VIRY.CZ

Dobry den.
Poprosil by som Vás o kontrolu logu z mojho pocitaca.
Dakujem velmi pekne.
S pozdravom
L.O.


ComboFix 12-11-03.02 - Lubomir Opatovsky 03.11.2012 15:57:05.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1022.462 [GMT 1:00]
Running from: c:\documents and settings\Lubomir Opatovsky\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\MUI\041b\tourstart.exe
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET40.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 13:34 . 2012-11-03 13:34 -------- d-----w- c:\program files\SopCast
2012-11-03 12:59 . 2012-11-03 12:59 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-11-03 12:59 . 2012-11-03 12:59 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-11-03 12:59 . 2012-11-03 12:59 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-11-03 12:59 . 2012-11-03 12:59 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-11-03 12:57 . 2012-11-03 12:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-03 09:49 . 2012-11-03 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2012-11-03 08:54 . 2012-11-03 08:55 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 11
2012-10-24 09:06 . 2012-10-24 09:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-10-24 08:31 . 2008-05-16 18:50 258352 ----a-w- c:\windows\system32\unicows.dll
2012-10-24 08:31 . 2008-04-02 13:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-10-24 08:31 . 2000-09-06 09:13 751104 ----a-w- c:\windows\system32\temp.000
2012-10-24 08:30 . 1997-11-04 12:11 3146 ----a-w- c:\windows\system32\vsort.com
2012-10-24 07:40 . 2012-10-24 07:40 -------- d-----w- c:\documents and settings\Lubomir Opatovsky\Application Data\KC Softwares
2012-10-24 07:40 . 2012-10-24 07:40 -------- d-----w- c:\program files\KC Softwares
2012-10-24 06:44 . 2012-10-24 06:44 21624 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2012-10-24 06:44 . 2012-10-24 06:44 -------- d-----w- c:\program files\HWiNFO32
2012-10-24 05:47 . 2012-10-24 05:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-10-19 10:59 . 2012-11-03 14:16 -------- d-----w- c:\documents and settings\Lubomir Opatovsky\Application Data\Media Player Classic
2012-10-19 10:45 . 2012-10-19 10:45 -------- d-----w- c:\program files\Combined Community Codec Pack
2012-10-18 04:23 . 2012-10-18 04:23 -------- d-----w- c:\documents and settings\Lubomir Opatovsky\Application Data\Awem
2012-10-18 04:20 . 2012-10-18 04:20 -------- d-----w- c:\program files\GameTop.com
2012-10-17 22:50 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-07 10:09 . 2012-10-07 10:09 -------- d-----w- c:\program files\Microids
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-08-01 10:03 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-10-15 11:33 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2008-10-15 11:33 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2008-10-15 11:33 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2008-10-15 11:33 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2008-10-15 11:33 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2008-10-15 11:33 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2008-10-15 11:33 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-08-01 10:03 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2008-10-15 11:33 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-24 09:06 . 2008-10-15 12:24 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-10-20 08:10 . 2012-04-02 10:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-20 08:10 . 2011-08-01 09:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2011-02-22 10:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 12:55 . 2012-04-27 16:37 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-07 12:55 . 2011-02-22 08:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-03-15 18:04 . 2011-03-15 18:04 244736 ----a-w- c:\program files\C4DLL320.DLL
2011-03-15 18:03 . 2011-03-15 18:03 563200 ----a-w- c:\program files\WTRDCTM.EXE
2011-03-15 18:03 . 2011-03-15 18:03 3690496 ----a-w- c:\program files\WTRAN32.EXE
2011-03-15 18:03 . 2011-03-15 18:03 2568192 ----a-w- c:\program files\WDICT32.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 18:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-08-28 13:52 3671904 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 13:01 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Lubomir Opatovsky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Garmin Lifetime Updater"=c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Lubomir Opatovsky\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.8.2011 11:03 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.10.2008 12:33 361032]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 20:13 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 20:13 31704]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [24.10.2012 7:44 21624]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [25.10.2011 14:58 32768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.10.2008 12:33 21256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.2.2011 11:42 22856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9bb72f45153ea;Google Update Service (gupdate1c9bb72f45153ea);c:\program files\Google\Update\GoogleUpdate.exe [12.4.2009 14:31 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.2.2011 11:42 676936]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [16.7.2012 19:18 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [16.7.2012 19:18 10200]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 12:19 160944]
S3 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [25.10.2011 14:58 587472]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19.6.2012 16:32 3048136]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58788653
*NewlyCreated* - 99941127
*Deregistered* - 58788653
*Deregistered* - 99941127
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-05 22:50]
.
2012-11-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-06-07 10:45]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 13:31]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 13:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: com\www.msi
TCP: DhcpNameServer = 193.110.186.240 217.75.71.141
FF - ProfilePath - c:\documents and settings\Lubomir Opatovsky\Application Data\Mozilla\Firefox\Profiles\f2m4i6in.default-1350718167421\
FF - prefs.js: browser.startup.homepage - zoznam.sk
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-16 17:36; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox 4.0 Beta 11\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-10-20 09:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Lubomir Opatovsky\Application Data\Mozilla\Firefox\Profiles\f2m4i6in.default-1350718167421\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-58788653.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-03 16:12
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200JD-00GBB0 rev.02.05D02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0A823D3AB359BDB72FBA0D93427EEF65AF8A72250B61FDE3EA28335FF881958C2187F36670CBB323D41BE28CD8E7B12206AD39D90518B182B9CA81ACDCA3C725D6313A5CE3DA8CC346DB3C7C0321E47173177D9E300D2E30122997B45998B0913304A873A7DB6367B2947E550FDF000D6E0D909FAFF96A304BD8537B053A613B15074BA8E76B06C49D5A802D5D23AE91BB573AA839DB8C28157387FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D679493D0D6F11CD5413F9EDBA07E41728187351BD769E3207C2AB9F521C8B5645E678306D0B43D4F038A253C0A626B4619EF4FCDED233D175C60AF785A1EECE9D7C2F490386F36F0BF95D6E0D683A9F3D73C2D5F62D00D2AE6971D2559DACBE1407AD6C91E877EF7D8DE58FA1C427C216F77CDF16AF1FA83BF867CB3133AC19B4C12B81E5E956D7933D773C932B443C616A055BF0036921F0D5A68F14429A3B8B3824F0F9262415DB6E517A6B6A1C6B184AB0A12E284C250F932A03EEB4B2AB0313974329B6F9A5DD06454F88B063081F8FE574914F45F3DB422080ECD7671CE841824B09DEF808C71A0E13F53138D2DB4F6CA5759D5205EEF332868EF36F931F173804801CA5B4C8D5C988D7A2D527BFD6097C4BDA99F0363DE2DEB1EC728C9C194CCC9711CF8D41D4DF60AABEBD4899D7F952B0EA45E4BC719E5C6E69F45E1BDB6F21BDFB289B21E1F1F6DD91DCE49628ABE3C5E31BEAE5D4246BD9E61FB12B78DFEB3FE93A34510EE5686B83FDE7E1EADB339046B09756534E72ADB6A5EC9013D24A2C8F440BF78CE8638420A8741A487B47A982667BD28BA04F67948DE4C73DE3409F8C2BC2B60C43EF833632F0051AA2BEAFA666AF8EE957BA5953C5830E9FDAA9B8E9BDAE1D24A30510DE8207A011F9F0ACC6684EE8979D3C896BE85DE431D2324CD55BF1461CDAF61146A094695DE436A74138E37498DB28A9FF80698E4B05DFEBFF47445A0B1B95BD3ECFC4BF3D8E7B41C0DC2C085ED64261FCAE0703422C01FB038E64FA9CBE80596A97046077184A2B12CC0CC1A2CDAEBC2C5FC4B9D4F5508308C695B18650237EE0CBEC9BCFDB28468F70C71634A283F7DAFA666928747D39296AF6A8DBDE8E232B4A738054BB3BD35AE0C9846C0041B86050E4F8490E7AEF0AE5450AE85298878794B4BD6966944D2410CFE27FC4B095AF148E76BA32C5CA55E53B4A3E4EF40206132102B945A25BE563BB7F25D7DAAB65B4D6844ED2DAF51668F9318738EB14929446600EA327EBBC62DA71736BE341ED679DA0E0F2713583A4EBBBFC0FB1C5A42D204D6B540834FA0D98906D0D6ED5AAE8D9ECB9EFB04E3023751CB4E5053FB508EF23582757CC4A39B"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(1532)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1152)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-11-03 16:18:58
ComboFix-quarantined-files.txt 2012-11-03 15:18
.
Pre-Run: 14 490 431 488 bytes free
Post-Run: 14 980 354 048 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 91C9C02BD75F1AFB0ECB5EDB1EB9D7D1

Zdravim

Cetl jste si pravidla fora a dalsi veci ohledne CF - je jasne psano ze se nema spoustet bez doporuceni

Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Dakujem za usmernenie. Nastastie pocitac ide.

Pocitac jde, ale ja se ptam jestli s nim umite kdyz jej pouzivate? Jen abych vedel jak dal pokracovat

Ano. Viem s nim pracovat. Aspon dufam...

No fajn, tak si pro nej napiste skript a mate cisto ne

Tak to by ma nenapadlo....

No vidite...tak co potrebujete ode mne? Kdyz s CF umite...

Mohl bys ho pozvat do naší školy, odborníka

tuvok07 píše:Mohl bys ho pozvat do naší školy, odborníka

Tak treba ma pristup na TSF foru k navodu na CF a opravdu s nim umi...

Proto se ptam co tedy je potreba...pac kdyz mam log z CF a umim s nim, tak si napisu skript a finito...

Jasný.

Tak nic. Aj tak dakujem za Vas cas. Yle som pochopil otazku ci ho viem pouzivat. Myslel som comp nie CF.

V tom případě je to na vyoskovi - je třeba dočistit.

Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

Nevim jak se to da poplest s pouzivanim PC

Tak mi dejte chvili nez napisu skript

Jsou s PC nejake problemy

Pre uplnost pridavam aj log z RSIT. Dakujem.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Lubomir Opatovsky at 2012-11-03 17:17:38
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (13%) free of 114 GB
Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:18:20, on 3.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Documents and Settings\Lubomir Opatovsky\Desktop\RSIT.exe
C:\Program Files\trend micro\Lubomir Opatovsky.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2285768187
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c9bb72f45153ea) (gupdate1c9bb72f45153ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe

--
End of file - 4937 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Lubomir Opatovsky\Application Data\Mozilla\Firefox\Profiles\f2m4i6in.default-1350718167421

prefs.js - "browser.startup.homepage" - "zoznam.sk"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 11\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox 4.0 Beta 11\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 11\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-24 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19 4014280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-08-28 3671904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Documents and Settings\Lubomir Opatovsky\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Lubomir Opatovsky\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe"="C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.enc"=ITIG726.acm
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.siren"=sirenacm.dll
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======List of files/folders created in the last 1 month======

2012-11-03 17:14:01 ----D---- C:\Program Files\trend micro
2012-11-03 17:13:59 ----D---- C:\rsit
2012-11-03 16:30:07 ----SHD---- C:\RECYCLER
2012-11-03 16:19:03 ----D---- C:\WINDOWS\temp
2012-11-03 16:18:59 ----A---- C:\ComboFix.txt
2012-11-03 15:55:06 ----A---- C:\Boot.bak
2012-11-03 15:54:59 ----RASHD---- C:\cmdcons
2012-11-03 15:53:09 ----A---- C:\WINDOWS\zip.exe
2012-11-03 15:53:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-11-03 15:53:09 ----A---- C:\WINDOWS\SWSC.exe
2012-11-03 15:53:09 ----A---- C:\WINDOWS\SWREG.exe
2012-11-03 15:53:09 ----A---- C:\WINDOWS\sed.exe
2012-11-03 15:53:09 ----A---- C:\WINDOWS\PEV.exe
2012-11-03 15:53:09 ----A---- C:\WINDOWS\NIRCMD.exe
2012-11-03 15:53:09 ----A---- C:\WINDOWS\MBR.exe
2012-11-03 15:53:09 ----A---- C:\WINDOWS\grep.exe
2012-11-03 15:52:54 ----D---- C:\Qoobox
2012-11-03 15:52:19 ----D---- C:\WINDOWS\erdnt
2012-11-03 14:34:01 ----D---- C:\Program Files\SopCast
2012-11-03 13:59:59 ----A---- C:\TDSSKiller.2.8.15.0_03.11.2012_13.59.59_log.txt
2012-11-03 13:57:24 ----D---- C:\TDSSKiller_Quarantine
2012-11-03 13:25:02 ----A---- C:\TDSSKiller.2.8.15.0_03.11.2012_13.25.02_log.txt
2012-11-03 10:49:18 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2012-11-03 09:54:50 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 11
2012-10-24 10:06:14 ----D---- C:\Program Files\DAEMON Tools Lite
2012-10-24 09:31:06 ----A---- C:\WINDOWS\system32\unicows.dll
2012-10-24 09:30:59 ----A---- C:\WINDOWS\system32\vsort.com
2012-10-24 08:40:31 ----D---- C:\Documents and Settings\Lubomir Opatovsky\Application Data\KC Softwares
2012-10-24 08:40:23 ----D---- C:\Program Files\KC Softwares
2012-10-24 07:44:47 ----A---- C:\WINDOWS\system32\drivers\HWiNFO32.SYS
2012-10-24 07:44:01 ----D---- C:\Program Files\HWiNFO32
2012-10-24 06:47:17 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-10-19 11:59:45 ----D---- C:\Documents and Settings\Lubomir Opatovsky\Application Data\Media Player Classic
2012-10-19 11:45:21 ----D---- C:\Program Files\Combined Community Codec Pack
2012-10-18 05:23:04 ----D---- C:\Documents and Settings\Lubomir Opatovsky\Application Data\Awem
2012-10-18 05:20:51 ----D---- C:\Program Files\GameTop.com
2012-10-17 23:50:32 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-10-17 23:50:32 ----A---- C:\WINDOWS\system32\javaw.exe
2012-10-17 23:50:32 ----A---- C:\WINDOWS\system32\java.exe
2012-10-07 11:09:02 ----D---- C:\Program Files\Microids

======List of files/folders modified in the last 1 month======

2012-11-03 17:14:01 ----RD---- C:\Program Files
2012-11-03 17:13:57 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-03 16:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-11-03 16:30:09 ----D---- C:\WINDOWS\system32
2012-11-03 16:30:07 ----D---- C:\WINDOWS
2012-11-03 16:29:37 ----D---- C:\WINDOWS\system32\drivers
2012-11-03 16:27:48 ----SD---- C:\WINDOWS\Tasks
2012-11-03 16:21:51 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-11-03 16:12:41 ----A---- C:\WINDOWS\system.ini
2012-11-03 16:12:18 ----D---- C:\WINDOWS\system32\drivers\etc
2012-11-03 16:04:17 ----D---- C:\WINDOWS\AppPatch
2012-11-03 16:04:07 ----D---- C:\Program Files\Common Files
2012-11-03 15:55:06 ----RASH---- C:\boot.ini
2012-11-03 11:36:51 ----D---- C:\WINDOWS\Debug
2012-11-03 11:08:32 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2012-11-03 11:02:17 ----D---- C:\Documents and Settings\Lubomir Opatovsky\Application Data\Macromedia
2012-11-03 10:55:01 ----D---- C:\WINDOWS\Prefetch
2012-11-03 10:46:48 ----D---- C:\Program Files\Google
2012-11-03 10:46:27 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-11-03 10:41:20 ----D---- C:\Program Files\PokerStars
2012-11-03 10:33:29 ----D---- C:\Documents and Settings\Lubomir Opatovsky\Application Data\GlarySoft
2012-11-03 09:55:34 ----D---- C:\Program Files\WinRAR
2012-11-02 19:58:41 ----A---- C:\WINDOWS\NeroDigital.ini
2012-11-02 18:13:04 ----D---- C:\Program Files\MagicISO
2012-10-30 23:50:59 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-10-28 21:03:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-10-24 10:40:52 ----D---- C:\Program Files\Glary Utilities
2012-10-24 10:09:47 ----D---- C:\Config.Msi
2012-10-24 09:59:17 ----HD---- C:\WINDOWS\inf
2012-10-24 09:59:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-10-24 09:54:38 ----D---- C:\Program Files\CrystalDiskInfo
2012-10-24 09:44:09 ----D---- C:\WINDOWS\pss
2012-10-24 09:32:20 ----D---- C:\Program Files\Brother's Keeper 6
2012-10-24 09:17:03 ----D---- C:\Documents and Settings\Lubomir Opatovsky\Application Data\HpUpdate
2012-10-24 08:55:41 ----SHD---- C:\WINDOWS\Installer
2012-10-24 08:54:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-10-24 08:54:11 ----D---- C:\Program Files\Common Files\Adobe
2012-10-24 08:54:05 ----D---- C:\Program Files\Adobe
2012-10-24 07:22:54 ----D---- C:\Program Files\MSI
2012-10-23 19:04:58 ----A---- C:\WINDOWS\wincmd.ini
2012-10-23 12:41:52 ----A---- C:\WINDOWS\RtlRack.ini
2012-10-23 12:25:48 ----D---- C:\Documents and Settings\Lubomir Opatovsky\Application Data\BSplayer
2012-10-20 09:10:31 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-10-19 19:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2012-10-19 15:20:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-10-18 02:11:34 ----D---- C:\Program Files\DOSBox-0.74
2012-10-18 00:08:09 ----D---- C:\Program Files\Wise Registry Cleaner
2012-10-17 23:50:32 ----D---- C:\Program Files\Java
2012-10-17 23:47:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-10-10 02:07:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-10-10 02:02:58 ----A---- C:\WINDOWS\system32\MRT.exe
2012-10-10 01:59:36 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-10-24 477240]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2009-05-05 13976]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2009-05-05 22168]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2004-01-21 5915]
R3 PID_08A0;Labtec WebCam Pro(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-01-21 271360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-09-16 26888]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 augzyman;augzyman; C:\WINDOWS\system32\drivers\augzyman.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\LUBOMI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2000-01-01 46592]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-07 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys []
S3 pwdrvio;pwdrvio; \??\C:\WINDOWS\system32\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\WINDOWS\system32\DRIVERS\swumx20.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2000-01-01 203648]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys []
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-24 161768]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9bb72f45153ea;Google Update Service (gupdate1c9bb72f45153ea); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-12 133104]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-12 133104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-03 115168]
S3 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2012-09-07 587472]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]

-----------------EOF-----------------