Spamování Skypu

[hacuc]

Dobrý den,
po delší době se opět obracím na veškerenstvo se žádostí o pomoc. Kolegyně počítač začal spamovat ze skypu a avg nahlásilo upozornění na malware. Soubor, který byl označen jsme dali do karantény.

Posílám log z RSIT a prosím o jeho kontrolu.

Díky Hačuč


Logfile of random's system information tool 1.09 (written by random/random)
Run by bejsovcova at 2013-04-08 11:10:40
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 157 GB (66%) free of 238 GB
Total RAM: 3071 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:48, on 8.4.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ClocX\ClocX.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\bejsovcova\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\bejsovcova.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.50:9080//jORManClient/ ... itomni.xml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ChateauXPServer] C:\Program Files\ChateauXP\ChateauXPServer.exe
O4 - HKLM\..\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=101411 serial=DR11CRZ-0226077-SKR
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [TeamTaskMonitor] C:\Program Files\Databox\Contact 5\TeamTaskMonitor.exe /minimizeafterstart /closeifnoconnection
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D67DB088-70B4-4006-B052-57F614FD3AA8} (ChtIEx Control) - http://www.vguard.net/myasp/chtIEx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62BB7BD8-8F2A-41CF-83E5-DC26F0555B75}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B84E79-8D0D-40F3-B2A2-55C5CED355AB}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8778 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\bejsovcova\Data aplikací\Mozilla\Firefox\Profiles\tkgy1iv7.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2012-10-15 1417336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-03-19 4529272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"ChateauXPServer"=C:\Program Files\ChateauXP\ChateauXPServer.exe []
"ToolboxFX"=C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [2010-04-16 58936]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-11-19 2598520]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-03-18 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-03-18 13879912]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-02-24 1753192]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title=CorelDRAW Graphics Suite 11 /date=101411 serial=DR11CRZ-0226077-SKR []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-04-18 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ClocX"=C:\Program Files\ClocX\ClocX.exe [2007-07-26 270336]
"TeamTaskMonitor"=C:\Program Files\Databox\Contact 5\TeamTaskMonitor.exe [2012-05-30 3280896]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-02-28 18642024]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ChateauXP\ChateauXPServer.exe"="C:\Program Files\ChateauXP\ChateauXPServer.exe:*:Enabled:ChateauXPServer"
"C:\Program Files\ChateauXP\ChateauXP.exe"="C:\Program Files\ChateauXP\ChateauXP.exe:*:Enabled:Win32 Application"
"C:\Program Files\ChateauXP\ChtSvr.exe"="C:\Program Files\ChateauXP\ChtSvr.exe:*:Enabled:ChtSvr"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\ProductInst.exe"="D:\ProductInst.exe:*:Enabled:Advanced TCP/IP Port Installer"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Databox\Contact 5\ProfilManager.exe"="C:\Program Files\Databox\Contact 5\ProfilManager.exe:*:Enabled:Profil manager"
"C:\Program Files\Databox\Server\nxServer.exe"="C:\Program Files\Databox\Server\nxServer.exe:*:Enabled:nxServer"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgwdsvc.exe"="C:\Program Files\AVG\AVG2012\avgwdsvc.exe:*:Enabled:Vzdálená správa AVG"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-04-08 11:10:40 ----D---- C:\rsit
2013-04-08 11:10:40 ----D---- C:\Program Files\trend micro
2013-04-08 09:11:10 ----D---- C:\Program Files\Common Files\Skype
2013-04-08 08:49:07 ----AH---- C:\Documents and Settings\bejsovcova\Data aplikací\winsvcns.sys
2013-03-25 07:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2013-03-11 11:17:06 ----D---- C:\dumps

======List of files/folders modified in the last 1 month======

2013-04-08 11:10:40 ----RD---- C:\Program Files
2013-04-08 11:10:25 ----D---- C:\WINDOWS\Prefetch
2013-04-08 11:10:02 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-08 10:59:54 ----D---- C:\Documents and Settings\bejsovcova\Data aplikací\Skype
2013-04-08 10:15:08 ----D---- C:\WINDOWS\Temp
2013-04-08 09:27:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-08 09:11:24 ----SHD---- C:\WINDOWS\Installer
2013-04-08 09:11:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-04-08 09:11:11 ----RD---- C:\Program Files\Skype
2013-04-08 09:11:10 ----D---- C:\Program Files\Common Files
2013-04-08 06:53:52 ----D---- C:\WINDOWS\system32\drivers\AVG
2013-04-04 07:38:18 ----A---- C:\WINDOWS\wincmd.ini
2013-04-04 07:34:12 ----A---- C:\WINDOWS\wcx_ftp.ini
2013-04-02 08:06:51 ----D---- C:\Program Files\Mozilla Firefox
2013-04-02 06:54:14 ----D---- C:\WINDOWS\system32
2013-04-02 06:54:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-03-25 11:56:18 ----HD---- C:\WINDOWS\inf
2013-03-25 07:59:37 ----D---- C:\WINDOWS
2013-03-25 07:56:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-03-25 07:56:52 ----D---- C:\WINDOWS\system32\drivers
2013-03-25 07:53:10 ----HD---- C:\WINDOWS\$hf_mig$
2013-03-15 09:29:28 ----RSD---- C:\WINDOWS\Fonts
2013-03-15 08:00:06 ----A---- C:\WINDOWS\system32\MRT.exe
2013-03-15 08:00:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-03-15 07:59:30 ----A---- C:\WINDOWS\imsins.BAK
2013-03-15 07:59:04 ----D---- C:\Program Files\Internet Explorer
2013-03-15 07:58:54 ----D---- C:\WINDOWS\ie8updates
2013-03-13 11:05:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-03-11 11:18:18 ----SHD---- C:\WINDOWS\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2006-10-31 11008]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2012-08-24 301920]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-12-08 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-03-19 9894176]
R3 Safetica;Safetica Encryption Driver; C:\WINDOWS\system32\DRIVERS\safetica.sys [2010-08-03 268760]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-26 248832]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Vgdev;Vguard 7146 Serial Device; C:\WINDOWS\System32\Drivers\Vgdev.sys [2006-12-19 36990]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-29 258560]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-03-18 155752]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[JaRon]

ahoj.
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[hacuc]

Děkuji za reakci,
posílám log z combofixu

ComboFix 13-04-08.02 - bejsovcova 08.04.2013 12:43:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2248 [GMT 2:00]
Spuštěný z: c:\documents and settings\bejsovcova\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\bejsovcova\Recent\Thumbs.db
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-08 do 2013-04-08 )))))))))))))))))))))))))))))))
.
.
2013-04-08 09:10 . 2013-04-08 09:10 -------- d-----w- C:\rsit
2013-04-08 09:10 . 2013-04-08 09:10 -------- d-----w- c:\program files\trend micro
2013-04-08 07:11 . 2013-04-08 07:11 -------- d-----w- c:\program files\Common Files\Skype
2013-04-08 06:49 . 2013-04-08 06:49 0 ---ha-w- c:\documents and settings\bejsovcova\Data aplikací\winsvcns.sys
2013-04-08 06:48 . 2013-04-08 06:50 -------- d-sh--r- c:\documents and settings\bejsovcova\S-500-9430-5849-2045
2013-03-22 06:25 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-22 06:25 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-19 20:30 . 2013-03-19 20:30 6066296 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-03-11 09:17 . 2013-03-11 09:17 -------- d-----w- C:\dumps
2013-03-11 09:17 . 2013-03-11 09:17 -------- d--h--w- c:\documents and settings\All Users\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 09:05 . 2012-04-25 04:51 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 09:05 . 2011-09-29 12:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2007-08-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2007-08-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2007-08-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:15 . 2007-08-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2007-08-02 12:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2007-08-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-25 11:03 . 2011-09-29 07:00 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"TeamTaskMonitor"="c:\program files\Databox\Contact 5\TeamTaskMonitor.exe" [2012-05-30 3280896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-18 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-18 13879912]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Databox\\Contact 5\\ProfilManager.exe"=
"c:\\Program Files\\Databox\\Server\\nxServer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"48100:TCP"= 48100:TCP:chateau
"48101:TCP"= 48101:TCP:chateau1
"48103:TCP"= 48103:TCP:chateau2
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"427:UDP"= 427:UDP:SLP
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [11.7.2011 1:13 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11.7.2011 1:13 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 1:14 301920]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 4:53 193288]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [12.4.2010 9:13 142336]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 13:32 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23.12.2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 13:32 17232]
R3 Safetica;Safetica Encryption Driver;c:\windows\system32\drivers\safetica.sys [3.8.2010 11:32 268760]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2.11.2012 4:51 5174392]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19.3.2013 22:26 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 Vgdev;Vguard 7146 Serial Device;c:\windows\system32\drivers\Vgdev.sys [16.10.2007 16:00 36990]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 05:25 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 09:05]
.
2013-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-04-08 c:\windows\Tasks\At1.job
- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 09:10]
.
2012-12-13 c:\windows\Tasks\At2.job
- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 09:10]
.
2013-03-12 c:\windows\Tasks\At3.job
- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 09:10]
.
2013-04-05 c:\windows\Tasks\At4.job
- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 09:10]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 12:45]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 12:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.50:9080//jORManClient/BP_Dochazka/anonymous/pritomni.xml
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{62BB7BD8-8F2A-41CF-83E5-DC26F0555B75}: NameServer = 192.168.1.1
TCP: Interfaces\{F3B84E79-8D0D-40F3-B2A2-55C5CED355AB}: NameServer = 192.168.1.1
DPF: {D67DB088-70B4-4006-B052-57F614FD3AA8} - hxxp://www.vguard.net/myasp/chtIEx.cab
FF - ProfilePath - c:\documents and settings\bejsovcova\Data aplikací\Mozilla\Firefox\Profiles\tkgy1iv7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ChateauXPServer - c:\program files\ChateauXP\ChateauXPServer.exe
HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 11\Register\registration.exe
Notify-AtiExtEvent - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-08 12:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-04-08 12:49:36
ComboFix-quarantined-files.txt 2013-04-08 10:49
.
Před spuštěním: Volných bajtů: 164 782 276 608
Po spuštění: Volných bajtů: 166 176 100 352
.
- - End Of File - - 1BB98EE3621D881E77FE3EBF7ED97038

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

File::
c:\documents and settings\bejsovcova\Data aplikací\winsvcns.sys

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[hacuc]

tu je log z opravy dle návodu

ComboFix 13-04-08.02 - bejsovcova 08.04.2013 13:27:53.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2325 [GMT 2:00]
Spuštěný z: c:\documents and settings\bejsovcova\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\bejsovcova\Plocha\CFScript.txt
AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\documents and settings\bejsovcova\Data aplikací\winsvcns.sys"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-08 do 2013-04-08 )))))))))))))))))))))))))))))))
.
.
2013-04-08 09:10 . 2013-04-08 09:10 -------- d-----w- C:\rsit
2013-04-08 09:10 . 2013-04-08 09:10 -------- d-----w- c:\program files\trend micro
2013-04-08 07:11 . 2013-04-08 07:11 -------- d-----w- c:\program files\Common Files\Skype
2013-04-08 06:49 . 2013-04-08 06:49 0 ---ha-w- c:\documents and settings\bejsovcova\Data aplikací\winsvcns.sys
2013-04-08 06:48 . 2013-04-08 06:50 -------- d-sh--r- c:\documents and settings\bejsovcova\S-500-9430-5849-2045
2013-03-22 06:25 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-22 06:25 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-19 20:30 . 2013-03-19 20:30 6066296 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-03-11 09:17 . 2013-03-11 09:17 -------- d-----w- C:\dumps
2013-03-11 09:17 . 2013-03-11 09:17 -------- d--h--w- c:\documents and settings\All Users\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 09:05 . 2012-04-25 04:51 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 09:05 . 2011-09-29 12:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2007-08-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2007-08-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2007-08-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:15 . 2007-08-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2007-08-02 12:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2007-08-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-25 11:03 . 2011-09-29 07:00 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"TeamTaskMonitor"="c:\program files\Databox\Contact 5\TeamTaskMonitor.exe" [2012-05-30 3280896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-18 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-18 13879912]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Databox\\Contact 5\\ProfilManager.exe"=
"c:\\Program Files\\Databox\\Server\\nxServer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"48100:TCP"= 48100:TCP:chateau
"48101:TCP"= 48101:TCP:chateau1
"48103:TCP"= 48103:TCP:chateau2
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"427:UDP"= 427:UDP:SLP
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [11.7.2011 1:13 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11.7.2011 1:13 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 1:14 301920]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 4:53 193288]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [12.4.2010 9:13 142336]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 13:32 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23.12.2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 13:32 17232]
R3 Safetica;Safetica Encryption Driver;c:\windows\system32\drivers\safetica.sys [3.8.2010 11:32 268760]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2.11.2012 4:51 5174392]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19.3.2013 22:26 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 Vgdev;Vguard 7146 Serial Device;c:\windows\system32\drivers\Vgdev.sys [16.10.2007 16:00 36990]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 05:25 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 09:05]
.
2013-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-04-08 c:\windows\Tasks\At1.job
- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 09:10]
.
2012-12-13 c:\windows\Tasks\At2.job
- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 09:10]
.
2013-03-12 c:\windows\Tasks\At3.job
- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 09:10]
.
2013-04-05 c:\windows\Tasks\At4.job
- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13 09:10]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 12:45]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 12:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.50:9080//jORManClient/BP_Dochazka/anonymous/pritomni.xml
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{62BB7BD8-8F2A-41CF-83E5-DC26F0555B75}: NameServer = 192.168.1.1
TCP: Interfaces\{F3B84E79-8D0D-40F3-B2A2-55C5CED355AB}: NameServer = 192.168.1.1
DPF: {D67DB088-70B4-4006-B052-57F614FD3AA8} - hxxp://www.vguard.net/myasp/chtIEx.cab
FF - ProfilePath - c:\documents and settings\bejsovcova\Data aplikací\Mozilla\Firefox\Profiles\tkgy1iv7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-08 13:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(5572)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2013-04-08 13:30:49
ComboFix-quarantined-files.txt 2013-04-08 11:30
ComboFix2.txt 2013-04-08 10:49
.
Před spuštěním: Volných bajtů: 166 173 491 200
Po spuštění: Volných bajtů: 166 162 718 720
.
- - End Of File - - A20135B1D208563F194BE816782FE1C0

[JaRon]

ako sa sprava PC ?

[hacuc]

počítač se chová standardně, nevypadá to, že by ani po spuštění skypu se dělo něco co nemá a ani avg nehlásí problémy

[JaRon]

OKi nateraz hotovo, ak by nieco, tak sa ukaz

[hacuc]

Ok, moc díky, dneska to bylo jednodušší než obvykle


odkážu kolegyni na platbu

mějte se

[JaRon]

citat:
Odinstalujte Combofix
• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

za malo maj sa fajn