backdoor

Zpráva

yvett23 · #1 Příspěvek od **yvett23** » 09 úno 2011 09:07

ComboFix 11-02-08.03 - IVETKA . 02. 2011 8:20.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1045.18.3001.1707 [GMT 1:00]
Running from: c:\users\IVETKA\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}
c:\program files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome\spacequery.jar
c:\program files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\install.rdf
c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}
c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome\questbrowser.jar
c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\install.rdf
c:\program files\QuestBrowser
c:\programdata\QuestBrowser
c:\users\IVETKA\AppData\Roaming\juzjf.exe
c:\users\IVETKA\AppData\Roaming\Local
c:\users\IVETKA\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\IVETKA\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\IVETKA\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\IVETKA\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\IVETKA\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\IVETKA\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\windows\nvsvc32.exe
c:\windows\system32\1778.dll
c:\windows\system32\drivers\krgpbgnxcxlbxs.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\twunk_32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_whzbvqqtoosc

((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 07:47 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CB4CAEE-0485-4955-849B-C82CF2C23531}\mpengine.dll
2011-02-09 07:45 . 2011-02-09 07:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-09 06:58 . 2011-02-09 06:58 110080 ----a-r- c:\users\IVETKA\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconF7A21AF7.exe
2011-02-09 06:58 . 2011-02-09 06:58 110080 ----a-r- c:\users\IVETKA\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconD7F16134.exe
2011-02-09 06:58 . 2011-02-09 06:58 -------- d-----w- C:\sh4ldr
2011-02-09 06:58 . 2011-02-09 06:58 -------- d-----w- c:\program files\Enigma Software Group
2011-02-09 06:58 . 2011-02-09 06:58 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-02-09 06:58 . 2011-02-09 06:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-02-07 10:03 . 2011-02-07 10:03 -------- d-----w- c:\program files\Common Files\Skype
2011-02-07 10:03 . 2011-02-07 10:03 -------- d-----r- c:\program files\Skype
2011-02-05 23:35 . 2011-02-05 23:35 18300 ----a-w- c:\windows\system32\MAI1528.tmp
2011-01-31 10:41 . 2011-01-31 10:43 -------- d-----w- c:\program files\ICQ7.4
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-28 12:36 . 2011-01-28 12:36 -------- d-----w- c:\program files\Common Files\Java
2011-01-17 15:04 . 2011-01-17 15:04 3267360 ----a-w- c:\programdata\SPL72A1.tmp
2011-01-12 05:01 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 05:01 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 05:01 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 05:01 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 05:01 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 05:01 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 05:01 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-06-09 18:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-02 06:18 . 2010-04-06 07:20 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBest.dll" [2010-03-17 2355224]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\tbNC1.dll" [2010-09-15 2735200]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-09-15 07:10 2735200 ----a-w- c:\program files\NCH\tbNC1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Best_Security_Tips\tbBest.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "c:\program files\Best_Security_Tips\tbBest.dll" [2010-03-17 2355224]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\tbNC1.dll" [2010-09-15 2735200]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "c:\program files\Best_Security_Tips\tbBest.dll" [2010-03-17 2355224]
"{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"= "c:\program files\NCH\tbNC1.dll" [2010-09-15 2735200]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-01 68856]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-01-31 119608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-02 30192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-11 1833504]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-11-04 57344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-10 862728]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-04-03 698912]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-07-06 455344]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-06-01 20480]
"Lexmark 5000 Series Fax Server"="c:\program files\Lexmark 5000 Series\fm3032.exe" [2007-07-06 307888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\IVETKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 135664]
R3 GoogleDesktopManager-051210-111108;Menedżer Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-04-03 723488]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-24 3666432]

--- Other Services/Drivers In Memory ---

*Deregistered* - rsxkprrdz

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 19:08]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 19:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{04D6D0A6-4D5D-4E5B-99E0-E76FEFF62651} - c:\windows\system32\1778.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{04D6D0A6-4D5D-4E5B-99E0-E76FEFF62651} - c:\windows\system32\1778.dll
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-QuestBrowser - c:\program files\QuestBrowser\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 08:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rsxkprrdz]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\program files\Enigma Software Group\SpyHunter\Spyhunter4.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\lxdmcoms.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-02-09 09:02:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-09 08:02

Pre-Run: 169 499 275 264 bajtów wolnych
Post-Run: 169 686 200 320 bajtów wolnych

- - End Of File - - BC6D51363F09628B17781C008AC18197

#2 Příspěvek od **vyosek** » 09 úno 2011 12:28

Zdravim a pekny den preji

Ten ComboFix Vam poradil prosim kdo

To nevite ze se ma pouzivat jen na doporuceni

Vizte "hezka" nebezpeci nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

DDS::
uStart Page = hxxp://start.icq.com/
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

Firefox::
FF - ProfilePath - c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Driver::
ICQ Service
rsxkprrdz

Folder::
c:\program files\ICQ6Toolbar

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
c:\windows\system32\MAI1528.tmp
c:\programdata\SPL72A1.tmp
c:\program files\Softonic-Eng7\tbSoft.dll
c:\program files\Best_Security_Tips\tbBest.dll
c:\program files\NCH\tbNC1.dll

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"=-
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"=-
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
[-HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]
[-HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
[-HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"=-
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"=-
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{da30eff8-ccc6-4162-a20d-67402a26a215}"=-
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"=-
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"ICQ"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"=-
"DivX Download Manager"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

yvett23 · #3 Příspěvek od **yvett23** » 09 úno 2011 19:33

bohuzel uz je ten program vymazan

spravi mi to nekde v pc servisu??

#4 Příspěvek od **vyosek** » 10 úno 2011 07:09

Servis netreba, to zvladnem tady

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe ale nespoustejte

Pak aplikujte skript pro ComboFix, jak jsem psal vyse

yvett23 · #5 Příspěvek od **yvett23** » 10 úno 2011 17:21

vyletelo mi tohle...ja nevim co to je...ale doufam ze tohle ste chteli a poradite mi

ComboFix 11-02-09.05 - IVETKA . 02. 2011 17:01:59.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1045.18.3001.1917 [GMT 1:00]
Running from: c:\users\IVETKA\Desktop\ComboFix.exe
Command switches used :: c:\users\IVETKA\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Best_Security_Tips\tbBest.dll"
"c:\program files\NCH\tbNC1.dll"
"c:\program files\Softonic-Eng7\tbSoft.dll"
"c:\programdata\SPL72A1.tmp"
"c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP"
"c:\windows\system32\MAI1528.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Best_Security_Tips\tbBest.dll
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\NCH\tbNC1.dll
c:\program files\Softonic-Eng7\tbSoft.dll
c:\programdata\SPL72A1.tmp
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitAutoCompleteSearch.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitAutoCompleteSearch.xpt
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.idl
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\ConduitToolbar.xpt
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.xpt
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.xpt
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\default_radio_skin.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults\fbAlert.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome.manifest
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome\softonic-eng7.jar
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\install.rdf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\lib\xpcom.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\manifest.mf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\zigbert.rsa
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF\zigbert.sf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.ico
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.PNG
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.src
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin\conduit.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\setup.ini
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\version.txt
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\windows\system32\MAI1528.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RSXKPRRDZ
-------\Service_ICQ Service
-------\Service_rsxkprrdz

((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-10 16:08 . 2011-02-10 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-10 10:08 . 2011-02-10 10:08 -------- d-----w- c:\windows\system32\MpEngineStore
2011-02-09 22:06 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 22:00 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 22:00 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 07:47 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CB4CAEE-0485-4955-849B-C82CF2C23531}\mpengine.dll
2011-02-09 06:58 . 2011-02-09 06:58 -------- d-----w- c:\program files\Enigma Software Group
2011-02-09 06:58 . 2011-02-09 08:10 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-02-09 06:58 . 2011-02-09 06:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-02-07 10:03 . 2011-02-07 10:03 -------- d-----w- c:\program files\Common Files\Skype
2011-02-07 10:03 . 2011-02-07 10:03 -------- d-----r- c:\program files\Skype
2011-02-05 23:40 . 2011-02-10 16:09 740352 ----a-w- c:\windows\system32\drivers\rsxkprrdz.sys
2011-01-31 10:41 . 2011-01-31 10:43 -------- d-----w- c:\program files\ICQ7.4
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-28 12:36 . 2011-01-28 12:36 -------- d-----w- c:\program files\Common Files\Java
2011-01-12 05:01 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 05:01 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 05:01 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 05:01 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 05:01 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 05:01 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 05:01 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-06-09 18:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 06:18 . 2010-04-06 07:20 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-01 68856]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-01-31 119608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-02 30192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-11 1833504]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-11-04 57344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-10 862728]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-04-03 698912]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-07-06 455344]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-06-01 20480]
"Lexmark 5000 Series Fax Server"="c:\program files\Lexmark 5000 Series\fm3032.exe" [2007-07-06 307888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

c:\users\IVETKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 135664]
R3 CFcatchme;CFcatchme;c:\users\IVETKA\AppData\Local\Temp\CFcatchme.sys [x]
R3 GoogleDesktopManager-051210-111108;Menedżer Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-04-03 723488]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-24 3666432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 19:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\IVETKA\AppData\Roaming\Mozilla\Firefox\Profiles\x6hrd467.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 17:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\lxdmcoms.exe
c:\windows\system32\conime.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\mrt.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\mrt.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-02-10 17:16:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-10 16:16

Pre-Run: 165 953 105 920 bajtów wolnych
Post-Run: 165 711 699 968 bajtów wolnych

- - End Of File - - CF558082B593CB2553B5B07D4BCCDEFC

#6 Příspěvek od **vyosek** » 10 úno 2011 18:09

Ano, tohle jsem chtel...jak se chova PC

yvett23 · #7 Příspěvek od **yvett23** » 10 úno 2011 18:40

normalne....ale mam ntb a obcas se mi zasekne touchpad...myska nereaguje..ale jinak nic

#8 Příspěvek od **vyosek** » 10 úno 2011 18:42

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Zkuste preinstalovat ovladac k touchpadu ze stranek vyrobce

yvett23 · #9 Příspěvek od **yvett23** » 11 úno 2011 11:30

dekuji moc krat...zda se ze je vsechno v poradku

#10 Příspěvek od **vyosek** » 11 úno 2011 12:02

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

backdoor

backdoor

Re: backdoor

Re: backdoor

Re: backdoor

Re: backdoor

Re: backdoor

Re: backdoor

Re: backdoor

Re: backdoor

Re: backdoor