VIRY.CZ

hoj, stáhl jsem program .exe vyskočil na mě shutdown a pokaždé jak zapnu pc tak mě to vypne


log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2012-02-18 00:00:54
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 4 GB (3%) free of 114 GB
Total RAM: 3002 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:03:05, on 18.2.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Taskmgr.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\osk.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\Downloads\RSIT.exe
C:\Program Files\trend micro\Michal.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=generic
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SystemKey] C:\Windows\system32\rundll32.exe "C:\ProgramData\SystemKey\SystemKey.dll" rdl
O4 - HKLM\..\Run: [ServeZip] "C:\Program Files\ServeZip\ServeZip.exe" -StartUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [KeyLogger] C:\Users\Michal\Downloads\Zaznamenejte-Stisknute-Klavesy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [system_tray] shutdown -s -f -t 0
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [SRDownloader] C:\Users\Michal\Downloads\SRDownloader.exe /min
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Auto Hide IP] C:\Program Files\AutoHideIP\AutoHideIP.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.7\ICQ.exe" silent loginmode=4
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michal\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michal\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O9 - Extra button: GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - C:\Program Files\Photoactions\GetWebPics\Gwp4Ie.dll (HKCU)
O9 - Extra 'Tools' menuitem: Download pictures with GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - C:\Program Files\Photoactions\GetWebPics\Gwp4Ie.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files\QipGuard\QipGuard.exe
O23 - Service: SMTP Server Service (SMTPMainService) - Unknown owner - C:\Program Files\Advanced SMTP Server\SMTPListener.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6c241dbe\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)

--
End of file - 10462 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://search.hotspotshield.com/g/?c=h"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.8.1.0, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0, {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, afurladvisor@anchorfree.com:1.0, plugin2@gameplaylabs.com:2.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.2, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.1, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.4.1&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}"=C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0]
"Description"=DivX OVS Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@fileplanet.com/fpdlm]
"Description"=
"Path"=C:\Program Files\Download Manager\npfpdlm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.3]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
afurladvisor@anchorfree.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsILegitCheckPlugin.xpt
nsINIProcessor.js
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
libdivx.dll
np-mswmp.dll
np32dsw.dll
npdeployJava1.dll
npdivx32.dll
npdivx32.xpt
npFoxitReaderPlugin.dll
npLegitCheckPlugin.dll
npnul32.dll
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
npwachk.dll
ShockwavePlugin.class
ssldivx.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
privatesearch.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\
plugin2@gameplaylabs.com
{20a82645-c095-46ed-80e3-08825760534b}
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{800b5000-a755-47e1-992b-48a1c1357f07}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}-trash
{a8864317-e18b-4292-99d9-e6e65ab905d3}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\
icqplugin.gif
icqplugin.src
icqplugin.xml
seznam.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-07-08 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"SystemKey"=C:\ProgramData\SystemKey\SystemKey.dll [2006-04-07 339968]
"ServeZip"=C:\Program Files\ServeZip\ServeZip.exe [2011-05-24 1731824]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-07-08 273544]
"TaskTray"= []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-19 1697064]
"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-04-08 1406248]
"tvncontrol"=C:\Program Files\TightVNC\tvnserver.exe [2011-08-03 828944]
"KeyLogger"=C:\Users\Michal\Downloads\Zaznamenejte-Stisknute-Klavesy.exe []
"mail"= []
"smtp"= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]
"system_tray"=shutdown -s -f -t 0 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-14 137536]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-04-03 399736]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2011-03-04 2741616]
"Google Update"=C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 136176]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-01-16 717696]
"SRDownloader"=C:\Users\Michal\Downloads\SRDownloader.exe /min []
"Vidalia"=C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []
"Auto Hide IP"=C:\Program Files\AutoHideIP\AutoHideIP.exe [2011-02-18 3737840]
"Steam"=C:\Program Files\Steam\Steam.exe [2011-12-20 1242448]
"ICQ"=C:\Program Files\ICQ7.7\ICQ.exe [2012-01-23 127040]

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvid.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"msacm.lhacm"=lhacm.acm
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"msacm.l3codec"=L3codeca.acm
"vidc.DIV3"=DivXc32.dll
"vidc.DIV4"=DivXc32f.dll
"msacm.lameacm"=LameACM.acm
"msacm.divxa32"=DivXa32.acm
"VIDC.XFR1"=xfcodec.dll
"msacm.vorbis"=vorbis.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-02-17 23:51:45 ----A---- C:\Windows\ntbtlog.txt
2012-02-17 15:34:28 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-17 15:34:27 ----A---- C:\Windows\system32\jscript.dll
2012-02-17 15:34:27 ----A---- C:\Windows\system32\iertutil.dll
2012-02-17 15:34:26 ----A---- C:\Windows\system32\jscript9.dll
2012-02-17 15:34:25 ----A---- C:\Windows\system32\wininet.dll
2012-02-17 15:34:25 ----A---- C:\Windows\system32\url.dll
2012-02-17 15:34:25 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-17 15:34:25 ----A---- C:\Windows\system32\ieui.dll
2012-02-17 15:34:24 ----A---- C:\Windows\system32\mshtml.dll
2012-02-17 15:34:22 ----A---- C:\Windows\system32\ieframe.dll
2012-02-17 15:34:20 ----A---- C:\Windows\system32\urlmon.dll
2012-02-16 21:47:36 ----D---- C:\Program Files\Převody čísel
2012-02-16 21:00:53 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-16 21:00:48 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2012-02-18 00:00:59 ----D---- C:\Program Files\trend micro
2012-02-18 00:00:45 ----D---- C:\Windows\temp
2012-02-17 23:51:45 ----AD---- C:\Windows
2012-02-17 23:46:40 ----D---- C:\Windows\Prefetch
2012-02-17 21:09:56 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2012-02-17 21:09:50 ----D---- C:\Program Files\Steam
2012-02-17 21:01:33 ----SHD---- C:\System Volume Information
2012-02-17 20:59:47 ----D---- C:\ProgramData\GameXN
2012-02-17 17:51:01 ----RSD---- C:\Windows\assembly
2012-02-17 17:51:01 ----D---- C:\Windows\Microsoft.NET
2012-02-17 15:59:27 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-17 15:58:06 ----D---- C:\Windows\system32\migration
2012-02-17 15:58:06 ----D---- C:\Windows\System32
2012-02-17 15:58:05 ----D---- C:\Program Files\Internet Explorer
2012-02-17 15:36:25 ----A---- C:\Windows\system32\mrt.exe
2012-02-17 15:36:18 ----SHD---- C:\Windows\Installer
2012-02-17 15:36:18 ----SHD---- C:\Config.Msi
2012-02-17 15:36:04 ----D---- C:\ProgramData\Microsoft Help
2012-02-17 15:35:30 ----D---- C:\Windows\winsxs
2012-02-17 15:34:49 ----D---- C:\Windows\system32\catroot
2012-02-17 15:32:42 ----D---- C:\Program Files\Windows Mail
2012-02-17 15:28:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-17 15:27:58 ----D---- C:\Windows\inf
2012-02-17 15:24:35 ----D---- C:\Windows\system32\catroot2
2012-02-17 00:03:41 ----D---- C:\Users\Michal\AppData\Roaming\FileZilla
2012-02-16 21:47:36 ----D---- C:\Program Files
2012-02-15 20:22:59 ----D---- C:\Program Files\Common Files\Steam
2012-02-14 19:50:19 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2012-02-06 21:10:40 ----D---- C:\ProgramData\ServeZip
2012-01-31 13:44:05 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-24 15:51:14 ----D---- C:\Program Files\ICQ7.7
2012-01-20 12:40:05 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2012-01-20 12:26:22 ----D---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 354840]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2010-09-22 37376]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2004-04-01 10368]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-11-11 305256]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-19 242992]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-09-22 32768]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
S0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-20 691696]
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
S1 rwvfuxhm;rwvfuxhm; \??\C:\Windows\system32\drivers\rwvfuxhm.sys []
S1 tdgvbvnm;tdgvbvnm; \??\C:\Windows\system32\drivers\tdgvbvnm.sys []
S2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
S3 ALSysIO;ALSysIO; \??\C:\Users\Michal\AppData\Local\Temp\ALSysIO.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-26 294952]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-26 88616]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-06-26 111144]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 33320]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-26 18728]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-02-16 25280]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-10 4744704]
S3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 Ltn_stk7070P;PCTV based TV tuner device; C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-05-15 47360]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-11-19 408576]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-04-23 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-04-23 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-04-23 24960]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
S2 Apache2.2;Apache2.2; c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 656672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-28 136176]
S2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2011-01-07 271408]
S2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2011-01-05 352304]
S2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe [2007-05-08 2179072]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2011-03-04 73728]
S2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-10-02 75064]
S2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2011-05-10 187776]
S2 SMTPMainService;SMTP Server Service; C:\Program Files\Advanced SMTP Server\SMTPListener.exe [2011-01-25 1214464]
S2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6c241dbe\STacSV.exe [2009-11-19 221266]
S2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 tvnserver;TightVNC Server; C:\Program Files\TightVNC\tvnserver.exe [2011-08-03 828944]
S2 WindowBlinds;Stardock WindowBlinds; C:\Program Files\Stardock\MyColors\VistaSrv.exe [2009-06-09 230704]
S2 XAMPP;XAMPP Service; c:\xampp\service.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-06 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-28 136176]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2011-01-07 57640]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-02-15 481064]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim a pekny den preji

Tohle O4 - HKLM\..\Run: [KeyLogger] C:\Users\Michal\Downloads\Zaznamenejte-Stisknute-Klavesy.exe tam mate schvalne

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Tohle O4 - HKLM\..\Run: [KeyLogger] C:\Users\Michal\Downloads\Zaznamenejte-Stisknute-Klavesy.exe tam mate schvalne

Nemám.

Na log jdu hned

RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v: Nouzový režim s prací v síti
Uživatel: Michal [Práva správce]
Mode: Kontrola -- Date: 02/18/2012 15:41:17

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 5 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : SystemKey (C:\Windows\system32\rundll32.exe "C:\ProgramData\SystemKey\SystemKey.dll" rdl) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 +++++
--- User ---
[MBR] 71b8a478e7bb7fca04da004497e4f5d6
[BSP] 1ca4b96da66aa04478ec46910fb155af : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Takze vam tam nekdo nahodil keyloggera

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-02-19.02 - Michal 20.02.2012 10:59:39.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.3002.2313 [GMT 1:00]
Spuštěný z: c:\users\Michal\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{688B7BCC-AD53-4BC7-B2E0-5FFF17F1858C}\_Setup.dll
c:\programdata\Tarma Installer\{688B7BCC-AD53-4BC7-B2E0-5FFF17F1858C}\Setup.dat
c:\programdata\Tarma Installer\{688B7BCC-AD53-4BC7-B2E0-5FFF17F1858C}\Setup.exe
c:\programdata\Tarma Installer\{688B7BCC-AD53-4BC7-B2E0-5FFF17F1858C}\Setup.ico
c:\users\Michal\AppData\Roaming\chrtmp
c:\users\Michal\AppData\Roaming\inst.exe
c:\users\Michal\AppData\Roaming\vso_ts_preview.xml
c:\users\Michal\AppData\Roaming\WindowsApplication1
c:\users\Michal\AppData\Roaming\WindowsApplication1\WindowsApplication1.config
c:\windows\PFRO.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\MailBee.dll
c:\windows\system32\win22dcd201mp3121.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-20 do 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 10:12 . 2012-02-20 10:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-20 10:12 . 2012-02-20 10:12 -------- d-----w- c:\users\Janička\AppData\Local\temp
2012-02-20 10:12 . 2012-02-20 10:15 -------- d-----w- c:\users\Michal\AppData\Local\temp
2012-02-20 10:12 . 2012-02-20 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 23:02 . 2012-02-19 23:02 -------- d-----w- c:\program files\Sifrovani
2012-02-18 18:17 . 2012-02-18 18:17 -------- d-----w- c:\windows\Sun
2012-02-18 14:40 . 2012-02-18 14:40 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-02-17 22:32 . 2012-02-17 22:32 156 ----a-w- c:\windows\z.reg
2012-02-16 20:47 . 2012-02-16 20:47 -------- d-----w- c:\program files\Převody čísel
2012-02-16 20:02 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{992938A1-7D1C-4283-AB9E-15A4F8376E86}\mpengine.dll
2012-02-16 20:00 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 20:00 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 20:00 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-10 23:07 . 2012-02-10 23:06 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D36F0306-F784-44E5-A8FB-842E06678973}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-07-31 07:03 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2010-07-31 07:05 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-25 15:59 . 2012-01-11 13:51 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-03 399736]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"Auto Hide IP"="c:\program files\AutoHideIP\AutoHideIP.exe" [2011-02-18 3737840]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-20 1242448]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"system_tray"="shutdown -s -f -t 0" [X]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SystemKey"="c:\programdata\SystemKey\SystemKey.dll" [2006-04-07 339968]
"ServeZip"="c:\program files\ServeZip\ServeZip.exe" [2011-05-24 1731824]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-08 273544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-19 1697064]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-08-03 828944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
- c:\users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 14:08]
.
2012-02-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
- c:\users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 14:08]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:46]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:46]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 16:46]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 16:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=generic
uDefault_Search_URL =
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.12.0.1 10.6.0.1
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.hotspotshield.com/g/?c=h
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: RuneScape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: LG Air Sync: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-SRDownloader - c:\users\Michal\Downloads\SRDownloader.exe
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKLM-Run-TaskTray - (no file)
HKLM-Run-mail - (no file)
HKLM-Run-smtp - (no file)
AddRemove-Valve Hammer Editor - c:\progra~1\VALVEH~1\UNWISE.EXE
AddRemove-{688B7BCC-AD53-4BC7-B2E0-5FFF17F1858C} - c:\progra~2\TARMAI~1\{688B7~1\Setup.exe
AddRemove-Game Organizer - c:\programdata\Easybits GO\EasyBitsGO.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-20 11:15
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19EE5DD3-7DD3-CCC7-D475-CBFA1A7E4AE4}*]
"hadjhpdaonepbjie"=hex:6b,61,62,68,67,65,6b,68,6d,6c,67,6a,67,70,68,62,6a,62,
6c,64,6f,6d,00,62
"iabjjohfohhjlnjogi"=hex:63,61,6d,68,69,64,00,7f
"ianibacoimadpgglaf"=hex:6b,61,63,68,6d,65,69,6c,68,65,6f,67,67,63,6e,63,6d,6e,
68,6a,63,70,00,00
.
[HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{253D9005-8AD7-C2C4-2D1A-8FFA9EEB2D7E}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-02-20 11:19:48
ComboFix-quarantined-files.txt 2012-02-20 10:19
.
Před spuštěním: 8 903 753 728
Po spuštění: Volných bajtů: 20 111 224 832
.
- - End Of File - - 389869917ACC1B81714A1A0073C4E21F

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\programdata\SystemKey\SystemKey.dll
  C:\Users\Michal\Downloads\Zaznamenejte-Stisknute-Klavesy.exe
  
  Folder::
  c:\programdata\SystemKey
  c:\users\Michal\AppData\Local\Facebook\Update
  C:\Program Files\ICQ6Toolbar
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Facebook Update"=-
  "uTorrent"=-
  "Auto Hide IP"=-
  "Steam"=-
  "ICQ"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "system_tray"=-
  "SystemKey"=-
  "ServeZip"=-
  "TkBellExe"=-
  "NBAgent"=-
  "tvncontrol"=-
  "SunJavaUpdateSched"=-
  "CloneCDTray"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
  
  File::
  C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin.gif
  C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin.src
  C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin.xml
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001UA.job
  
  Driver::
  gupdate
  gupdatem
  ICQ Service
  
  DDS::
  uStart Page = hxxp://www.centrum.cz/#utm_source=icq&u ... um=generic
  uDefault_Search_URL =
  uSearchAssistant = 
  
  Firefox::
  FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: browser.startup.homepage - hxxp://search.hotspotshield.com/g/?c=h
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.4.1&q=
  FF - prefs.js: network.proxy.type - 0
  FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
  FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
  FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
  FF - Ext: RuneScape Community Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
  FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  FF - user.js: browser.cache.memory.capacity - 65536
  FF - user.js: browser.display.show_image_placeholders - true
  FF - user.js: browser.chrome.favicons - false
  FF - user.js: browser.turbo.enabled - true
  FF - user.js: browser.urlbar.autocomplete.enabled - true
  FF - user.js: browser.urlbar.autofill - true
  FF - user.js: content.interrupt.parsing - true
  FF - user.js: content.max.tokenizing.time - 2250000
  FF - user.js: content.notify.backoffcount - 5
  FF - user.js: content.notify.interval - 750000
  FF - user.js: content.notify.ontimer - true
  FF - user.js: content.switch.threshold - 750000
  FF - user.js: network.http.max-connections - 48
  FF - user.js: network.http.max-connections-per-server - 16
  FF - user.js: network.http.max-persistent-connections-per-proxy - 16
  FF - user.js: network.http.max-persistent-connections-per-server - 8
  FF - user.js: network.http.pipelining - true
  FF - user.js: network.http.pipelining.maxrequests - 8
  FF - user.js: network.http.proxy.pipelining - true
  FF - user.js: network.http.request.max-start-delay - 0
  FF - user.js: nglayout.initialpaint.delay - 0
  FF - user.js: plugin.expose_full_path - true
  FF - user.js: ui.submenuDelay - 0
  pref('extensions.shownSelectionUI',true);
  pref('extensions.autoDisableScopes',0);
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19EE5DD3-7DD3-CCC7-D475-CBFA1A7E4AE4}*]
  [HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{253D9005-8AD7-C2C4-2D1A-8FFA9EEB2D7E}*]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci