VIRY.CZ

Zdravim,
Dnes jsem pracoval na internetu a nejspíše jsem něco stáhnul. Od té doby mi antivir neustále nachází nové Trojské koňě (Trojský kůň BackDoor.Generic12.GOG.dropper) v C:/WINDOWS/systom32/xxxxx.exe (ty x jsou název, který se neustále mění a je v číslech). Přesunu vir vždy do trezoru, ale po 2 minutách mi to najde jiný s jiným číslem v názvu.
Prosím o radu jak bych to mohl vyléčit.
Díky

P.S.: Log mi sem nejde vložit, protože má 87000 naků. Najdete ho prosím zde -> http://www.kulda-s.mzf.cz/log.txt

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Pokud log bude mít větší počet znaků, než je povoleno, rozdělte ho na více částí.

ComboFix 10-01-15.01 - Kuldas 15.01.2010 20:32:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1569 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuldas\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kuldas\mhskxx.exe
c:\documents and settings\Kuldas\secupdat.dat
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\kr_done1
c:\windows\system32\secupdat.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 18:57 . 2010-01-15 18:58 -------- d-----w- c:\program files\trend micro
2010-01-15 18:57 . 2010-01-15 18:58 -------- d-----w- C:\rsit
2010-01-15 18:46 . 2010-01-15 18:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-15 18:28 . 2010-01-15 18:28 59392 ---h--w- c:\documents and settings\Kuldas\wgg.exe
2010-01-15 18:28 . 2010-01-15 18:28 59392 ----a-w- c:\windows\system32\blvfw.exe
2010-01-14 20:18 . 2010-01-14 20:19 -------- d-----w- c:\program files\Heroes of Newerth
2010-01-12 19:45 . 2010-01-12 19:45 -------- d-----w- c:\program files\QuickTime
2010-01-12 19:44 . 2010-01-12 19:44 -------- d-----w- c:\program files\Common Files\Apple
2010-01-12 19:44 . 2010-01-12 19:44 -------- d-----w- c:\program files\Apple Software Update
2010-01-09 20:20 . 2010-01-09 20:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-09 20:20 . 2010-01-09 20:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-09 20:20 . 2010-01-09 20:20 -------- d-----w- c:\program files\OpenAL
2010-01-09 20:20 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-09 20:20 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-09 20:20 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-09 20:20 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-09 20:20 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-09 20:19 . 2010-01-09 20:21 -------- d-----w- c:\program files\Zombie Driver
2010-01-09 20:05 . 2010-01-09 20:05 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-09 20:04 . 2010-01-14 15:24 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-09 19:59 . 2010-01-09 19:59 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-09 18:21 . 2010-01-09 20:21 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-09 18:21 . 2010-01-09 18:21 -------- d-----w- c:\windows\system32\AGEIA
2010-01-09 18:21 . 2010-01-09 20:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 17:53 . 2010-01-09 18:02 -------- d-----w- c:\program files\Dragon Age
2010-01-09 17:52 . 2010-01-09 18:08 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-09 01:05 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-09 01:05 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-09 01:05 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-09 01:05 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-03 10:51 . 2010-01-03 10:51 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 20:11 . 2010-01-02 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-02 20:04 . 2010-01-15 19:34 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 19:43 . 2010-01-02 19:43 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ­
2010-01-02 19:38 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-02 19:38 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-02 19:38 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-02 19:02 . 2010-01-02 19:02 -------- d-----w- c:\program files\MSXML 6.0
2010-01-02 18:39 . 2010-01-08 16:58 -------- d-----w- c:\windows\Globalization
2010-01-02 18:39 . 2010-01-02 18:39 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-01-02 18:39 . 2010-01-02 18:39 -------- d-----w- c:\windows\Downloaded Installations
2010-01-02 17:41 . 2010-01-02 18:39 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-02 17:41 . 2010-01-02 17:41 -------- d-----w- c:\program files\DIFX
2010-01-02 17:41 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-02 17:41 . 2010-01-02 17:41 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-02 17:40 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-01-02 17:40 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-01-02 17:40 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-01-02 17:40 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-01-02 17:40 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-02 17:40 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-02 17:40 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-01-02 17:40 . 2010-01-02 19:17 -------- d-----w- c:\program files\Nokia
2010-01-02 16:36 . 2010-01-02 16:36 -------- d-sh--w- c:\windows\ftpcache
2010-01-01 18:04 . 2010-01-01 18:05 -------- d-----w- c:\program files\Creative
2009-12-31 22:16 . 2009-12-31 22:16 -------- d-----w- c:\windows\Sun
2009-12-31 22:14 . 2009-12-31 22:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 22:14 . 2009-12-31 22:14 -------- d-----w- c:\program files\Java
2009-12-31 18:23 . 2009-12-31 18:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-31 14:52 . 2009-12-31 14:52 -------- d-----w- c:\program files\Firaxis Games
2009-12-30 20:48 . 2008-11-13 14:20 602624 -c----w- c:\windows\system32\dllcache\crypt32.dll
2009-12-30 20:48 . 2008-11-13 14:20 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-12-30 19:48 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-30 19:48 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-30 19:06 . 2009-12-30 19:06 -------- d-----w- c:\windows\system32\xlive
2009-12-30 19:06 . 2009-12-30 20:47 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-30 18:36 . 2009-12-30 18:36 -------- d-----w- c:\program files\Microsoft Games
2009-12-28 21:49 . 2009-12-28 21:49 -------- d-----w- c:\program files\Sony
2009-12-28 21:48 . 2010-01-02 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-28 21:48 . 2009-12-28 21:48 -------- d-----w- c:\windows\system32\LogFiles
2009-12-28 21:47 . 2009-12-28 21:47 -------- d-----w- c:\program files\Sony Setup
2009-12-28 21:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-28 21:39 . 2009-12-28 21:44 -------- d-----w- C:\c8026d1b6a11f14c77
2009-12-28 10:42 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-12-28 10:42 . 2008-04-07 04:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-12-28 10:29 . 2009-12-28 10:29 -------- d-----w- c:\program files\Adobe Media Player
2009-12-28 10:28 . 2009-12-28 10:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-28 10:22 . 2009-12-28 10:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-28 09:52 . 2009-12-30 09:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-27 19:45 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-12-27 19:45 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-12-27 19:45 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-12-27 19:45 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-12-27 19:45 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-12-27 19:45 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-12-27 19:45 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-12-27 19:45 . 2006-09-28 15:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-12-27 19:45 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-12-27 19:45 . 2009-12-30 19:05 -------- d-----w- c:\windows\Logs
2009-12-27 19:41 . 2009-12-27 19:41 -------- d-----w- c:\program files\Ubisoft
2009-12-27 19:02 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-27 18:19 . 2009-12-27 18:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-27 18:11 . 2009-12-27 18:11 -------- d-----w- c:\program files\Common Files\Skype
2009-12-27 18:11 . 2009-12-27 18:12 -------- d-----r- c:\program files\Skype
2009-12-27 18:07 . 2009-12-27 18:07 -------- d-----w- c:\program files\PSPad editor
2009-12-27 15:19 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-27 14:52 . 2009-12-28 21:43 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-27 14:52 . 2009-12-27 14:52 -------- d-----w- c:\program files\MSBuild
2009-12-27 14:51 . 2009-12-27 14:51 -------- d-----w- c:\program files\Reference Assemblies
2009-12-27 14:51 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-27 14:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-27 14:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-27 14:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-27 14:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-27 14:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-27 14:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-27 14:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-27 14:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-27 01:18 . 2009-12-27 01:18 -------- d-----w- c:\program files\FreeTime
2009-12-27 01:12 . 2010-01-02 01:53 -------- d-----w- c:\program files\The KMPlayer
2009-12-27 00:57 . 2010-01-08 16:27 -------- d-----w- c:\program files\FileZilla FTP Client
2009-12-27 00:50 . 2009-12-27 00:50 -------- d-----w- c:\program files\Apowersoft
2009-12-27 00:43 . 2009-10-29 07:45 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-27 00:43 . 2009-10-29 07:45 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-27 00:43 . 2009-10-29 07:45 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-27 00:43 . 2009-10-29 07:45 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-27 00:43 . 2009-10-29 07:45 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-12-27 00:43 . 2009-10-29 07:45 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-12-27 00:43 . 2009-10-28 14:36 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-27 00:43 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-12-27 00:31 . 2009-12-27 00:32 -------- d-----w- c:\program files\QIP Infium
2009-12-26 23:57 . 2010-01-14 21:02 -------- d-----w- c:\program files\World of Warcraft
2009-12-26 23:43 . 2009-12-26 23:43 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-26 23:42 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-12-26 23:27 . 2009-12-26 23:27 -------- d-sh--w- c:\documents and settings\Kuldas\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 22:33 . 2009-12-26 21:01 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-01-02 20:11 . 2009-12-26 20:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 19:38 . 2010-01-02 19:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-02 19:38 . 2010-01-02 19:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-02 18:56 . 2002-09-23 12:00 81442 ----a-w- c:\windows\system32\perfc005.dat
2010-01-02 18:56 . 2002-09-23 12:00 437350 ----a-w- c:\windows\system32\perfh005.dat
2009-12-30 18:07 . 2009-12-30 18:06 -------- d-----w- c:\program files\Winamp
2009-12-26 22:36 . 2009-12-26 20:51 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-26 22:26 . 2009-12-26 20:27 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-26 22:26 . 2009-12-26 20:27 2982 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-12-26 21:51 . 2009-12-26 21:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-26 21:51 . 2009-12-26 21:51 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-26 21:51 . 2009-12-26 21:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-26 21:51 . 2009-12-26 21:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-26 21:51 . 2009-12-26 21:51 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-26 21:51 . 2009-12-26 21:51 -------- d-----w- c:\program files\AVG
2009-12-26 21:34 . 2009-12-26 20:27 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2009-12-26 21:01 . 2009-12-26 21:01 -------- d-----w- c:\program files\ASUS
2009-12-26 20:58 . 2009-12-26 20:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-26 20:47 . 2009-12-26 20:35 -------- d-----w- c:\program files\Realtek
2009-12-26 20:37 . 2009-12-26 20:37 -------- d-----w- c:\program files\Intel
2009-12-26 20:35 . 2009-12-26 20:35 315392 ----a-w- c:\windows\HideWin.exe
2009-12-26 20:27 . 2009-12-26 20:27 -------- d-----w- c:\program files\microsoft frontpage
2009-12-26 20:27 . 2009-12-26 20:27 558142 ----a-w- c:\windows\java\Packages\2K31NN5J.ZIP
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\KO4INDR1.DAT
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\H7VBDBXZ.DAT
2009-12-26 20:27 . 2009-12-26 20:27 155995 ----a-w- c:\windows\java\Packages\QOMXJH7N.ZIP
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\QMLVJ9ZX.DAT
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\OXZZJVVT.DAT
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\AU13H7VZ.DAT
2009-12-26 20:25 . 2009-12-26 20:25 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-21 16:03 . 2002-09-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-19 20:42 . 2009-12-26 20:59 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-29 07:45 . 2002-09-23 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2009-12-26 21:32 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2002-09-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2009-12-26 21:32 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:40 . 2009-12-26 21:32 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2009-12-26 21:32 265728 ------w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"blvfw"="c:\windows\system32\blvfw.exe \u" [X]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-26 2033432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kuldas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-26 21:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\blvfw.exe"=
"c:\\Documents and Settings\\Kuldas\\wgg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [26.12.2009 22:51 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26.12.2009 22:51 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26.12.2009 22:51 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [26.12.2009 22:51 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26.12.2009 22:51 285392]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.1.2010 21:11 222968]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.1.2010 20:59 717296]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [9.1.2010 19:02 25832]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kuldas\Data aplikací\Mozilla\Firefox\Profiles\r317h77z.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Kuldas\Data aplikací\Mozilla\Firefox\Profiles\r317h77z.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 20:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-01-15 20:35:43
ComboFix-quarantined-files.txt 2010-01-15 19:35

Před spuštěním: Volných bajtů: 416 531 034 112
Po spuštění: Volných bajtů: 416 659 546 112

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 9B3CF8860B88B5A3BE42D590B7DB4BB4

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\documents and settings\Kuldas\wgg.exe
c:\windows\system32\blvfw.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blvfw"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Hotovo.
Díky moc tady je ještě konečný log.

ComboFix 10-01-15.01 - Kuldas 15.01.2010 21:31:37.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1411 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuldas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kuldas\Plocha\CFScript.txt.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\documents and settings\Kuldas\wgg.exe
file zipped: c:\windows\system32\blvfw.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kuldas\wgg.exe
c:\windows\system32\blvfw.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 18:57 . 2010-01-15 18:58 -------- d-----w- c:\program files\trend micro
2010-01-15 18:57 . 2010-01-15 18:58 -------- d-----w- C:\rsit
2010-01-15 18:46 . 2010-01-15 18:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 20:18 . 2010-01-14 20:19 -------- d-----w- c:\program files\Heroes of Newerth
2010-01-12 19:45 . 2010-01-12 19:45 -------- d-----w- c:\program files\QuickTime
2010-01-12 19:44 . 2010-01-12 19:44 -------- d-----w- c:\program files\Common Files\Apple
2010-01-12 19:44 . 2010-01-12 19:44 -------- d-----w- c:\program files\Apple Software Update
2010-01-09 20:20 . 2010-01-09 20:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-09 20:20 . 2010-01-09 20:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-09 20:20 . 2010-01-09 20:20 -------- d-----w- c:\program files\OpenAL
2010-01-09 20:20 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-09 20:20 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-09 20:20 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-09 20:20 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-09 20:20 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-09 20:19 . 2010-01-09 20:21 -------- d-----w- c:\program files\Zombie Driver
2010-01-09 20:05 . 2010-01-09 20:05 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-09 20:04 . 2010-01-14 15:24 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-09 19:59 . 2010-01-09 19:59 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-09 18:21 . 2010-01-09 20:21 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-09 18:21 . 2010-01-09 18:21 -------- d-----w- c:\windows\system32\AGEIA
2010-01-09 18:21 . 2010-01-09 20:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 17:53 . 2010-01-09 18:02 -------- d-----w- c:\program files\Dragon Age
2010-01-09 17:52 . 2010-01-09 18:08 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-09 01:05 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-09 01:05 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-09 01:05 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-09 01:05 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-03 10:51 . 2010-01-03 10:51 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 20:11 . 2010-01-02 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-02 20:04 . 2010-01-15 19:34 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 19:43 . 2010-01-02 19:43 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ­
2010-01-02 19:38 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-02 19:38 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-02 19:38 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-02 19:02 . 2010-01-02 19:02 -------- d-----w- c:\program files\MSXML 6.0
2010-01-02 18:39 . 2010-01-08 16:58 -------- d-----w- c:\windows\Globalization
2010-01-02 18:39 . 2010-01-02 18:39 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-01-02 18:39 . 2010-01-02 18:39 -------- d-----w- c:\windows\Downloaded Installations
2010-01-02 17:41 . 2010-01-02 18:39 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-02 17:41 . 2010-01-02 17:41 -------- d-----w- c:\program files\DIFX
2010-01-02 17:41 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-02 17:41 . 2010-01-02 17:41 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-02 17:40 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-01-02 17:40 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-01-02 17:40 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-01-02 17:40 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-01-02 17:40 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-02 17:40 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-02 17:40 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-01-02 17:40 . 2010-01-02 19:17 -------- d-----w- c:\program files\Nokia
2010-01-02 16:36 . 2010-01-02 16:36 -------- d-sh--w- c:\windows\ftpcache
2010-01-01 18:04 . 2010-01-01 18:05 -------- d-----w- c:\program files\Creative
2009-12-31 22:16 . 2009-12-31 22:16 -------- d-----w- c:\windows\Sun
2009-12-31 22:14 . 2009-12-31 22:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 22:14 . 2009-12-31 22:14 -------- d-----w- c:\program files\Java
2009-12-31 18:23 . 2009-12-31 18:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-31 14:52 . 2009-12-31 14:52 -------- d-----w- c:\program files\Firaxis Games
2009-12-30 20:48 . 2008-11-13 14:20 602624 -c----w- c:\windows\system32\dllcache\crypt32.dll
2009-12-30 20:48 . 2008-11-13 14:20 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-12-30 19:48 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-30 19:48 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-30 19:06 . 2009-12-30 19:06 -------- d-----w- c:\windows\system32\xlive
2009-12-30 19:06 . 2009-12-30 20:47 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-30 18:36 . 2009-12-30 18:36 -------- d-----w- c:\program files\Microsoft Games
2009-12-28 21:49 . 2009-12-28 21:49 -------- d-----w- c:\program files\Sony
2009-12-28 21:48 . 2010-01-02 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-28 21:48 . 2009-12-28 21:48 -------- d-----w- c:\windows\system32\LogFiles
2009-12-28 21:47 . 2009-12-28 21:47 -------- d-----w- c:\program files\Sony Setup
2009-12-28 21:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-28 21:39 . 2009-12-28 21:44 -------- d-----w- C:\c8026d1b6a11f14c77
2009-12-28 10:42 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-12-28 10:42 . 2008-04-07 04:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-12-28 10:29 . 2009-12-28 10:29 -------- d-----w- c:\program files\Adobe Media Player
2009-12-28 10:28 . 2009-12-28 10:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-28 10:22 . 2009-12-28 10:22 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-28 09:52 . 2009-12-30 09:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-27 19:45 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-12-27 19:45 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-12-27 19:45 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-12-27 19:45 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-12-27 19:45 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-12-27 19:45 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-12-27 19:45 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-12-27 19:45 . 2006-09-28 15:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-12-27 19:45 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-12-27 19:45 . 2009-12-30 19:05 -------- d-----w- c:\windows\Logs
2009-12-27 19:41 . 2009-12-27 19:41 -------- d-----w- c:\program files\Ubisoft
2009-12-27 19:02 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-27 18:19 . 2009-12-27 18:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-27 18:11 . 2009-12-27 18:11 -------- d-----w- c:\program files\Common Files\Skype
2009-12-27 18:11 . 2009-12-27 18:12 -------- d-----r- c:\program files\Skype
2009-12-27 18:07 . 2009-12-27 18:07 -------- d-----w- c:\program files\PSPad editor
2009-12-27 15:19 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-27 14:52 . 2009-12-28 21:43 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-27 14:52 . 2009-12-27 14:52 -------- d-----w- c:\program files\MSBuild
2009-12-27 14:51 . 2009-12-27 14:51 -------- d-----w- c:\program files\Reference Assemblies
2009-12-27 14:51 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-27 14:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-27 14:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-27 14:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-27 14:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-27 14:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-27 14:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-27 14:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-27 14:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-27 01:18 . 2009-12-27 01:18 -------- d-----w- c:\program files\FreeTime
2009-12-27 01:12 . 2010-01-02 01:53 -------- d-----w- c:\program files\The KMPlayer
2009-12-27 00:57 . 2010-01-08 16:27 -------- d-----w- c:\program files\FileZilla FTP Client
2009-12-27 00:50 . 2009-12-27 00:50 -------- d-----w- c:\program files\Apowersoft
2009-12-27 00:43 . 2009-10-29 07:45 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-27 00:43 . 2009-10-29 07:45 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-27 00:43 . 2009-10-29 07:45 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-27 00:43 . 2009-10-29 07:45 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-27 00:43 . 2009-10-29 07:45 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-12-27 00:43 . 2009-10-29 07:45 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-12-27 00:43 . 2009-10-28 14:36 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-27 00:43 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-12-27 00:31 . 2009-12-27 00:32 -------- d-----w- c:\program files\QIP Infium
2009-12-26 23:57 . 2010-01-14 21:02 -------- d-----w- c:\program files\World of Warcraft
2009-12-26 23:43 . 2009-12-26 23:43 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-26 23:42 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-12-26 23:27 . 2009-12-26 23:27 -------- d-sh--w- c:\documents and settings\Kuldas\UserData
2009-12-26 23:16 . 2009-12-26 23:16 0 ----a-w- c:\windows\nsreg.dat
2009-12-26 23:16 . 2010-01-14 15:25 -------- d-----w- c:\documents and settings\Kuldas\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 22:33 . 2009-12-26 21:01 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-01-02 20:11 . 2009-12-26 20:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 19:38 . 2010-01-02 19:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-02 19:38 . 2010-01-02 19:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-02 18:56 . 2002-09-23 12:00 81442 ----a-w- c:\windows\system32\perfc005.dat
2010-01-02 18:56 . 2002-09-23 12:00 437350 ----a-w- c:\windows\system32\perfh005.dat
2009-12-30 18:07 . 2009-12-30 18:06 -------- d-----w- c:\program files\Winamp
2009-12-26 22:36 . 2009-12-26 20:51 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-26 22:26 . 2009-12-26 20:27 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-26 22:26 . 2009-12-26 20:27 2982 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-12-26 21:51 . 2009-12-26 21:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-26 21:51 . 2009-12-26 21:51 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-26 21:51 . 2009-12-26 21:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-26 21:51 . 2009-12-26 21:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-26 21:51 . 2009-12-26 21:51 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-26 21:51 . 2009-12-26 21:51 -------- d-----w- c:\program files\AVG
2009-12-26 21:34 . 2009-12-26 20:27 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2009-12-26 21:01 . 2009-12-26 21:01 -------- d-----w- c:\program files\ASUS
2009-12-26 20:58 . 2009-12-26 20:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-26 20:47 . 2009-12-26 20:35 -------- d-----w- c:\program files\Realtek
2009-12-26 20:37 . 2009-12-26 20:37 -------- d-----w- c:\program files\Intel
2009-12-26 20:35 . 2009-12-26 20:35 315392 ----a-w- c:\windows\HideWin.exe
2009-12-26 20:27 . 2009-12-26 20:27 -------- d-----w- c:\program files\microsoft frontpage
2009-12-26 20:27 . 2009-12-26 20:27 558142 ----a-w- c:\windows\java\Packages\2K31NN5J.ZIP
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\KO4INDR1.DAT
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\H7VBDBXZ.DAT
2009-12-26 20:27 . 2009-12-26 20:27 155995 ----a-w- c:\windows\java\Packages\QOMXJH7N.ZIP
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\QMLVJ9ZX.DAT
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\OXZZJVVT.DAT
2009-12-26 20:27 . 2009-12-26 20:27 2678 ----a-w- c:\windows\java\Packages\Data\AU13H7VZ.DAT
2009-12-26 20:25 . 2009-12-26 20:25 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-21 16:03 . 2002-09-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-19 20:42 . 2009-12-26 20:59 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-29 07:45 . 2002-09-23 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2009-12-26 21:32 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2002-09-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2009-12-26 21:32 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:40 . 2009-12-26 21:32 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2009-12-26 21:32 265728 ------w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-26 2033432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kuldas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-26 21:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [26.12.2009 22:51 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26.12.2009 22:51 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26.12.2009 22:51 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [26.12.2009 22:51 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26.12.2009 22:51 285392]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.1.2010 21:11 222968]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.1.2010 20:59 717296]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [9.1.2010 19:02 25832]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kuldas\Data aplikací\Mozilla\Firefox\Profiles\r317h77z.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Kuldas\Data aplikací\Mozilla\Firefox\Profiles\r317h77z.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 21:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-01-15 21:34:16
ComboFix-quarantined-files.txt 2010-01-15 20:34
ComboFix2.txt 2010-01-15 19:35

Před spuštěním: Volných bajtů: 416 674 684 928
Po spuštění: Volných bajtů: 416 663 101 440

- - End Of File - - B7B7DF052CF914764B0C65609FFEC2DB
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý.

Díky moc

Nemáte zač!