VIRY.CZ

Prosim prosim

Logfile of random's system information tool 1.09 (written by random/random)
Run by Katka at 2011-07-26 09:30:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 99 GB (69%) free of 142 GB
Total RAM: 1014 MB (16% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Katka\Data aplikací\Mozilla\Firefox\Profiles\w6dh4z21.default

prefs.js - "browser.startup.homepage" -  "chrome://speeddial/content/speeddial.xul"
prefs.js - "extensions.enabledItems" -  "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {64161300-e22b-11db-8314-0800200c9a66}:0.9.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{3f963a5b-e555-4543-90e2-c3908898db71}"=C:\Program Files\AVG9\Firefox
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
npnul32.dll
NPOFFICE.DLL
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
googledesktop.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Katka\Data aplikací\Mozilla\Firefox\Profiles\w6dh4z21.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{64161300-e22b-11db-8314-0800200c9a66}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG9\avgssie.dll [2010-12-27 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-12-18 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-19 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-12-18 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-20 817672]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-05-01 137752]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-05-01 354840]
"PersistenceThread"=C:\WINDOWS\system32\PersistenceThread.exe [2009-05-01 92696]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-27 1434920]
"PLFSetI"=C:\WINDOWS\PLFSetI.exe []
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-10-17 91432]
"AVG9_TRAY"=C:\PROGRA~1\AVG9\avgtray.exe [2011-03-14 2071904]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-24 30192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-18 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-06 26102056]
""= []
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]
"FXWD6M2DFK"=C:\WINDOWS\system32\sshnas21.dll,GetHandle []
"B7GGEY1ZRR"=C:\DOCUME~1\Katka\LOCALS~1\Temp\Dgr.exe []
"5SK3BLHWHC"=C:\WINDOWS\Dhugyb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-24 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
C:\Program Files\Acer\WR_PopUp\ProductReg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-28 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-18 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE  []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-30 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igdlogin]
C:\WINDOWS\system32\igdlogin.dll [2009-04-28 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\AVG9\avgupd.exe"="C:\Program Files\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG9\avgnsx.exe"="C:\Program Files\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Acer\Acer VCM\VC.exe"="C:\Program Files\Acer\Acer VCM\VC.exe:*:Enabled:Acer Video Quality Enhancement"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-26 09:30:45 ----D---- C:\Program Files\trend micro
2011-07-26 09:30:44 ----D---- C:\rsit
2011-07-25 18:30:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-25 18:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-24 23:04:03 ----A---- C:\WINDOWS\system32\svchostmgrmgrmgrmgrmgr.exe
2011-07-24 23:04:03 ----A---- C:\WINDOWS\system32\servicesmgrmgrmgrmgrmgrmgrmgrmgrmgrmgr.exe
2011-07-24 23:04:02 ----A---- C:\WINDOWS\system32\svchostmgrmgrmgrmgr.exe
2011-07-24 23:04:02 ----A---- C:\WINDOWS\system32\svchostmgrmgrmgr.exe
2011-07-24 23:04:02 ----A---- C:\WINDOWS\system32\servicesmgrmgrmgrmgrmgrmgrmgrmgrmgr.exe
2011-07-24 23:04:02 ----A---- C:\WINDOWS\system32\servicesmgrmgrmgrmgrmgrmgrmgrmgr.exe
2011-07-24 23:04:02 ----A---- C:\WINDOWS\system32\lsassmgrmgrmgrmgrmgrmgrmgrmgr.exe
2011-07-24 23:04:02 ----A---- C:\WINDOWS\system32\lsassmgrmgrmgrmgrmgrmgrmgr.exe
2011-07-24 23:04:00 ----A---- C:\WINDOWS\system32\svchostmgrmgr.exe
2011-07-24 23:04:00 ----A---- C:\WINDOWS\system32\servicesmgrmgrmgrmgrmgrmgrmgr.exe
2011-07-24 23:03:59 ----A---- C:\WINDOWS\system32\svchostmgr.exe
2011-07-24 23:03:59 ----A---- C:\WINDOWS\system32\servicesmgrmgrmgrmgrmgrmgr.exe
2011-07-24 23:03:59 ----A---- C:\WINDOWS\system32\lsassmgrmgrmgrmgrmgr.exe
2011-07-24 23:03:59 ----A---- C:\WINDOWS\system32\logonuimgr.exe
2011-07-24 23:03:58 ----A---- C:\WINDOWS\system32\servicesmgrmgrmgrmgrmgr.exe
2011-07-24 23:03:58 ----A---- C:\WINDOWS\system32\lsassmgrmgrmgrmgr.exe
2011-07-24 23:03:57 ----A---- C:\WINDOWS\system32\servicesmgrmgrmgrmgr.exe
2011-07-24 23:03:57 ----A---- C:\WINDOWS\system32\lsassmgrmgrmgr.exe
2011-07-24 23:03:56 ----A---- C:\WINDOWS\system32\servicesmgrmgrmgr.exe
2011-07-24 23:03:56 ----A---- C:\WINDOWS\system32\servicesmgrmgr.exe
2011-07-24 23:03:56 ----A---- C:\WINDOWS\system32\servicesmgr.exe
2011-07-24 23:03:56 ----A---- C:\WINDOWS\system32\lsassmgrmgr.exe
2011-07-24 23:03:56 ----A---- C:\WINDOWS\system32\lsassmgr.exe
2011-07-11 19:43:00 ----A---- C:\WINDOWS\system32\0.29662047785360734.exe
2011-07-11 19:42:10 ----A---- C:\WINDOWS\system32\0.3221266549287469.exe
2011-07-11 19:09:45 ----A---- C:\WINDOWS\Dhugya.exe
2011-07-11 19:07:25 ----D---- C:\Program Files\win
2011-07-11 16:20:31 ----D---- C:\Program Files\lyninttd
2011-07-11 16:19:57 ----A---- C:\WINDOWS\system32\0.5725883209994385.exe
2011-06-28 12:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-06-28 12:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-27 23:29:06 ----D---- C:\WINDOWS\ServicePackFiles
2011-06-27 23:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2491683$
2011-06-27 23:28:10 ----A---- C:\WINDOWS\system32\MRT.INI

======List of files/folders modified in the last 1 month======

2011-07-26 09:30:45 ----RD---- C:\Program Files
2011-07-26 09:29:28 ----HD---- C:\WINDOWS\inf
2011-07-26 09:29:27 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 09:23:23 ----D---- C:\WINDOWS\Temp
2011-07-26 09:18:50 ----D---- C:\Documents and Settings\Katka\Data aplikací\Skype
2011-07-26 09:18:17 ----D---- C:\Documents and Settings\Katka\Data aplikací\skypePM
2011-07-25 23:38:00 ----D---- C:\Documents and Settings\Katka\Data aplikací\vlc
2011-07-25 23:37:56 ----D---- C:\Documents and Settings\Katka\Data aplikací\dvdcss
2011-07-25 21:16:25 ----AD---- C:\WINDOWS\system32
2011-07-25 21:16:07 ----D---- C:\WINDOWS\system32\ias
2011-07-25 21:15:50 ----D---- C:\WINDOWS
2011-07-25 21:15:39 ----A---- C:\WINDOWS\ModemLog_PC Connectivity Bluetooth Modem.txt
2011-07-25 21:14:52 ----D---- C:\WINDOWS\system32\drivers
2011-07-25 18:30:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-25 18:20:41 ----D---- C:\Program Files\Windows Media Player
2011-07-25 18:03:46 ----SHD---- C:\WINDOWS\Installer
2011-07-25 18:03:03 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-25 18:02:47 ----D---- C:\Program Files\Common Files\DESIGNER
2011-07-25 18:02:16 ----A---- C:\WINDOWS\imsins.BAK
2011-07-25 18:00:53 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-25 17:37:33 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-07-24 23:04:03 ----D---- C:\Program Files\Internet Explorer
2011-07-24 23:02:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-24 22:15:34 ----D---- C:\Program Files\QuickTime
2011-07-24 22:14:34 ----D---- C:\Program Files\OpenOffice.org 3
2011-07-24 21:58:35 ----D---- C:\Program Files\Outlook Express
2011-07-24 21:45:16 ----D---- C:\Program Files\NetMeeting
2011-07-24 21:44:44 ----D---- C:\Program Files\Microsoft Works
2011-07-24 21:44:25 ----D---- C:\Program Files\Movie Maker
2011-07-24 21:41:13 ----D---- C:\Program Files\Microsoft Office Suite Activation Assistant
2011-07-24 20:50:00 ----D---- C:\Program Files\AVG9
2011-07-24 17:15:55 ----SD---- C:\WINDOWS\Tasks
2011-07-24 11:15:06 ----D---- C:\Program Files\Launch Manager
2011-07-24 11:12:34 ----D---- C:\Program Files\IrfanView
2011-07-24 11:12:05 ----D---- C:\Program Files\ICQ6.5
2011-07-24 10:30:48 ----HD---- C:\Recycle.Bin
2011-07-20 16:49:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\eSobi
2011-07-20 16:49:29 ----D---- C:\Documents and Settings\Katka\Data aplikací\eSobi
2011-07-19 13:49:29 ----D---- C:\Program Files\Common Files\CyberLink
2011-07-19 13:49:28 ----D---- C:\Program Files\Codec Pack - All In 1
2011-07-19 13:45:13 ----D---- C:\i386
2011-07-18 22:15:51 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-18 22:15:08 ----RSD---- C:\WINDOWS\assembly
2011-07-18 21:43:41 ----A---- C:\WINDOWS\ModemLog_Modem Bluetooth.txt
2011-07-18 21:25:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-18 21:23:59 ----D---- C:\WINDOWS\WinSxS
2011-07-11 19:49:31 ----D---- C:\Program Files\Mozilla Firefox
2011-07-11 16:54:29 ----D---- C:\Book
2011-07-11 16:47:06 ----HD---- C:\$AVG
2011-07-07 22:53:52 ----SHD---- C:\Documents and Settings\Katka\Data aplikací\.#
2011-07-06 15:57:33 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2011-07-06 11:12:25 ----D---- C:\VALUEADD
2011-06-28 12:29:40 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-27 23:28:26 ----D---- C:\WINDOWS\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-30 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-08 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2011-05-03 243152]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-02-20 1952512]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-05 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-04-16 991136]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2009-05-11 56992]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 igd;igd; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-04-28 5096544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-29 5870080]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-16 132480]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-27 205360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2007-11-14 100992]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-06-19 533024]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-25 156816]
S3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-02-05 37032]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-06-19 45984]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 Micorsoft Windows Service;Micorsoft Windows Service; \??\C:\DOCUME~1\Katka\LOCALS~1\Temp\bqdcxtvg.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-03-12 164864]
S3 RtsUIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys []
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG9\avgwdsvc.exe [2010-07-30 308136]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-06-20 349528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-28 153376]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-24 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-18 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Diky

Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Ze mu to ale trvalo....

Kód: Vybrat vše

ComboFix 11-07-26.02 - Katka 26.07.2011  10:18:49.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.420.1029.18.1014.143 [GMT 2:00]
Spuštěný z: c:\documents and settings\Katka\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\IEXPLOREmgr.exe
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\0.29662047785360734.exe
c:\windows\system32\0.3221266549287469.exe
c:\windows\system32\0.5725883209994385.exe
c:\windows\system32\config\systemprofile\Nabídka Start\Programy\Po spuštění\tccuxwat.exe
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-06-26 do 2011-07-26  )))))))))))))))))))))))))))))))
.
.
2011-07-26 07:30 . 2011-07-26 07:30	--------	d-----w-	c:\program files\trend micro
2011-07-26 07:30 . 2011-07-26 07:30	--------	d-----w-	C:\rsit
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\svchostmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\servicesmgrmgrmgrmgrmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\lsassmgrmgrmgrmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\servicesmgrmgrmgrmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\lsassmgrmgrmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\servicesmgrmgrmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\lsassmgrmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\servicesmgrmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\servicesmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\servicesmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\lsassmgrmgr.exe
2011-07-24 21:03 . 2011-07-24 21:03	83843	----a-w-	c:\windows\system32\lsassmgr.exe
2011-07-11 17:48 . 2011-07-11 17:48	--------	d-----w-	c:\documents and settings\NetworkService\Dokumenty
2011-07-11 17:09 . 2011-07-11 17:08	218624	----a-w-	c:\windows\Dhugya.exe
2011-07-11 17:07 . 2011-07-11 17:57	--------	d-----w-	c:\program files\win
2011-07-11 14:20 . 2011-07-24 21:04	--------	d-----w-	c:\program files\lyninttd
2011-07-11 14:19 . 2011-07-11 17:48	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Data aplikací\Adobe
2011-06-27 21:29 . 2011-06-27 21:29	--------	d-----w-	c:\windows\ServicePackFiles
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2009-07-30 07:44	1858944	----a-w-	c:\windows\system32\win32k.sys
2011-05-03 20:16 . 2009-12-28 21:51	243152	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2011-05-02 15:32 . 2009-07-29 22:09	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2009-07-30 07:44	151552	----a-w-	c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2009-07-30 07:43	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-19 16:09 . 2011-04-19 16:09	95999192	----a-w-	c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"AVG9_TRAY"="c:\progra~1\AVG9\avgtray.exe" [2011-03-14 2071904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-30 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-30 18:00	12536	----a-w-	c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44	65536	----a-w-	c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Katka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-07-24 20:51	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33	141600	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36	50472	------w-	c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-28 21:13	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-18 14:18	39408	------w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28.12.2009 23:51 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28.12.2009 23:51 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG9\avgwdsvc.exe [30.7.2010 20:00 308136]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30.7.2009 3:59 237568]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [30.7.2009 2:40 5096544]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [10.1.2010 19:42 100992]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.7.2009 2:46 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [30.7.2009 2:50 30192]
S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\Katka\LOCALS~1\Temp\bqdcxtvg.sys --> c:\docume~1\Katka\LOCALS~1\Temp\bqdcxtvg.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [30.7.2009 2:32 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=ao751h&r=0xph12091716l0363wui5w47m15601
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 93.153.117.1 62.141.0.2
FF - ProfilePath - c:\documents and settings\Katka\Data aplikací\Mozilla\Firefox\Profiles\9dxrpgui.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-FXWD6M2DFK - c:\windows\system32\sshnas21.dll
HKCU-Run-5SK3BLHWHC - c:\windows\Dhugyb.exe
HKLM-Run-PLFSetI - c:\windows\PLFSetI.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ProductReg - c:\program files\Acer\WR_PopUp\ProductReg.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-Google Desktop - c:\program files\Google\Google Desktop Search\GoogleDesktopSetup.exe
AddRemove-InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} - c:\program files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe
AddRemove-IrfanView - c:\program files\IrfanView\iv_uninstall.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-{047F790A-7A2A-4B6A-AD02-38092BA63DAC} - c:\program files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_9697BEF16D815157.exe
AddRemove-{60DE4033-9503-48D1-A483-7846BD217CA9} - c:\program files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
AddRemove-{C9BED750-1211-4480-B1A5-718A3BE15525} - c:\program files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 10:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...  
.
skenování skrytých položek 'Po spuštění' ... 
.
skenování skrytých souborů ...  
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543216L9SA00 rev.FB2OC40C -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8654A439]<< 
c:\docume~1\Katka\LOCALS~1\Temp\catchme.sys  
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x865507d0]; MOV EAX, [0x8655084c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86564AB8]
3 CLASSPNP[0xF75FDFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000062[0x865659E8]
5 ACPI[0xF7494620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86570940]
\Driver\atapi[0x865D1270] -> IRP_MJ_CREATE -> 0x8654A439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS543216L9SA00_________________FB2OC40C#39303830373142463232313043355645444b414e#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8654A27F
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
Celkový čas: 2011-07-26  10:50:40
ComboFix-quarantined-files.txt  2011-07-26 08:50
.
Před spuštěním: Volných bajtů: 103 475 191 808
Po spuštění: Volných bajtů: 107 619 913 728
.
- - End Of File - - 664DBB63C6176F58CE920D6C411C2AD2

Trochu me tu znepokojuje hlaska "Warning: possible TDL3 rootkit infection !", ale snad je to jen planej poplach...

Notas se chova v celku normalne, ale nesel spustit napriklad adobe reader (chybejici dll) nebo FireFox. Problem vyresila jejich opetovna instalace, jen IE spustit nejde dal...

edit: Vtipne jsou take soubory typu "c:\windows\system32\servicesmgrmgrmgrmgrmgrmgr.exe"

Projel jsem ntb AVG antivirem a vysledek byl takovy, ze snad polovina systemu je zavirovana, vcetne nekterych preinstal souboru, MS Office, Open Office, Nokia ovi, VLC player, ovldacae ke zvukovce a BT...

Rikam si, jestli nebude lepsi reinstal systemu :/

Ano, TDL rootkit tam prvděpodobně je, ale budeme, pokud nám to situace dovolí, ho řešit později. PC je značně zavirován, a budeme rádi, když nám při opdvirování nespadne, nebo se nepoškodí systém. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\svchostmgr.exe
c:\windows\system32\servicesmgrmgrmgrmgrmgrmgr.exe
c:\windows\system32\lsassmgrmgrmgrmgrmgr.exe
c:\windows\system32\servicesmgrmgrmgrmgrmgr.exe
c:\windows\system32\lsassmgrmgrmgrmgr.exe
c:\windows\system32\servicesmgrmgrmgrmgr.exe
c:\windows\system32\lsassmgrmgrmgr.exe
c:\windows\system32\servicesmgrmgrmgr.exe
c:\windows\system32\servicesmgrmgr.exe
c:\windows\system32\servicesmgr.exe
c:\windows\system32\lsassmgrmgr.exe
c:\windows\system32\lsassmgr.exe
c:\windows\Dhugya.exe

DirLook::
c:\program files\win
c:\program files\lyninttd

Uložte na plochu jako CFSCript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

http://img517.imageshack.us/img517/8662 ... t10uc2.gif

Jdu na to.
Vy tady tedka budete nejak delsi dobu? Vycitit PC bych z urcitych duvodu potreboval co nejrychleji, takze jestli se to netihne do nejakych 16 hodin, rovnou bych prikrocil k reinstalaci

Do 16hod tu určitě nebudu. Mám sice volno, ale v něm si ještě přivydělávám.

Tak ja se jeste zeptam k tomu TDL viru a pustim se do preinstalovani systemu...
Odstrani se pouhou reinstalaci a nebo je to jedna z tech potvurek, na kterou je potreba special nastroj popripade format disku?

Tlacim na to proto, ze k veceru nebudu mit cas a zitra notas bude potreba. Viry se projevi vzdy v tu nejhorsi dobu :/

Většinou ho lze odstranit pomocí TDSSkilleru: http://support.kaspersky.com/downloads/ ... killer.exe . Pokud budete přeinstalovávat, format nestačí, musíte smazat partici, znovu ji vytvořit a pak disk zformatovat. TDLRootkit se totiž usazuje v master boot record.

Kdyz uz budu system reinstalovat, tak smazani partition a jeji opetovne vytvoreni bude celkem jednoducha vec...
Diky za rady

Instalátor by vám měl ty kroky nabídnout.

Urcite je nabidne, to vim.
Ja to ale sfouknu na jinym PC, kde budu z vymontovaneho HDD zalohovat data. Jen doufam, ze se ta bestie neprestehuje i tam...

Pak si otevřte přes Tento počítač>(pravým myšítkem) spravovat>správa disků okno, ve kterém najdete všechny disky. Po klik pravým myšítkem na příslušný disk se otevře roletové menu, kde najdete příslušné nástroje.

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu