VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kosťa at 2011-11-06 11:06:16
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 113 GB (74%) free of 153 GB
Total RAM: 511 MB (45% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Kosťa\Data aplikací\Mozilla\Firefox\Profiles\sar668n9.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://seznam.cz/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4, {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {20a82645-c095-46ed-80e3-08825760534b}:1.1, splitpannel@max.max:0.8.6, cs@dictionaries.addons.mozilla.org:1.0.1, {04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}:4.0.1, {239c61a8-e55f-11db-8314-0800200c9a66}:2.0.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6, {57407AE0-868F-11DC-AD21-49A755D89593}:3.0.0, {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.08"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... id=afex&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutRights.js
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
nprpjplug.dll
nsIQTScriptablePlugin.xpt
QuickTimePlugin.class
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Kosťa\Data aplikací\Mozilla\Firefox\Profiles\sar668n9.default\extensions\
cs@dictionaries.addons.mozilla.org
fastdial@telega.phpnet(2).us
pbreak.br@gmail.com
redshift_V2@shift-themes.com
splitpannel@max.max
{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
{20a82645-c095-46ed-80e3-08825760534b}
{239c61a8-e55f-11db-8314-0800200c9a66}
{57407AE0-868F-11DC-AD21-49A755D89593}
{77b819fa-95ad-4f2c-ac7c-486b356188a9}
{800b5000-a755-47e1-992b-48a1c1357f07}
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
{a02c0c70-605c-11da-8cd6-0800200c9a66}

C:\Documents and Settings\Kosťa\Data aplikací\Mozilla\Firefox\Profiles\sar668n9.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
torrentbox.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-22 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-24 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-22 305328]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kosťa^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-05-14 384512]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Media Key.lnk - C:\Program Files\Media Key\MagicKey.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TC UP\PLUGINS\Media\MirandaIM\miranda32.exe"="C:\Program Files\TC UP\PLUGINS\Media\MirandaIM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=lvcodec2.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"vidc.yv12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.WMV3"=wmv9vcm.dll

======File associations======

.js - edit -

======List of files/folders created in the last 1 month======

2011-11-06 11:06:17 ----D---- C:\Program Files\trend micro
2011-11-06 11:06:16 ----D---- C:\rsit
2011-11-06 11:03:25 ----D---- C:\WINDOWS\temp
2011-11-06 10:44:24 ----A---- C:\ComboFix.txt
2011-11-06 09:49:36 ----A---- C:\WINDOWS\zip.exe
2011-11-06 09:49:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-11-06 09:49:36 ----A---- C:\WINDOWS\SWSC.exe
2011-11-06 09:49:36 ----A---- C:\WINDOWS\SWREG.exe
2011-11-06 09:49:36 ----A---- C:\WINDOWS\sed.exe
2011-11-06 09:49:36 ----A---- C:\WINDOWS\PEV.exe
2011-11-06 09:49:36 ----A---- C:\WINDOWS\NIRCMD.exe
2011-11-06 09:49:36 ----A---- C:\WINDOWS\MBR.exe
2011-11-06 09:49:36 ----A---- C:\WINDOWS\grep.exe
2011-11-06 09:49:25 ----D---- C:\WINDOWS\ERDNT
2011-11-06 09:49:16 ----D---- C:\Qoobox
2011-11-05 19:02:19 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-11-05 19:02:18 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-11-05 19:02:02 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-11-05 19:02:01 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-11-05 19:02:00 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-11-05 19:01:56 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-11-05 19:01:55 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-11-05 19:01:54 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-11-05 18:58:43 ----A---- C:\WINDOWS\avastSS.scr
2011-11-05 18:58:40 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-11-05 18:58:02 ----D---- C:\Program Files\AVAST Software
2011-11-05 18:58:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-10-30 18:34:20 ----A---- C:\WINDOWS\unrar.exe
2011-10-30 18:29:08 ----HD---- C:\WINDOWS\update.tray-14-0
2011-10-30 18:29:07 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-10-30 18:29:07 ----HD---- C:\WINDOWS\update.tray-3-0

======List of files/folders modified in the last 1 month======

2011-11-06 11:06:17 ----RD---- C:\Program Files
2011-11-06 11:03:25 ----D---- C:\WINDOWS
2011-11-06 10:42:36 ----SD---- C:\WINDOWS\Tasks
2011-11-06 10:41:22 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-06 10:38:25 ----A---- C:\WINDOWS\system.ini
2011-11-06 10:38:08 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-06 10:26:23 ----D---- C:\Documents and Settings
2011-11-06 10:24:20 ----D---- C:\WINDOWS\system32\config
2011-11-06 10:22:48 ----D---- C:\WINDOWS\system32\drivers
2011-11-06 10:12:49 ----D---- C:\WINDOWS\system32
2011-11-06 10:06:46 ----D---- C:\WINDOWS\AppPatch
2011-11-06 10:06:42 ----D---- C:\Program Files\Common Files
2011-11-05 19:07:57 ----D---- C:\WINDOWS\Prefetch
2011-11-05 19:07:56 ----A---- C:\boot.ini
2011-11-05 19:00:15 ----D---- C:\Config.Msi
2011-11-05 19:00:10 ----SHD---- C:\WINDOWS\Installer
2011-11-05 18:50:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-30 18:37:09 ----SHD---- C:\System Volume Information
2011-10-30 18:37:09 ----D---- C:\WINDOWS\system32\Restore
2011-10-30 18:29:21 ----D---- C:\Program Files\Microsoft Security Client
2011-10-30 14:09:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-13 12:05:41 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12856]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
S1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
S1 MpKsl28345648;MpKsl28345648; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsl28345648.sys []
S1 MpKsld626520b;MpKsld626520b; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DA8586BC-317B-4CEC-82D8-E4135C04C0FE}\MpKsld626520b.sys []
S1 MpKsle954b92a;MpKsle954b92a; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsle954b92a.sys []
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-06-23 5632]
S1 UsbFltr;WayTechUSBFilterDriver; C:\WINDOWS\system32\drivers\UsbFltr.sys [2006-04-28 9291]
S1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\KOSA~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HwIOctl;HwIOctl; \??\C:\Program Files\Setup Files\MS-6728 v3.A0\HwIOctl.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
S3 mbr;mbr; \??\C:\DOCUME~1\KOSA~1\LOCALS~1\Temp\mbr.sys []
S3 Memctl;Memctl; \??\C:\Program Files\Setup Files\MS-6728 v3.A0\Memctl.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-20 47360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2006-06-22 293808]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-02 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-05-30 572416]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

• Program je primárně určený pro rádce,takže svévolným použitím ztrácíte nárok na pomoc
• Maže stopy po veškeré havěti,takže když ho použijete sami,tak v RSITU nic nejde vidět
• Výsledný log je potřeba doluštit a dočistit,protože Combofix neumí mazat vše
• Combofix může mít chybu,zboří vám systém a pokud nevíte,kam ukládá své zálohy a jak je obnovit,tak vás čeká reinstall systému
• Combofix nekontroluje důležité knihovny(například hall.dll)

ComboFix 11-11-05.03 - Patrik 06.11.2011 9:57.1.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.201 [GMT 1:00]
Spuštěný z: c:\documents and settings\Patrik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Patrik\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\tasks\BearShareNAG.job"
"c:\windows\tasks\McDefragTask.job"
.
file zipped: c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Patrik\WINDOWS
c:\windows\av_ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\bwUnin-7.2.0.157-8876480SL.exe
c:\windows\daemon.dll
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa
c:\windows\ufa.rar
c:\windows\ufa\ufa.exe
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-14-0-lnk\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WXPDRIVERS
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-06 do 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 09:27 . 2011-11-06 09:32 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\offreg.dll
2011-11-06 09:26 . 2011-11-06 09:26 -------- d-----w- c:\documents and settings\Administrator
2011-11-05 18:02 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-05 18:02 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-05 18:02 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-05 18:02 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-05 18:02 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-05 18:01 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-05 18:01 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-05 18:01 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-05 17:58 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-05 17:58 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-05 17:58 . 2011-11-05 17:58 -------- d-----w- c:\program files\AVAST Software
2011-11-05 17:58 . 2011-11-05 17:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-11-05 17:51 . 2011-11-05 17:51 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsl3db5220c.sys
2011-11-05 11:14 . 2011-11-05 11:14 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsl28345648.sys
2011-10-30 17:34 . 2011-10-30 17:37 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 17:29 . 2011-11-05 17:44 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-30 17:29 . 2011-11-05 17:44 -------- d--h--w- c:\windows\update.tray-3-0
2011-10-30 17:29 . 2011-10-30 17:29 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-10-30 17:15 . 2011-10-30 17:15 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-30 17:12 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2010-12-27 08:42 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-12 02:44 . 2011-08-23 10:10 7152464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 110592]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Media Key.lnk - c:\program files\Media Key\MagicKey.exe [2008-4-7 159744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kosťa^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Kosťa\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Mozilla Thunderbird"=c:\program files\Mozilla Thunderbird\thunderbird.exe -mail
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\MirandaIM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [13.6.2007 19:59 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [13.6.2007 19:59 5248]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [7.4.2008 18:43 12856]
S1 MpKsl28345648;MpKsl28345648;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsl28345648.sys [5.11.2011 12:14 28752]
S1 MpKsld626520b;MpKsld626520b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DA8586BC-317B-4CEC-82D8-E4135C04C0FE}\MpKsld626520b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DA8586BC-317B-4CEC-82D8-E4135C04C0FE}\MpKsld626520b.sys [?]
S1 MpKsle954b92a;MpKsle954b92a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsle954b92a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsle954b92a.sys [?]
S1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [7.4.2008 18:43 9291]
S1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.1.2011 10:50 136176]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.7.2008 11:24 247608]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [24.4.2011 11:25 9216]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2.1.2011 10:50 136176]
S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-6728 v3.A0\HwIOctl.sys --> c:\program files\Setup Files\MS-6728 v3.A0\HwIOctl.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [20.5.2008 10:42 47360]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d9a094e-ec36-11dc-9c83-001109c7a3e7}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 09:49]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 09:49]
.
2011-11-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.10.21.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kosťa\Data aplikací\Mozilla\Firefox\Profiles\sar668n9.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: BlackX 2: {239c61a8-e55f-11db-8314-0800200c9a66} - %profile%\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: České slovníky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: Foxkeh Theme: {57407AE0-868F-11DC-AD21-49A755D89593} - %profile%\extensions\{57407AE0-868F-11DC-AD21-49A755D89593}
FF - Ext: Split Pannel: splitpannel@max.max - %profile%\extensions\splitpannel@max.max
FF - Ext: Azerty III: {04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0} - %profile%\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-3-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-14-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
Notify-WgaLogon - (no file)
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 10:38
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1965331169-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6597E7B-82CD-3590-4759-AED31A1A345E}*]
"bbonpehhfjmapgfejihgbbnjmchmojhkhmlb"=hex:61,62,70,61,6d,65,66,6f,6d,65,6c,67,
65,6a,63,61,61,67,70,61,6d,70,68,62,69,63,6a,62,6b,69,6e,6e,67,6c,00,77
"abonpehhfjmapgfejiagigieelablclhgb"=hex:61,62,6d,61,6d,65,6f,63,66,65,61,65,
62,61,70,6d,69,66,6f,70,69,67,66,6d,6b,64,62,6c,62,65,62,68,6c,69,00,77
.
[HKEY_USERS\S-1-5-21-1343024091-1965331169-1801674531-1005\Software\SecuROM\License information*]
"datasecu"=hex:0c,a9,2b,06,f3,a2,1a,88,5d,af,12,7f,a1,30,3b,5a,f9,93,36,16,37,
c3,a2,30,9a,8c,d9,13,c9,8d,48,8c,f8,22,d8,82,03,49,39,3c,9d,02,55,3a,4c,38,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Celkový čas: 2011-11-06 10:44:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-06 09:44
.
Před spuštěním: Volných bajtů: 114 568 261 632
Po spuštění: Volných bajtů: 118 810 206 208
.
- - End Of File - - E785CB7265018261653A631EDAA349DC

• Spuste program
• Stiskněte klávesu 2 a enter
• Objeví se vám log a ten sem vložte
• Stějně tak opakujte s volbou 3 a 4 a vložte logy

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  
  KillAll::
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1343024091-1965331169-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6597E7B-82CD-3590-4759-AED31A1A345E}*]
  [HKEY_USERS\S-1-5-21-1343024091-1965331169-1801674531-1005\Software\SecuROM\License information*]´
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Kosťa\Data aplikací\Mozilla\Firefox\Profiles\sar668n9.default\
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  FF - user.js: network.http.max-persistent-connections-per-server - 4
  FF - user.js: content.max.tokenizing.time - 200000
  FF - user.js: content.notify.interval - 100000
  FF - user.js: content.switch.threshold - 650000
  FF - user.js: nglayout.initialpaint.delay - 300
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\WGASetup.job
  c:\windows\unrar.exe
  
  Driver::
  gupdatem
  gupdate
  ICQ Service
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "nwiz"=-
  "NvMediaCenter"=-
  [-HKLM\~\startupfolder\C:^Documents and Settings^Kosťa^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "NvMediaCenter"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"=dword:00000001
  
  Folder::
  c:\windows\update.tray-14-0
  c:\windows\update.tray-3-0
  c:\windows\update.tray-3-0-lnk
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode
User: Kosťa [Admin rights]
Mode: Remove -- Date : 11/06/2011 12:40:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode
User: Kosťa [Admin rights]
Mode: HOSTSFix -- Date : 11/06/2011 12:40:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode
User: Kosťa [Admin rights]
Mode: ProxyFix -- Date : 11/06/2011 12:41:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

ComboFix 11-11-05.03 - Kosťa 06.11.2011 13:08:20.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.115 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kosťa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kosťa\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\WGASetup.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\windows\update.tray-14-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-06 do 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 12:43 . 2011-11-06 12:43 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\offreg.dll
2011-11-06 11:35 . 2011-11-06 11:41 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-06 10:06 . 2011-11-06 10:06 -------- d-----w- c:\program files\trend micro
2011-11-06 10:06 . 2011-11-06 10:06 -------- d-----w- C:\rsit
2011-11-06 09:26 . 2011-11-06 09:26 -------- d-----w- c:\documents and settings\Administrator
2011-11-05 18:02 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-05 18:02 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-05 18:02 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-05 18:02 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-05 18:02 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-05 18:01 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-05 18:01 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-05 18:01 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-05 17:58 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-05 17:58 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-05 17:58 . 2011-11-05 17:58 -------- d-----w- c:\program files\AVAST Software
2011-11-05 17:58 . 2011-11-05 17:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-11-05 17:51 . 2011-11-05 17:51 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsl3db5220c.sys
2011-11-05 11:14 . 2011-11-05 11:14 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsl28345648.sys
2011-10-30 17:34 . 2011-10-30 17:37 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 17:15 . 2011-10-30 17:15 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-30 17:12 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2010-12-27 08:42 6668624 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-12 02:44 . 2011-08-23 10:10 7152464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 110592]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Media Key.lnk - c:\program files\Media Key\MagicKey.exe [2008-4-7 159744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Mozilla Thunderbird"=c:\program files\Mozilla Thunderbird\thunderbird.exe -mail
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\MirandaIM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [13.6.2007 19:59 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [13.6.2007 19:59 5248]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [7.4.2008 18:43 12856]
S1 MpKsl28345648;MpKsl28345648;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsl28345648.sys [5.11.2011 12:14 28752]
S1 MpKsld626520b;MpKsld626520b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DA8586BC-317B-4CEC-82D8-E4135C04C0FE}\MpKsld626520b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{DA8586BC-317B-4CEC-82D8-E4135C04C0FE}\MpKsld626520b.sys [?]
S1 MpKsle954b92a;MpKsle954b92a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsle954b92a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{FC38DA49-8029-486E-ACF5-F3F21DD3A8BD}\MpKsle954b92a.sys [?]
S1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [7.4.2008 18:43 9291]
S1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.7.2008 11:24 247608]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [24.4.2011 11:25 9216]
S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-6728 v3.A0\HwIOctl.sys --> c:\program files\Setup Files\MS-6728 v3.A0\HwIOctl.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [20.5.2008 10:42 47360]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 09:49]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 09:49]
.
2011-11-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.10.21.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kosťa\Data aplikací\Mozilla\Firefox\Profiles\sar668n9.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: BlackX 2: {239c61a8-e55f-11db-8314-0800200c9a66} - %profile%\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: České slovníky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: Foxkeh Theme: {57407AE0-868F-11DC-AD21-49A755D89593} - %profile%\extensions\{57407AE0-868F-11DC-AD21-49A755D89593}
FF - Ext: Split Pannel: splitpannel@max.max - %profile%\extensions\splitpannel@max.max
FF - Ext: Azerty III: {04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0} - %profile%\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 13:43
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1965331169-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6597E7B-82CD-3590-4759-AED31A1A345E}*]
"bbonpehhfjmapgfejihgbbnjmchmojhkhmlb"=hex:61,62,70,61,6d,65,66,6f,6d,65,6c,67,
65,6a,63,61,61,67,70,61,6d,70,68,62,69,63,6a,62,6b,69,6e,6e,67,6c,00,77
"abonpehhfjmapgfejiagigieelablclhgb"=hex:61,62,6d,61,6d,65,6f,63,66,65,61,65,
62,61,70,6d,69,66,6f,70,69,67,66,6d,6b,64,62,6c,62,65,62,68,6c,69,00,77
.
[HKEY_USERS\S-1-5-21-1343024091-1965331169-1801674531-1005\Software\SecuROM\License information*]
"datasecu"=hex:0c,a9,2b,06,f3,a2,1a,88,5d,af,12,7f,a1,30,3b,5a,f9,93,36,16,37,
c3,a2,30,9a,8c,d9,13,c9,8d,48,8c,f8,22,d8,82,03,49,39,3c,9d,02,55,3a,4c,38,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Celkový čas: 2011-11-06 13:50:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-06 12:50
ComboFix2.txt 2011-11-06 09:44
.
Před spuštěním: Volných bajtů: 118 817 050 624
Po spuštění: Volných bajtů: 118 794 858 496
.
- - End Of File - - 0F41ECAB4F43E16018143EA884271E7B

• Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
• Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
• Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
• Objeví se vám log,který mi sem vložte
• NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci