Mal som proble s virmi prosim o kontrolu dakujem

[wodnicek]

ComboFix 11-04-03.01 - Oleg 1. VElky . 04. 2011 0:29.1.2 - x86
Windows Windows Vista™ Extreme Edition R2 6.0.6001.1.1250.421.1033.18.2047.820 [GMT 2:00]
Running from: c:\users\Oleg 1. VElky\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Error Repair Professional
c:\program files\Error Repair Professional\Backups\Backup_18-35-9_20-2-2010.reg
c:\program files\Error Repair Professional\Backups\Backup_18-38-24_20-2-2010.reg
c:\program files\Error Repair Professional\Dataprogs.dat
c:\program files\Error Repair Professional\unins000.dat
c:\program files\Error Repair Professional\unins000.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Error Repair Professional
c:\programdata\Microsoft\Windows\Start Menu\Programs\Error Repair Professional\Error Repair Professional.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Error Repair Professional\Uninstall Error Repair Professional.lnk
c:\users\Oleg 1. VElky\AppData\Roaming\AdVantage
c:\users\Oleg 1. VElky\AppData\Roaming\inst.exe
c:\users\Oleg 1. VElky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\long range shooting
c:\windows\long range shooting
c:\windows\long range shooting \uninstall.exe
c:\windows\Lzania.exe
c:\windows\system32\logs
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hjgruiurmvdiwx
-------\Legacy_MPR_FREADER
-------\Service_hjgruiurmvdiwx
-------\Service_mpr_freader
-------\Service_WMPNetworkSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-03 22:56 . 2011-04-03 22:56 -------- d-----w- c:\users\siet\AppData\Local\temp
2011-04-03 22:56 . 2011-04-03 22:56 -------- d-----w- c:\users\OLEG1~1~VEL\AppData\Local\temp
2011-04-03 22:56 . 2011-04-03 22:56 -------- d-----w- c:\users\maminka\AppData\Local\temp
2011-04-03 22:56 . 2011-04-03 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-03 17:52 . 2010-02-08 20:59 56200 ----a-w- c:\windows\system32\offreg.dll
2011-04-03 16:25 . 2008-12-09 08:59 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-04-03 16:24 . 2011-03-15 13:24 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2011-04-03 16:24 . 2011-03-15 13:21 2234552 ----a-w- c:\windows\system32\Incinerator.dll
2011-04-03 16:24 . 2010-09-23 11:29 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2011-04-03 16:24 . 2010-06-29 16:30 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2011-04-03 16:24 . 2011-03-15 13:23 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-04-03 16:24 . 2011-03-15 13:23 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-04-03 16:24 . 2011-04-03 16:24 -------- d-----w- c:\program files\iolo
2011-04-03 02:14 . 2011-04-03 02:14 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-04-03 02:14 . 2011-04-03 18:04 -------- d-----w- c:\programdata\iolo
2011-04-03 02:14 . 2011-04-03 16:27 -------- d-----w- c:\users\Oleg 1. VElky\AppData\Roaming\iolo
2011-04-03 01:20 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-04-02 23:33 . 2011-04-02 23:33 -------- d-----w- c:\program files\YourWare Solutions
2011-04-02 23:25 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1B08C70-14BC-4226-9761-B7F93A4EFE62}\mpengine.dll
2011-04-02 19:54 . 2011-04-02 19:54 -------- d-----w- c:\program files\3dGirlz
2011-03-22 14:30 . 2011-03-22 14:30 -------- d-----w- c:\users\Oleg 1. VElky\AppData\Local\DOSBox
2011-03-22 14:30 . 2011-03-22 14:31 -------- d-----w- c:\program files\DOSBox-0.73
2011-03-15 00:00 . 2011-03-15 00:00 -------- d-----w- c:\program files\Polda 5
2011-03-14 17:05 . 2011-03-14 17:05 -------- d-----w- c:\users\Oleg 1. VElky\AppData\Roaming\GlarySoft
2011-03-14 16:28 . 2011-03-14 16:28 -------- d-----w- c:\program files\Glary Utilities
2011-03-14 15:58 . 2011-03-29 18:53 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-03-14 15:48 . 2011-04-03 22:01 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-03-14 15:48 . 2011-03-14 15:48 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-03-14 15:48 . 2010-05-06 12:44 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-03-07 01:36 . 2011-03-07 01:37 -------- d-----w- c:\users\Oleg 1. VElky\AppData\Roaming\HD Tune Pro
2011-03-07 01:34 . 2011-03-07 01:34 -------- d-----w- c:\program files\HD Tune Pro
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-03 20:14 . 2010-01-10 02:48 2 --shatr- c:\windows\winstart.bat
2011-02-07 16:00 . 2011-02-07 16:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-07 15:33 . 2011-02-07 15:33 218176 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-02 20:40 . 2010-04-18 21:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2010-09-07 23:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 04:02 . 2011-01-20 03:59 17702182 ----a-w- c:\windows\REGBK01.ZIP
2008-02-14 13:23 . 2008-02-14 13:23 231944 ----a-w- c:\program files\gwflash.exe
2007-09-21 18:42 . 2007-09-21 18:42 19008 ----a-w- c:\program files\markfun.a64
2007-08-21 18:49 . 2007-08-21 18:49 125504 ----a-w- c:\program files\MarkFunDrv.dll
2007-08-21 18:49 . 2007-08-21 18:49 17912 ----a-w- c:\program files\markfun.w32
2007-03-02 03:48 . 2007-03-02 03:48 240448 ----a-w- c:\program files\gwf32.exe
2006-11-23 22:47 . 2006-11-23 22:47 207680 ----a-w- c:\program files\BIOS_Run.exe
2006-11-23 22:40 . 2006-11-23 22:40 60224 ----a-w- c:\program files\HUADRV.DLL
2005-04-27 18:40 . 2005-04-27 18:40 6800 ----a-w- c:\program files\W95_HUA.vxd
.
.
------- Sigcheck -------
.
[-] 2008-01-26 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[-] 2008-01-26 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\4shared.com\tb4sha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-12-20 697856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2011-03-16 594200]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.22\RivaTunerWrapper.exe" [2008-12-29 24576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-05-13 941320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-03-15 434360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\readreg" [X]
.
c:\users\Oleg 1. VElky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RivaTuner.lnk - c:\program files\RivaTuner v2.22\RivaTunerWrapper.exe [2008-12-29 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"DisableUserAccessControl"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll" [2008-04-05 90112]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0Partizan\0
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LAN Chat.lnk]
backup=c:\windows\pss\LAN Chat.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Oleg 1. VElky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
2009-10-22 14:12 1457344 ----a-w- c:\program files\PC Security Tweaker\newlock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
2010-04-23 00:36 3145408 ----a-w- c:\program files\Hard Drive Inspector\HDInspector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:21 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:33 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BestCrypt Volume Encryption"="c:\program files\Jetico\BestCrypt Volume Encryption\bcfmgr.exe" MountAtLogon
"EasyTuneV"=c:\program files\Gigabyte\ET5\ETcall.exe
"Flashget"=c:\program files\FlashGet\flashget.exe /min
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"Eraser"="c:\progra~1\Eraser\Eraser.exe" --atRestart
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"avast5"=c:\progra~1\ALWILS~1\Avast5\avastUI.exe /nogui
"DownloadStudio"=c:\program files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe"
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
"Teleport Scheduler"="c:\program files\Teleport Pro\scheduler.exe" /s
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 aswSnx;aswSnx; [x]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
R2 ACDZone;ArchiCrypt SecureDZone Driver;c:\windows\system32\drivers\ACDZone.sys [2005-05-25 64384]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2007-09-19 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 bcfnt;bcfnt;c:\program files\Jetico\BestCrypt Volume Encryption\x32\bcfnt.sys [2008-10-24 189672]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 DfSdkS;Defragmentation-Service;t:\praca\New Folder\Ashampoo WinOptimizer 8\DfsdkS.exe [2009-08-24 406016]
R3 IAMT03;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamt03.sys [2007-04-11 40848]
R3 IAMTV;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamtv.sys [2007-04-11 38288]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5\markfun.w32 [2009-01-11 17912]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 PsSdk31;PsSdk31;c:\windows\system32\Drivers\pssdk31.drv [2010-01-09 30272]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2011-03-29 24416]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-03-11 153736]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
R4 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.sys [2007-01-12 93056]
R4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [2007-03-23 10368]
R4 hptmv;hptmv;c:\windows\system32\drivers\hptmv.sys [2006-09-27 71968]
R4 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamtxp.sys [2007-04-11 47496]
R4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\system32\drivers\ioatdma.sys [2008-01-18 36480]
R4 iSSetup;Intel(R) PRO/1000 iSCSI Setup Driver;c:\windows\system32\drivers\issetup.sys [2007-06-19 75672]
R4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2006-07-20 104320]
R4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [2006-07-19 211072]
R4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-07-04 52480]
R4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2006-11-14 13056]
R4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-05-25 137728]
R4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\nbv834x.sys [2008-10-19 104992]
R4 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [2007-06-12 90400]
R4 rr2522;rr2522;c:\windows\system32\drivers\rr2522.sys [2007-07-02 112160]
R4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2007-02-01 110128]
R4 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\si3114.sys [2006-11-10 68912]
R4 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\si3124.sys [2006-11-02 76208]
R4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\si3124r5.sys [2006-09-20 207152]
R4 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\si3531.sys [2007-06-01 210736]
R4 ViBus;ViBus;c:\windows\system32\drivers\vibus.sys [2008-04-15 20632]
R4 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\viprt.sys [2008-04-15 56984]
R4 WinTVCIUSB;Hauppauge WinTV-CI USB (11xxx);c:\windows\system32\drivers\hcw11.sys [2008-02-28 91136]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-07 218176]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S1 fsh;fsh; [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 41456]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-04 51792]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2009-10-22 1457344]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-15 724152]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-15 724152]
S2 PStrip;PStrip;c:\windows\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSIC891.tmp [2010-02-11 189760]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 USBDLM;USBDLM;c:\users\Oleg 1. VElky\Desktop\New Folder (3)\USBDLM.exe [2008-12-03 157184]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-03-14 35816]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-03-14 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyServer = 188.138.40.122:8080
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
FF - ProfilePath - c:\users\Oleg 1. VElky\AppData\Roaming\Mozilla\Firefox\Profiles\42ht030l.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/|http://start.icq.com/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - Ext: Firefox Companion for eBay: {62760FD6-B943-48C9-AB09-F99C6FE96088} - c:\program files\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
HKCU-Run-Metropolis - c:\windows\system32\sshnas21.dll
HKLM-Run-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe
AddRemove-InstantInvoice 3_is1 - h:\firma\Programy\instalacky\Fakturacia\InstInv\unins000.exe
AddRemove-long range shooting - c:\windows\long range shooting \uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-04 01:04
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSIC891.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3413807897-2998089790-1354432449-1000\Software\SecuROM\License information*]
"datasecu"=hex:37,52,f9,d3,16,91,ea,a5,96,7e,d3,32,66,97,b8,07,7f,ea,72,ed,03,
7a,1a,31,af,6e,50,ba,be,ea,5f,cf,8d,2a,89,fb,8e,30,6d,90,e7,53,e0,5c,51,4f,\
"rkeysecu"=hex:65,18,48,8e,28,49,90,6b,b5,75,cc,af,3d,1e,4d,fa
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4556)
c:\program files\FileZilla FTP Client\fzshellext.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
.
**************************************************************************
.
Completion time: 2011-04-04 01:19:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-03 23:19
.
Pre-Run: 3 952 103 424 bytes free
Post-Run: 3 357 945 856 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5
- - End Of File - - 7EF38412B70E65032CC67847FE25151E

[Roli]

Zdravím, pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

FireFox:: 
FF - ProfilePath - c:\users\Oleg 1. VElky\AppData\Roaming\Mozilla\Firefox\Profiles\42ht030l.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/|http://start.icq.com/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci