VIRY.CZ

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pečovatelská služba at 2010-02-23 13:38:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (87%) free of 76 GB
Total RAM: 735 MB (57% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-02-23 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [2005-08-26 36975]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-02-23 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Pečovatelská služba\Nabídka Start\Programy\Po spuštění
netuza32.exe
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-02-23 12464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-23 13:38:20 ----D---- C:\Program Files\trend micro
2010-02-23 13:38:15 ----D---- C:\rsit
2010-02-23 13:32:51 ----D---- C:\WINDOWS\tmp
2010-02-23 08:38:38 ----HD---- C:\$AVG
2010-02-23 08:37:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-02-23 08:37:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-02-23 08:36:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-02-22 13:50:49 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-02-19 10:25:46 ----D---- C:\SDFix
2010-02-19 10:24:48 ----A---- C:\FixMebroot.exe
2010-02-19 10:12:57 ----SHD---- C:\RECYCLER
2010-02-18 18:08:33 ----D---- C:\WINDOWS\temp
2010-02-18 17:46:45 ----A---- C:\WINDOWS\MBR.exe
2010-02-18 15:26:32 ----D---- C:\Documents and Settings\Pečovatelská služba\Data aplikací\Malwarebytes
2010-02-18 15:26:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-12 19:28:30 ----D---- C:\Documents and Settings\Pečovatelská služba\Data aplikací\TeamViewer
2010-02-12 19:28:17 ----D---- C:\Program Files\TeamViewer
2010-02-12 18:55:50 ----D---- C:\WINDOWS\ie8updates
2010-02-12 18:54:12 ----D---- C:\WINDOWS\WBEM
2010-02-12 18:53:00 ----HDC---- C:\WINDOWS\ie8
2010-02-12 18:42:00 ----D---- C:\Documents and Settings\Pečovatelská služba\Data aplikací\Mozilla
2010-02-12 18:41:44 ----D---- C:\Program Files\Mozilla Firefox
2010-02-10 15:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 15:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 15:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 15:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 15:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 15:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 15:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 15:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 15:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-02 08:19:25 ----A---- C:\WINDOWS\NeroDigital.ini

======List of files/folders modified in the last 1 months======

2010-02-23 13:38:20 ----RD---- C:\Program Files
2010-02-23 13:32:51 ----D---- C:\WINDOWS
2010-02-23 12:02:32 ----D---- C:\Documents and Settings\Pečovatelská služba\Data aplikací\OpenOffice.org2
2010-02-23 11:58:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-23 11:55:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-23 11:53:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-23 10:21:17 ----D---- C:\WINDOWS\system32\drivers
2010-02-23 08:37:56 ----D---- C:\WINDOWS\system32
2010-02-23 08:36:38 ----SHD---- C:\WINDOWS\Installer
2010-02-22 15:46:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-22 15:31:22 ----D---- C:\WINDOWS\Prefetch
2010-02-22 13:51:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-22 13:12:14 ----D---- C:\WINDOWS\system32\Restore
2010-02-22 13:11:38 ----SHD---- C:\System Volume Information
2010-02-22 12:38:08 ----D---- C:\WINDOWS\pchealth
2010-02-19 14:26:52 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-18 18:04:08 ----A---- C:\WINDOWS\system.ini
2010-02-18 18:02:00 ----D---- C:\WINDOWS\system32\config
2010-02-18 17:52:34 ----D---- C:\WINDOWS\AppPatch
2010-02-18 17:52:26 ----D---- C:\Program Files\Common Files
2010-02-18 15:02:32 ----HD---- C:\WINDOWS\inf
2010-02-16 20:01:49 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-16 19:34:21 ----A---- C:\WINDOWS\wincmd.ini
2010-02-12 19:02:43 ----D---- C:\WINDOWS\system32\cs-cz
2010-02-12 19:02:42 ----D---- C:\WINDOWS\Help
2010-02-12 19:02:42 ----D---- C:\Program Files\Internet Explorer
2010-02-12 18:57:20 ----A---- C:\WINDOWS\imsins.BAK
2010-02-12 18:54:04 ----D---- C:\WINDOWS\Media
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-02-23 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-23 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-23 360584]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-08-05 12416]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-04-23 818496]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-08-05 220672]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-02-23 285392]

-----------------EOF-----------------

Zdravím

Na logu se pracuje, prosím o strpení.

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

ComboFix 10-02-17.02 - Pečovatelská služba 24.02.2010 8:26.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.735.410 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pečovatelská služba\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-24 do 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-23 12:38 . 2010-02-23 12:38 -------- d-----w- c:\program files\trend micro
2010-02-23 12:38 . 2010-02-23 12:38 -------- d-----w- C:\rsit
2010-02-23 12:32 . 2010-02-23 12:32 -------- d-----w- c:\windows\tmp
2010-02-23 07:38 . 2010-02-23 07:38 -------- d-----w- C:\$AVG
2010-02-23 07:37 . 2010-02-23 07:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-23 07:37 . 2010-02-23 07:37 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-23 07:37 . 2010-02-23 07:37 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-23 07:37 . 2010-02-23 07:37 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-23 07:37 . 2010-02-23 07:37 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-23 07:37 . 2010-02-23 11:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-22 12:51 . 2010-02-24 07:33 792064 ----a-w- c:\windows\system32\drivers\vgjik.sys
2010-02-22 12:50 . 2010-02-22 12:50 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-19 09:27 . 2010-02-19 09:27 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-02-19 09:25 . 2010-02-19 09:45 -------- d-----w- C:\SDFix
2010-02-19 09:24 . 2010-02-19 09:21 171904 ----a-w- C:\FixMebroot.exe
2010-02-19 08:30 . 2010-02-19 08:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-18 14:26 . 2010-02-23 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-12 18:28 . 2010-02-12 18:28 -------- d-----w- c:\program files\TeamViewer
2010-02-12 17:55 . 2010-02-12 17:55 -------- d-----w- c:\windows\ie8updates
2010-02-12 17:53 . 2010-02-12 17:53 -------- dc-h--w- c:\windows\ie8
2010-02-12 17:50 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-12 17:50 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-12 17:50 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-12 17:50 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-12 17:50 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-12 17:50 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-12 17:50 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 10:55 . 2006-10-02 11:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2006-09-29 12:37 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 11:55 . 2006-03-02 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 11:55 . 2006-03-02 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2006-03-02 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2006-03-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2006-03-02 12:00 . 2006-03-02 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 03:22 . 2006-03-02 12:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 03:21 . 2006-03-02 12:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 03:21 . 2006-03-02 12:00 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 03:21 . 2006-03-02 12:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 03:21 . 2006-03-02 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 03:21 . 2006-03-02 12:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 03:22 . 2006-03-02 12:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Peźovatelsk  slu§ba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
netuza32.exe [2008-4-14 31232]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-9-29 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-23 07:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [23.2.2010 8:37 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23.2.2010 8:37 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23.2.2010 8:37 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23.2.2010 8:36 285392]
S0 axesmv;axesmv; [x]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - vgjik
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pečovatelská služba\Data aplikací\Mozilla\Firefox\Profiles\gs3uu50b.default\
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 08:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vgjik]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-02-24 08:36:19
ComboFix-quarantined-files.txt 2010-02-24 07:36

Před spuštěním: Volných bajtů: 69 934 432 256
Po spuštění: Volných bajtů: 69 912 084 480

- - End Of File - - 35A287B0E950025AC3D69ED1491C9B81

Pokud nemáte, přesuňte Combofix na plochu

• otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

• uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
• po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci