VIRY.CZ

Dobrý den, prosím o kontrolu logu, jistota je jistota.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal at 2011-01-07 18:02:28
Microsoft Windows 7 Ultimate
System drive C: has 6 GB (8%) free of 76 GB
Total RAM: 3582 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:55, on 7.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
C:\Ruzne\QIP05\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Ruzne\QIP05\qip.exe
C:\AA Staženo\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Steam] "C:\Ruzne\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [UltraSMS] C:\Utility\UltraSMS\UltraSMS.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Real Hide IP] C:\Ruzne\RealHideIP\RealHideIP.exe
O4 - HKCU\..\Run: [ICQ] "C:\Ruzne\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Ruzne\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Ruzne\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing)
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8440 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-02-12 1274160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll [2010-06-22 734512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-09 138240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll [2010-10-22 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806} - Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-02-12 1274160]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll [2010-10-22 726016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-02 98304]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-07-28 122880]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"NPSStartup"= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2010-10-22 524288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"Steam"=C:\Ruzne\Steam\Steam.exe [2010-11-17 1242448]
"UltraSMS"=C:\Utility\UltraSMS\UltraSMS.exe []
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
"Real Hide IP"=C:\Ruzne\RealHideIP\RealHideIP.exe [2010-10-02 3746544]
"ICQ"=C:\Ruzne\ICQ7.2\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-07 18:02:29 ----D---- C:\Program Files\trend micro
2011-01-07 18:02:28 ----D---- C:\rsit
2010-12-31 11:35:51 ----A---- C:\Users\Michal\AppData\Roaming\UserFlag.ini
2010-12-29 23:45:52 ----D---- C:\Users\Michal\AppData\Roaming\RealHideIP
2010-12-29 23:45:52 ----D---- C:\ProgramData\RealHideIP
2010-12-29 16:17:25 ----D---- C:\Users\Michal\AppData\Roaming\ICQ
2010-12-29 14:25:22 ----D---- C:\Windows\Downloaded Installations
2010-12-19 16:44:36 ----D---- C:\ProgramData\vsosdk
2010-12-19 16:10:21 ----D---- C:\Users\Michal\AppData\Roaming\Vso
2010-12-19 16:10:04 ----A---- C:\Windows\system32\sipr3260.dll
2010-12-19 16:10:04 ----A---- C:\Windows\system32\drv43260.dll
2010-12-19 16:10:04 ----A---- C:\Windows\system32\drv33260.dll
2010-12-19 16:10:04 ----A---- C:\Windows\system32\drv23260.dll
2010-12-19 16:10:04 ----A---- C:\Windows\system32\cook3260.dll
2010-12-19 16:10:03 ----D---- C:\Program Files\VSO
2010-12-19 16:10:03 ----A---- C:\Windows\system32\wvc1dmod.dll
2010-12-19 16:10:03 ----A---- C:\Windows\system32\vp7vfw.dll
2010-12-17 11:06:22 ----D---- C:\Users\Michal\AppData\Roaming\GetRightToGo
2010-12-16 19:58:45 ----D---- C:\Program Files\QIP
2010-12-16 19:48:44 ----D---- C:\Users\Michal\AppData\Roaming\QIP
2010-12-15 06:54:27 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 06:54:24 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 06:54:24 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 06:54:24 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 06:54:23 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 06:54:23 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 06:54:23 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 06:54:23 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 06:54:22 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 06:54:22 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 06:54:22 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 06:54:22 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 06:54:22 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 06:54:22 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 06:54:22 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 06:54:22 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 06:54:16 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 06:54:16 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 06:54:16 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 06:54:16 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 06:54:16 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 06:54:16 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 06:54:12 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 06:54:12 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 06:54:11 ----A---- C:\Windows\system32\webio.dll
2010-12-15 06:54:10 ----A---- C:\Windows\system32\consent.exe
2010-12-15 06:54:09 ----A---- C:\Windows\system32\win32k.sys
2010-12-08 09:27:41 ----D---- C:\Users\Michal\AppData\Roaming\Spacejock Software

======List of files/folders modified in the last 1 months======

2011-01-07 18:02:42 ----D---- C:\Windows\Prefetch
2011-01-07 18:02:29 ----RD---- C:\Program Files
2011-01-07 18:02:25 ----D---- C:\Windows\Temp
2011-01-07 17:54:48 ----D---- C:\AA Staženo
2011-01-07 17:46:37 ----D---- C:\Utility
2011-01-07 17:46:27 ----SHD---- C:\Windows\Installer
2011-01-07 17:46:27 ----D---- C:\Ruzne
2011-01-07 17:46:26 ----D---- C:\Windows\System32
2011-01-07 17:46:20 ----SHD---- C:\System Volume Information
2011-01-07 11:59:16 ----D---- C:\Windows\system32\config
2011-01-04 15:40:45 ----D---- C:\Windows\inf
2011-01-04 15:40:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-03 06:17:25 ----D---- C:\Windows\system32\catroot2
2010-12-31 11:36:31 ----HD---- C:\ProgramData
2010-12-31 11:08:21 ----D---- C:\Windows\system32\Tasks
2010-12-31 11:08:14 ----D---- C:\Windows
2010-12-31 11:08:13 ----D---- C:\Windows\Tasks
2010-12-29 16:17:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-25 20:34:35 ----D---- C:\Windows\system32\NDF
2010-12-24 07:16:11 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-22 11:48:43 ----D---- C:\Filmy,seriály
2010-12-16 10:45:08 ----D---- C:\Windows\rescache
2010-12-16 06:15:45 ----D---- C:\Windows\winsxs
2010-12-16 06:14:59 ----D---- C:\Windows\system32\migration
2010-12-16 06:14:59 ----D---- C:\Windows\system32\cs-CZ
2010-12-16 06:14:59 ----D---- C:\Program Files\Windows Mail
2010-12-16 06:14:59 ----D---- C:\Program Files\Internet Explorer
2010-12-16 00:15:07 ----D---- C:\ProgramData\Microsoft Help
2010-12-16 00:14:16 ----D---- C:\Windows\system32\catroot
2010-12-16 00:13:09 ----A---- C:\Windows\system32\MRT.exe
2010-12-11 18:35:15 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2010-12-11 14:01:38 ----RSD---- C:\Windows\Fonts
2010-12-11 13:47:23 ----D---- C:\Users\Michal\AppData\Roaming\gtk-2.0
2010-12-10 14:53:21 ----D---- C:\Program Files\Mozilla Firefox
2010-12-08 13:23:20 ----D---- C:\Windows\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-02 697328]
R0x01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
R0x01000000 papyjoy;papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2010-08-02 229208]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 100352]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 an4bpcpk;an4bpcpk; C:\Windows\system32\drivers\an4bpcpk.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\Windows\system32\drivers\P17xfi.sys [2006-09-25 1173504]
S3 p17xfilt;p17xfilt; C:\Windows\system32\drivers\p17xfilt.sys [2006-10-12 1587712]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-03 172032]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-10-09 75064]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-24 654848]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-11-18 403240]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]

-----------------EOF-----------------

Máte tam minimálně AdWare Pdforge. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix 11-01-07.01 - Michal 07.01.2011 20:51:09.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2495 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files\pdfforge Toolbar\IE\4.1\pdFForgetoolbarie.dll
c:\users\Michal\AppData\Local\keylog.dat
c:\windows\InRes.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-07 19:06 . 2011-01-07 19:09 -------- d-----w- C:\AA StaĹľeno
2011-01-07 17:45 . 2011-01-07 17:45 -------- d-----w- c:\program files\ICQ6Toolbar
2011-01-07 17:45 . 2011-01-07 17:45 -------- d-----w- c:\programdata\ICQ
2011-01-07 17:02 . 2011-01-07 17:02 -------- d-----w- c:\program files\trend micro
2011-01-07 17:02 . 2011-01-07 17:02 -------- d-----w- C:\rsit
2011-01-07 08:04 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C6349E0-BA90-472A-9EF2-CFAA2F175AD6}\mpengine.dll
2011-01-05 18:16 . 2010-06-09 17:55 138240 ----a-w- c:\users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2010-12-30 15:47 . 2010-12-30 15:47 -------- d-----w- c:\users\Michal\AppData\Local\Plugins
2010-12-30 15:09 . 2010-12-30 15:09 -------- d-----w- c:\users\Michal\AppData\Local\Vitalwerks
2010-12-29 22:45 . 2010-12-30 23:36 -------- d-----w- c:\programdata\RealHideIP
2010-12-29 22:45 . 2010-12-29 22:45 -------- d-----w- c:\users\Michal\AppData\Roaming\RealHideIP
2010-12-29 15:17 . 2011-01-07 18:58 -------- d-----w- c:\users\Michal\AppData\Roaming\ICQ
2010-12-29 15:17 . 2010-12-29 15:17 -------- d-----w- c:\users\Michal\AppData\Local\AOL
2010-12-29 13:25 . 2010-12-29 13:25 -------- d-----w- c:\windows\Downloaded Installations
2010-12-19 15:44 . 2010-12-19 17:47 -------- d-----w- c:\programdata\vsosdk
2010-12-19 15:10 . 2010-12-30 10:13 -------- d-----w- c:\users\Michal\AppData\Roaming\Vso
2010-12-19 15:10 . 2009-09-02 11:44 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-19 15:10 . 2009-09-02 11:44 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-19 15:10 . 2009-09-02 11:44 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-19 15:10 . 2009-09-02 11:44 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-19 15:10 . 2009-09-02 11:44 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-19 15:10 . 2010-12-19 15:10 -------- d-----w- c:\program files\VSO
2010-12-19 15:10 . 2009-09-02 11:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-19 15:10 . 2009-09-02 11:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-17 10:06 . 2010-12-17 10:14 -------- d-----w- c:\users\Michal\AppData\Roaming\GetRightToGo
2010-12-16 18:58 . 2010-12-26 10:28 -------- d-----w- c:\program files\QIP
2010-12-16 18:48 . 2010-12-16 18:48 -------- d-----w- c:\users\Michal\AppData\Roaming\QIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 10:45 . 2010-07-28 16:07 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-21 10:45 . 2010-07-28 16:10 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-21 10:45 . 2010-07-28 16:06 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-17 12:51 . 2010-11-17 12:50 967 ----a-w- c:\windows\ScUnin.pif
2010-11-17 12:51 . 2010-11-17 12:50 70656 ----a-w- c:\windows\ScUnin.exe
2010-11-10 04:33 . 2010-07-24 20:21 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2010-07-20 17:03 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Steam"="c:\ruzne\Steam\Steam.exe" [2010-11-17 1242448]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"Real Hide IP"="c:\ruzne\RealHideIP\RealHideIP.exe" [2010-10-02 3746544]
"ICQ"="c:\ruzne\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-02 697328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-10-27 247096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/xmas/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\hime5xkm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Centrum.cz Toolbar em:version=1.202.012.001 em:displayname=Centrum.cz Toolbar em:iconURL=chrome://cetrumczp/skin/logo.ico em:creator=iGeared LLC em:description=Centrum.cz Toolbar! em:homepageURL=http://www.igeared.com >: Cetrumcz@igeared - c:\program files\CentrumczToolbar\Firefox\Cetrumcz@igeared
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Real Hide IP: support@real-hide-ip.com - %profile%\extensions\support@real-hide-ip.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-UltraSMS - c:\utility\UltraSMS\UltraSMS.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-Age of Empires II Trial - c:\games\AoE II trial\UNINSTAL.EXE
AddRemove-Dostihy 3000 deluxe - c:\games\Dostihy 3000 Deluxe\uninstall.exe
AddRemove-{9799BD05-5F89-484C-008E-F5059297FB6A} - c:\games\Harry Potter and the Goblet of Fire Demo\EAUninstall.exe
AddRemove-Češtiny-Tropico v 1.2Final Cz - c:\games\Tropico\uninstall.exe

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-07 20:55:17
ComboFix-quarantined-files.txt 2011-01-07 19:55

Před spuštěním: 4 897 521 664
Po spuštění: 5 718 069 248

- - End Of File - - AC3EFCD67A28CD0BCE51C41D2CA9F741

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Common Files\Spigot\Search Settings

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Učinil jsem tak, zde je log.

ComboFix 11-01-07.01 - Michal 07.01.2011 21:27:06.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2684 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Spigot\Search Settings
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 20:29 . 2011-01-07 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-07 19:06 . 2011-01-07 19:09 -------- d-----w- C:\AA StaĹľeno
2011-01-07 17:45 . 2011-01-07 17:45 -------- d-----w- c:\program files\ICQ6Toolbar
2011-01-07 17:45 . 2011-01-07 17:45 -------- d-----w- c:\programdata\ICQ
2011-01-07 17:02 . 2011-01-07 17:02 -------- d-----w- c:\program files\trend micro
2011-01-07 17:02 . 2011-01-07 17:02 -------- d-----w- C:\rsit
2011-01-07 08:04 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C6349E0-BA90-472A-9EF2-CFAA2F175AD6}\mpengine.dll
2011-01-05 18:16 . 2010-06-09 17:55 138240 ----a-w- c:\users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2010-12-30 15:47 . 2010-12-30 15:47 -------- d-----w- c:\users\Michal\AppData\Local\Plugins
2010-12-30 15:09 . 2010-12-30 15:09 -------- d-----w- c:\users\Michal\AppData\Local\Vitalwerks
2010-12-29 22:45 . 2010-12-30 23:36 -------- d-----w- c:\programdata\RealHideIP
2010-12-29 22:45 . 2010-12-29 22:45 -------- d-----w- c:\users\Michal\AppData\Roaming\RealHideIP
2010-12-29 15:17 . 2011-01-07 18:58 -------- d-----w- c:\users\Michal\AppData\Roaming\ICQ
2010-12-29 15:17 . 2010-12-29 15:17 -------- d-----w- c:\users\Michal\AppData\Local\AOL
2010-12-29 13:25 . 2010-12-29 13:25 -------- d-----w- c:\windows\Downloaded Installations
2010-12-19 15:44 . 2010-12-19 17:47 -------- d-----w- c:\programdata\vsosdk
2010-12-19 15:10 . 2010-12-30 10:13 -------- d-----w- c:\users\Michal\AppData\Roaming\Vso
2010-12-19 15:10 . 2009-09-02 11:44 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-19 15:10 . 2009-09-02 11:44 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-19 15:10 . 2009-09-02 11:44 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-19 15:10 . 2009-09-02 11:44 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-19 15:10 . 2009-09-02 11:44 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-19 15:10 . 2010-12-19 15:10 -------- d-----w- c:\program files\VSO
2010-12-19 15:10 . 2009-09-02 11:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-19 15:10 . 2009-09-02 11:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-17 10:06 . 2010-12-17 10:14 -------- d-----w- c:\users\Michal\AppData\Roaming\GetRightToGo
2010-12-16 18:58 . 2010-12-26 10:28 -------- d-----w- c:\program files\QIP
2010-12-16 18:48 . 2010-12-16 18:48 -------- d-----w- c:\users\Michal\AppData\Roaming\QIP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 10:45 . 2010-07-28 16:07 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-21 10:45 . 2010-07-28 16:10 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-21 10:45 . 2010-07-28 16:06 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-17 12:51 . 2010-11-17 12:50 967 ----a-w- c:\windows\ScUnin.pif
2010-11-17 12:51 . 2010-11-17 12:50 70656 ----a-w- c:\windows\ScUnin.exe
2010-11-10 04:33 . 2010-07-24 20:21 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2010-07-20 17:03 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Steam"="c:\ruzne\Steam\Steam.exe" [2010-11-17 1242448]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"Real Hide IP"="c:\ruzne\RealHideIP\RealHideIP.exe" [2010-10-02 3746544]
"ICQ"="c:\ruzne\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-02 697328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-10-27 247096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/xmas/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\hime5xkm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Centrum.cz Toolbar em:version=1.202.012.001 em:displayname=Centrum.cz Toolbar em:iconURL=chrome://cetrumczp/skin/logo.ico em:creator=iGeared LLC em:description=Centrum.cz Toolbar! em:homepageURL=http://www.igeared.com >: Cetrumcz@igeared - c:\program files\CentrumczToolbar\Firefox\Cetrumcz@igeared
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Real Hide IP: support@real-hide-ip.com - %profile%\extensions\support@real-hide-ip.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Češtiny-Tropico v 1.2Final Cz - c:\games\Tropico\uninstall.exe

Log již vypadá čistý.

Tímto vám velice Děkuji, za rychlost a ochotu s vyřešením problému.

Rádo se stalo!

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu