 . 2010-03-16 23:13 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-31 13:57 . 2007-08-31 09:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-28 08:15 . 2001-10-25 12:00 732884 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 08:15 . 2001-10-25 12:00 196636 ----a-w- c:\windows\system32\perfc005.dat
2010-03-21 21:26 . 2010-03-16 22:46 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-03-21 15:52 . 2009-02-11 17:29 -------- d-----w- c:\program files\Magic Video Converter
2010-03-16 23:14 . 2010-03-16 23:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-16 23:13 . 2010-03-16 23:13 737280 ----a-w- c:\windows\iun6002.exe
2010-03-16 22:06 . 2007-03-31 17:20 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-14 14:21 . 2009-12-30 11:11 -------- d-----w- c:\program files\iWisoft Free Video Converter
2010-03-11 22:01 . 2010-03-11 22:01 -------- d-----w- c:\program files\Common Files\Skype
2010-03-09 11:11 . 2004-08-17 13:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:55 . 2010-03-08 17:39 -------- d-----w- c:\program files\Common Files\Real
2010-03-08 17:54 . 2010-03-08 17:54 -------- d-----w- c:\program files\real
2010-03-08 17:54 . 2010-03-08 17:54 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-08 17:39 . 2006-12-11 04:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-08 17:39 . 2006-12-11 04:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-08 11:05 . 2010-03-08 11:05 -------- d-----w- c:\program files\Avira
2010-03-08 10:25 . 2010-03-08 10:25 -------- dc----w- c:\program files\r2 Studios
2010-03-08 10:25 . 2010-03-08 10:25 -------- dc----w- c:\program files\JockerSoft
2010-03-08 10:25 . 2010-03-08 10:25 -------- d-----w- c:\program files\TrendMicro
2010-03-07 23:57 . 2008-12-08 16:14 -------- d-----w- c:\program files\The KMPlayer
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 20:13 . 2009-08-06 15:25 104650 -c--a-w- c:\windows\hpoins04.dat
2010-02-17 12:09 . 2004-08-17 13:45 2192128 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 15:45 2068992 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-13 15:25 . 2010-02-12 23:32 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 04:35 . 2004-08-17 13:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 10:40 . 2007-03-01 11:21 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-10 10:40 . 2007-03-01 11:21 2724 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-01-29 08:51 . 2007-03-02 20:29 29184 ----a-w- c:\windows\system32\sstunst2.exe
2009-06-28 18:02 . 2009-06-28 18:02 23510720 -c--a-w- c:\program files\dotnetfx.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-26 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Documents and Settings\\PC\\Dokumenty\\eMule\\emule.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\Az\\DCC.version2.80\\DCC.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\Az\\misut\\test loga\\TuneAZbox\\TuneAZbox.exe"=
"c:\\Program Files\\telesat\\CAM Wizard\\AZBox CAM Wizard.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-03-01 13696]
R1 VRVD302;VRVD302;c:\windows\system32\drivers\VRVD302.sys [2008-07-16 11296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-08 108289]
S2 gupdate1cabee622e6b642;Služba Google Update (gupdate1cabee622e6b642);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-02-23 27192]
S3 USBBOX;Settop Box USB driver;c:\windows\system32\drivers\USBBOX.sys [2007-03-13 16640]
S4 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:31]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:31]

2010-04-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1715567821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1715567821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://news.google.cz/nwshp?hl=cs&tab=wn
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F05B655F-DD1B-414B-B6AA-D0447548F817} = 62.129.50.20,85.135.32.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\a050owr4.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 21:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-27 22:01:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-27 20:01
ComboFix2.txt 2010-04-26 21:21

Před spuštěním: Volných bajtů: 27,703,902,208
Po spuštění: Volných bajtů: 27,687,567,360

- - End Of File - - AFC953562B2EB8FF6DC9EDE2FFC89E8D

[Rudy]

Ještě jednou spusťte CF tímto skriptem:

Collect::
c:\windows\im32st.dat

[misut]

ComboFix 10-04-26.05 - PC 2010-04-27 22:51:03.27.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.958.465 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\windows\im32st.dat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\im32st.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-27 do 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-26 20:34 . 2010-04-26 20:34 -------- dc----w- C:\rsit
2010-04-26 16:12 . 2010-04-26 16:12 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-31 19:32 . 2010-03-31 19:32 -------- d-----w- c:\program files\Texas Instruments Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 20:34 . 2008-10-12 12:32 -------- d-----w- c:\program files\Trend Micro
2010-04-26 16:57 . 2008-11-23 13:29 -------- d-----w- c:\program files\Google
2010-04-08 17:41 . 2007-12-21 11:42 -------- d-----w- c:\program files\Cell Phone Manager
2010-04-05 20:55 . 2010-03-16 23:13 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-31 13:57 . 2007-08-31 09:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-28 08:15 . 2001-10-25 12:00 732884 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 08:15 . 2001-10-25 12:00 196636 ----a-w- c:\windows\system32\perfc005.dat
2010-03-21 21:26 . 2010-03-16 22:46 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-03-21 15:52 . 2009-02-11 17:29 -------- d-----w- c:\program files\Magic Video Converter
2010-03-16 23:14 . 2010-03-16 23:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-16 23:13 . 2010-03-16 23:13 737280 ----a-w- c:\windows\iun6002.exe
2010-03-16 22:06 . 2007-03-31 17:20 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-14 14:21 . 2009-12-30 11:11 -------- d-----w- c:\program files\iWisoft Free Video Converter
2010-03-11 22:01 . 2010-03-11 22:01 -------- d-----w- c:\program files\Common Files\Skype
2010-03-09 11:11 . 2004-08-17 13:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:55 . 2010-03-08 17:39 -------- d-----w- c:\program files\Common Files\Real
2010-03-08 17:54 . 2010-03-08 17:54 -------- d-----w- c:\program files\real
2010-03-08 17:54 . 2010-03-08 17:54 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-08 17:39 . 2006-12-11 04:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-08 17:39 . 2006-12-11 04:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-08 11:05 . 2010-03-08 11:05 -------- d-----w- c:\program files\Avira
2010-03-08 10:25 . 2010-03-08 10:25 -------- dc----w- c:\program files\r2 Studios
2010-03-08 10:25 . 2010-03-08 10:25 -------- dc----w- c:\program files\JockerSoft
2010-03-08 10:25 . 2010-03-08 10:25 -------- d-----w- c:\program files\TrendMicro
2010-03-07 23:57 . 2008-12-08 16:14 -------- d-----w- c:\program files\The KMPlayer
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 20:13 . 2009-08-06 15:25 104650 -c--a-w- c:\windows\hpoins04.dat
2010-02-17 12:09 . 2004-08-17 13:45 2192128 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 15:45 2068992 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-13 15:25 . 2010-02-12 23:32 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 04:35 . 2004-08-17 13:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 10:40 . 2007-03-01 11:21 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-10 10:40 . 2007-03-01 11:21 2724 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-01-29 08:51 . 2007-03-02 20:29 29184 ----a-w- c:\windows\system32\sstunst2.exe
2009-06-28 18:02 . 2009-06-28 18:02 23510720 -c--a-w- c:\program files\dotnetfx.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Documents and Settings\\PC\\Dokumenty\\eMule\\emule.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\Az\\DCC.version2.80\\DCC.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\Az\\misut\\test loga\\TuneAZbox\\TuneAZbox.exe"=
"c:\\Program Files\\telesat\\CAM Wizard\\AZBox CAM Wizard.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-03-01 13696]
R1 VRVD302;VRVD302;c:\windows\system32\drivers\VRVD302.sys [2008-07-16 11296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-08 108289]
S2 gupdate1cabee622e6b642;Služba Google Update (gupdate1cabee622e6b642);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-02-23 27192]
S3 USBBOX;Settop Box USB driver;c:\windows\system32\drivers\USBBOX.sys [2007-03-13 16640]
S4 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:31]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:31]

2010-04-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1715567821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1715567821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://news.google.cz/nwshp?hl=cs&tab=wn
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F05B655F-DD1B-414B-B6AA-D0447548F817} = 62.129.50.20,85.135.32.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\a050owr4.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 22:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Celkový čas: 2010-04-27 22:59:45
ComboFix-quarantined-files.txt 2010-04-27 20:59
ComboFix2.txt 2010-04-27 20:01
ComboFix3.txt 2010-04-26 21:21

Před spuštěním: Volných bajtů: 27,720,495,104
Po spuštění: Volných bajtů: 27,718,230,016

- - End Of File - - 50E9464F99773F3B99321262F6641BB3
Nahr nˇ probŘhlo ŁspŘçnŘ

[Rudy]

Log již vypadá čistý. Nastala nějaká změna?

[misut]

PC jede nyní suprově,chtěl jsem podpořit forum,je nějaká jiná možnost,než ta uvadená na str.1.Nejde bank.převodem apod. pouze stanovené možnosti??Po odpovědí mi asi zbývá SMS,ale smůla ,že jen třetina

[Rudy]

Bohužel, pouze uvedené možnosti jsou reálné.

[misut]

Díky-- SMS--

[Rudy]

Nemáte zač a za příspěvek děkujeme!