PC spamuje :-( prosím pomoc

Zpráva

anetka.com · #1 Příspěvek od **anetka.com** » 06 úno 2011 15:10

CF:

ComboFix 11-02-05.01 - Uzivatel 06.02.2011 14:55:56.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.639.330 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081204-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-06 do 2011-02-06 )))))))))))))))))))))))))))))))
.

2011-02-06 13:12 . 2008-11-26 17:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 13:12 . 2008-11-26 17:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-06 13:12 . 2008-11-26 17:15 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-06 13:12 . 2008-11-26 17:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2011-02-06 13:12 . 2008-11-26 17:18 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-06 13:12 . 2008-11-26 17:18 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-06 13:12 . 2008-11-26 17:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 13:12 . 2008-11-26 17:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 13:12 . 2008-11-26 17:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 13:12 . 2004-01-09 09:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-02-06 13:12 . 2011-02-06 13:12 -------- d-----w- c:\program files\Alwil Software
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\Malwarebytes
2011-02-06 12:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-06 12:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-06 12:22 . 2011-02-06 14:04 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-02-06 12:17 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 10:55 . 2011-02-06 10:55 -------- d-----w- c:\program files\CCleaner
2011-02-06 10:42 . 2011-02-06 10:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-06 10:24 . 2004-08-17 14:49 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-06 10:24 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-04 18:19 . 2011-02-04 18:19 -------- d-----w- C:\3cdfc5f87a97b53e5389f1cd23
2011-01-29 17:04 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-29 17:03 . 2011-02-06 14:04 738304 ----a-w- c:\windows\system32\drivers\xdztetsph.sys
2011-01-29 16:57 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-01-29 16:57 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-01-29 16:56 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-29 16:31 . 2011-02-04 18:35 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\Nokia
2011-01-29 16:31 . 2011-01-29 16:57 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\PC Suite
2011-01-29 16:31 . 2011-02-04 18:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2011-01-29 16:30 . 2011-01-29 16:31 -------- d-----w- c:\program files\DIFX
2011-01-29 16:30 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-29 16:30 . 2011-01-29 16:30 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-29 16:29 . 2011-02-06 10:29 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-29 16:29 . 2010-07-30 13:17 111104 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-01-29 16:29 . 2010-07-30 13:17 604160 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-01-29 16:29 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-01-29 16:29 . 2010-07-30 13:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-01-29 16:29 . 2011-02-06 10:31 -------- d-----w- c:\program files\Nokia
2011-01-29 16:27 . 2011-01-29 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 14:25 . 2008-01-16 15:33 21321008 ----a-w- c:\program files\QuickTimeInstaller.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-02-06_11.30.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-06 13:44 . 2011-02-06 13:44 16384 c:\windows\temp\Perflib_Perfdata_638.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft OmniPage SE 4.0-reminder"="c:\program files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 1410600]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6qwxcs6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6qwxcs6.exe
backup=c:\windows\pss\6qwxcs6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6uu6gwx.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6uu6gwx.exe
backup=c:\windows\pss\6uu6gwx.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6ww6ii6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6ww6ii6.exe
backup=c:\windows\pss\6ww6ii6.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^9q1miid.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\9q1miid.exe
backup=c:\windows\pss\9q1miid.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^a2bhxi9e.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\a2bhxi9e.exe
backup=c:\windows\pss\a2bhxi9e.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^bww6ii6uu6g.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\bww6ii6uu6g.exe
backup=c:\windows\pss\bww6ii6uu6g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^jjfvvrhhdtt.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\jjfvvrhhdtt.exe
backup=c:\windows\pss\jjfvvrhhdtt.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^o1kggbss.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\o1kggbss.exe
backup=c:\windows\pss\o1kggbss.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^q1miiduu.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\q1miiduu.exe
backup=c:\windows\pss\q1miiduu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^vfgbhxi9e1.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\vfgbhxi9e1.exe
backup=c:\windows\pss\vfgbhxi9e1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^y6kk6ww6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\y6kk6ww6.exe
backup=c:\windows\pss\y6kk6ww6.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-08-20 12:18 88363 ----a-r- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 11:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2005-08-22 23:33 528384 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 09:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.2.2011 14:12 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.2.2011 14:12 20560]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - xdztetsph
.
Obsah adresáře 'Naplánované úlohy'

2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-falowou - c:\windows\system32\zouquissefo.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 15:04
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xdztetsph]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-02-06 15:07:06
ComboFix-quarantined-files.txt 2011-02-06 14:07
ComboFix2.txt 2011-02-06 11:32

Před spuštěním: Volných bajtů: 63 634 321 408
Po spuštění: Volných bajtů: 63 778 357 248

- - End Of File - - 8EE1DE8EEF832B226AE55A8A7E38CD03

anetka.com · #2 Příspěvek od **anetka.com** » 06 úno 2011 15:10

RSIT:

CF:Logfile of random's system information tool 1.08 (written by random/random)
Run by Uzivatel at 2011-02-06 15:08:44
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 61 GB (80%) free of 76 GB
Total RAM: 639 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:08:54, on 6.2.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\Content.IE5\PUUK28ND\RSIT[1].exe
C:\Program Files\trend micro\Uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Data aplikací\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9796290421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9796408125
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5352 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A7C4DD-B2E6-4CA0-BB6E-737A61364155}]
CHelper Class - C:\PROGRA~1\EUROTR~1\e2003i.dll [2008-01-16 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft OmniPage SE 4.0-reminder"=C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe [2006-09-26 1410600]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-30 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2003-08-20 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe [2005-08-23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6qwxcs6.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6qwxcs6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6uu6gwx.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6uu6gwx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6ww6ii6.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6ww6ii6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^9q1miid.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\9q1miid.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^a2bhxi9e.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\a2bhxi9e.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^bww6ii6uu6g.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\bww6ii6uu6g.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^jjfvvrhhdtt.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\jjfvvrhhdtt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^o1kggbss.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\o1kggbss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^q1miiduu.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\q1miiduu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^vfgbhxi9e1.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\vfgbhxi9e1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^y6kk6ww6.exe]
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\y6kk6ww6.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-02-06 15:08:44 ----D---- C:\rsit
2011-02-06 15:08:44 ----D---- C:\Program Files\trend micro
2011-02-06 15:07:07 ----A---- C:\ComboFix.txt
2011-02-06 14:12:40 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-02-06 14:12:39 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-02-06 14:12:38 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-02-06 14:12:36 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-02-06 14:12:36 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-02-06 14:12:36 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-02-06 14:12:36 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-02-06 14:12:14 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-02-06 14:12:12 ----D---- C:\Program Files\Alwil Software
2011-02-06 14:10:05 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-06 13:42:35 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\Malwarebytes
2011-02-06 13:42:31 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-06 13:42:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-02-06 13:42:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-06 13:42:27 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-06 13:22:48 ----D---- C:\WINDOWS\system32\CatRoot_bak
2011-02-06 12:32:56 ----D---- C:\WINDOWS\temp
2011-02-06 12:23:57 ----A---- C:\WINDOWS\zip.exe
2011-02-06 12:23:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-02-06 12:23:57 ----A---- C:\WINDOWS\SWSC.exe
2011-02-06 12:23:57 ----A---- C:\WINDOWS\SWREG.exe
2011-02-06 12:23:57 ----A---- C:\WINDOWS\sed.exe
2011-02-06 12:23:57 ----A---- C:\WINDOWS\PEV.exe
2011-02-06 12:23:57 ----A---- C:\WINDOWS\NIRCMD.exe
2011-02-06 12:23:57 ----A---- C:\WINDOWS\MBR.exe
2011-02-06 12:23:57 ----A---- C:\WINDOWS\grep.exe
2011-02-06 12:23:49 ----D---- C:\WINDOWS\ERDNT
2011-02-06 12:23:31 ----D---- C:\Qoobox
2011-02-06 11:55:27 ----D---- C:\Program Files\CCleaner
2011-02-06 11:42:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-02-06 11:38:33 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\Macromedia
2011-02-06 11:29:16 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2011-02-06 11:24:28 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-02-06 11:23:49 ----AH---- C:\Documents and Settings\Uzivatel\Data aplikací\HhdFJl61DD.txt
2011-02-04 19:19:24 ----D---- C:\3cdfc5f87a97b53e5389f1cd23
2011-01-29 18:04:25 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2011-01-29 18:04:23 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-01-29 18:03:06 ----A---- C:\WINDOWS\system32\drivers\xdztetsph.sys
2011-01-29 18:01:56 ----A---- C:\WINDOWS\ModemLog_Nokia 5230 USB Modem.txt
2011-01-29 17:57:24 ----A---- C:\WINDOWS\system32\drivers\usbser.sys
2011-01-29 17:56:22 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2011-01-29 17:56:14 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2011-01-29 17:31:32 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\Nokia
2011-01-29 17:31:29 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\PC Suite
2011-01-29 17:31:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2011-01-29 17:30:27 ----D---- C:\Program Files\DIFX
2011-01-29 17:30:26 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2011-01-29 17:30:17 ----D---- C:\Program Files\PC Connectivity Solution
2011-01-29 17:29:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-01-29 17:29:55 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2011-01-29 17:29:55 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2011-01-29 17:29:55 ----A---- C:\WINDOWS\system32\ccdcmbwu.dll
2011-01-29 17:29:54 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2011-01-29 17:29:53 ----D---- C:\Program Files\Nokia
2011-01-29 17:27:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations

======List of files/folders modified in the last 1 months======

2011-02-06 15:08:44 ----RD---- C:\Program Files
2011-02-06 15:04:21 ----D---- C:\WINDOWS\system32\CatRoot
2011-02-06 15:04:21 ----D---- C:\WINDOWS
2011-02-06 15:04:21 ----A---- C:\WINDOWS\system.ini
2011-02-06 15:04:19 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-06 15:04:02 ----HD---- C:\WINDOWS\inf
2011-02-06 15:00:11 ----D---- C:\WINDOWS\system32\drivers
2011-02-06 15:00:11 ----D---- C:\WINDOWS\system32
2011-02-06 15:00:10 ----D---- C:\WINDOWS\AppPatch
2011-02-06 14:59:57 ----D---- C:\Program Files\Common Files
2011-02-06 14:54:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-06 14:54:07 ----SHD---- C:\System Volume Information
2011-02-06 14:54:07 ----D---- C:\WINDOWS\system32\Restore
2011-02-06 14:44:36 ----D---- C:\WINDOWS\system32\config
2011-02-06 14:08:15 ----D---- C:\WINDOWS\pss
2011-02-06 14:07:00 ----D---- C:\WINDOWS\Minidump
2011-02-06 14:02:50 ----D---- C:\WINDOWS\WinSxS
2011-02-06 14:02:44 ----SHD---- C:\WINDOWS\Installer
2011-02-06 13:59:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2011-02-06 13:42:04 ----D---- C:\Install
2011-02-06 13:21:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-06 12:30:52 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-06 12:10:28 ----SH---- C:\boot.ini
2011-02-06 12:10:28 ----A---- C:\WINDOWS\win.ini
2011-02-06 12:10:13 ----D---- C:\WINDOWS\Prefetch
2011-02-06 11:58:56 ----D---- C:\Program Files\Winamp
2011-02-06 11:58:55 ----D---- C:\WINDOWS\Debug
2011-02-06 11:38:50 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\Adobe
2011-02-06 11:35:39 ----D---- C:\Program Files\ESET
2011-02-06 11:28:03 ----D---- C:\WINDOWS\system32\appmgmt
2011-02-06 11:24:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-04 19:19:20 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-02-02 15:47:39 ----A---- C:\WINDOWS\ka.ini
2011-01-29 18:04:14 ----D---- C:\WINDOWS\Help
2011-01-10 17:05:58 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-07-31 43872]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-12-27 278984]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-12-27 25416]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-08-20 1196908]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 catchme;catchme; \??\C:\DOCUME~1\Uzivatel\LOCALS~1\Temp\catchme.sys []
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 06 úno 2011 16:27

Zdravim a pekny den preji

Ten ComboFix Vam poradil kdo prosim

Nejak nechapu jeho pouziti kdyz stejne log jak vidno doresit neumite

Navic CF neni hracka - vizte nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6qwxcs6.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6uu6gwx.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6ww6ii6.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^9q1miid.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^a2bhxi9e.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^bww6ii6uu6g.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^jjfvvrhhdtt.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^o1kggbss.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^q1miiduu.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^vfgbhxi9e1.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^y6kk6ww6.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft OmniPage SE 4.0-reminder"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

:services
gusvc
xdztetsph

:files
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\Documents and Settings\Uzivatel\Nabídka Start\Programy\Po spuštění\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

VIRY.CZ

PC spamuje :-( prosím pomoc

PC spamuje :-( prosím pomoc

Re: PC spamuje :-(

Re: PC spamuje :-( prosím pomoc