Kontrola logu Combofix

[Piszkos Munkák]

Prosím o kontrolu logu z Combofixu. Píše se tam i něco o MBR a nerad bych něco po... Je to ze staršího noťasu který brousil po nebezpečných stránkách bez antiviru Takže jen skenování antivirem bylo na 2hodiny,opětovná kontrola taky, atd. děsná otrava tohle řešit. Obnovení systému vypnuto,hijackthis nic nenašel, jen Avira a Combofix.
Díky moc

ComboFix 10-01-18.02 - Radek 19.09.2009 11:32:36.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.420.1029.18.511.255 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radek\Dokumenty\Stažené soubory\ComboFix.exe
.
/wow section - STAGE 4
play.lnk není názvem vnitřního ani vnějšího příkazu
play.lnk není názvem vnitřního ani vnějšího příkazu
Malware není názvem vnitřního ani vnějšího příkazu
play.lnk není názvem vnitřního ani vnějšího příkazu
Malware není názvem vnitřního ani vnějšího příkazu
play.lnk není názvem vnitřního ani vnějšího příkazu
play.lnk není názvem vnitřního ani vnějšího příkazu


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\QIP
c:\program files\QIP\LI\current.cfg
c:\program files\QIP\LI\Czech\_cntry.lng
c:\program files\QIP\LI\Czech\_intrsts.lng
c:\program files\QIP\LI\Czech\_langs.lng
c:\program files\QIP\LI\Czech\_marital.lng
c:\program files\QIP\LI\Czech\_occup.lng
c:\program files\QIP\LI\Czech\_orgs.lng
c:\program files\QIP\LI\Czech\_past.lng
c:\program files\QIP\LI\Czech\_rndchat.lng
c:\program files\QIP\LI\Czech\desc.txt
c:\program files\QIP\LI\Czech\chars_r.ini
c:\program files\QIP\LI\Czech\chars_t.ini
c:\program files\QIP\LI\Czech\lang.ini
c:\program files\QIP\LI\English\_cntry.lng
c:\program files\QIP\LI\English\_intrsts.lng
c:\program files\QIP\LI\English\_langs.lng
c:\program files\QIP\LI\English\_marital.lng
c:\program files\QIP\LI\English\_occup.lng
c:\program files\QIP\LI\English\_orgs.lng
c:\program files\QIP\LI\English\_past.lng
c:\program files\QIP\LI\English\_rndchat.lng
c:\program files\QIP\LI\English\desc.txt
c:\program files\QIP\LI\English\chars_r.ini
c:\program files\QIP\LI\English\chars_t.ini
c:\program files\QIP\LI\English\lang.ini
c:\program files\QIP\LI\langs.cfg
c:\program files\QIP\LI\Russian\_cntry.lng
c:\program files\QIP\LI\Russian\_intrsts.lng
c:\program files\QIP\LI\Russian\_langs.lng
c:\program files\QIP\LI\Russian\_marital.lng
c:\program files\QIP\LI\Russian\_occup.lng
c:\program files\QIP\LI\Russian\_orgs.lng
c:\program files\QIP\LI\Russian\_past.lng
c:\program files\QIP\LI\Russian\_rndchat.lng
c:\program files\QIP\LI\Russian\desc.txt
c:\program files\QIP\LI\Russian\chars_r.ini
c:\program files\QIP\LI\Russian\chars_t.ini
c:\program files\QIP\LI\Russian\lang.ini
c:\program files\QIP\Plugins\docking.dll
c:\program files\QIP\qip.exe
c:\program files\QIP\Skins\current.cfg
c:\program files\QIP\Skins\ICQ5\addopt.bmp
c:\program files\QIP\Skins\ICQ5\allicons.bmp
c:\program files\QIP\Skins\ICQ5\clbg.bmp
c:\program files\QIP\Skins\ICQ5\clevent.bmp
c:\program files\QIP\Skins\ICQ5\clstatus.bmp
c:\program files\QIP\Skins\ICQ5\Colors.ini
c:\program files\QIP\Skins\ICQ5\desc.txt
c:\program files\QIP\Skins\ICQ5\downbutton1.bmp
c:\program files\QIP\Skins\ICQ5\fadehlp.bmp
c:\program files\QIP\Skins\ICQ5\fadehlpt.bmp
c:\program files\QIP\Skins\ICQ5\fademsg.bmp
c:\program files\QIP\Skins\ICQ5\fademsgt.bmp
c:\program files\QIP\Skins\ICQ5\fadesrv.bmp
c:\program files\QIP\Skins\ICQ5\fadesrvt.bmp
c:\program files\QIP\Skins\ICQ5\msgbg.bmp
c:\program files\QIP\Skins\ICQ5\msgbge.bmp
c:\program files\QIP\Skins\ICQ5\noimage.jpg
c:\program files\QIP\Skins\ICQ5\qipbtn.bmp
c:\program files\QIP\Skins\ICQ5\signs.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aa.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ab.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ac.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ad.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ae.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\af.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ag.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ah.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ai.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ak.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\al.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\am.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\an.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ao.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ap.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aq.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ar.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\as.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\at.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\au.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\av.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\aw.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ax.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ay.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\az.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\ba.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bb.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bc.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bd.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\be.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bf.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bg.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bh.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bi.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bj.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bk.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bl.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bm.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bn.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bo.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Animated\bp.gif
c:\program files\QIP\Skins\ICQ5\Smilies\Static\_define.ini
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aa.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ab.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ac.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ad.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ae.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\af.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ag.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ah.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ai.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aj.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ak.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\al.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\am.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\an.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ao.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ap.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aq.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ar.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\as.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\at.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\au.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\av.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\aw.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ax.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ay.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\ba.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bb.bmp
c:\program files\QIP\Skins\ICQ5\Smilies\Static\bc.bmp
c:\program files\QIP\Skins\ICQ5\splash.bmp
c:\program files\QIP\Skins\ICQ5\st_custom.bmp
c:\program files\QIP\Skins\ICQ5\statuses.bmp
c:\program files\QIP\Skins\ICQ5\title.bmp
c:\program files\QIP\Skins\ICQ5\tray.bmp
c:\program files\QIP\Skins\ICQ5\tray2k.bmp
c:\program files\QIP\Skins\ICQ5\upbutton1.bmp
c:\program files\QIP\Skins\ICQ5\upbutton2.bmp
c:\program files\QIP\Skins\ICQ5\upbutton3.bmp
c:\program files\QIP\Skins\ICQ5\userinfo.bmp
c:\program files\QIP\Skins\ICQ5\vis.bmp
c:\program files\QIP\Skins\skins.cfg
c:\program files\QIP\Sounds\sndAuth.wav
c:\program files\QIP\Sounds\sndGlobal.wav
c:\program files\QIP\Sounds\sndMsg.wav
c:\program files\QIP\Sounds\sndMsgSent.wav
c:\program files\QIP\Sounds\sndPlugin.wav
c:\program files\QIP\Sounds\sndRemSelf.wav
c:\program files\QIP\Sounds\sndSrvMsg.wav
c:\program files\QIP\Sounds\sndStartup.wav
c:\program files\QIP\Sounds\sndSystem.wav
c:\program files\QIP\unqip.exe
c:\program files\QIP\Users\Accounts.cfg
c:\program files\QIP\Users\Default.cfg
c:\windows\system32\ieuinit.inf

c:\windows\system32\qmgr.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-19 do 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-10-03 17:50 . 2009-10-03 17:50 -------- d-----w- c:\program files\Autokelly
2009-09-19 08:53 . 2009-09-19 08:56 -------- d-----w- C:\Ultimate Process Manager
2009-09-19 08:41 . 2009-09-19 08:41 -------- d-----w- C:\RootkitRevealer
2009-09-18 16:27 . 2009-09-18 16:27 -------- d-----w- c:\program files\CCleaner
2009-09-18 10:23 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-18 10:23 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-18 10:23 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-18 10:23 . 2009-09-18 10:23 -------- d-----w- c:\program files\Avira
2009-09-17 13:31 . 2009-09-17 13:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-17 13:30 . 2009-09-17 13:30 -------- d-----w- c:\program files\Java
2009-09-17 12:59 . 2009-09-17 12:59 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-17 12:36 . 2009-09-17 12:36 -------- d-----w- C:\backups
2009-09-17 12:35 . 2005-02-16 09:06 218112 ----a-w- C:\HijackThis.exe
2009-09-09 17:22 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2009-09-07 20:48 . 2009-09-07 20:48 -------- d-----w- C:\82ca0982386a90b31e1c7e
2009-09-05 23:05 . 2009-09-05 23:05 -------- d-----w- c:\program files\Webteh
2009-09-05 17:53 . 2009-09-05 17:53 -------- d-----w- c:\program files\TomTom DesktopSuite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 20:13 . 2005-10-27 18:19 -------- d-----w- c:\program files\Google
2009-09-19 09:46 . 2001-10-25 10:00 53196 ----a-w- c:\windows\system32\perfc005.dat
2009-09-19 09:46 . 2001-10-25 10:00 363222 ----a-w- c:\windows\system32\perfh005.dat
2009-09-18 17:07 . 2006-01-06 20:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-09 17:23 . 2005-10-27 18:19 -------- d-----w- c:\program files\DivX
2009-09-08 15:10 . 2005-10-28 10:24 -------- d-----w- c:\program files\Nokia
2009-09-08 15:08 . 2005-10-26 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2005-10-29 10:16 . 2005-10-27 18:19 56 -csh--r- c:\windows\system32\5C9AF9B3AA.sys
2005-10-29 10:16 . 2005-10-27 18:19 6476 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-04-28 5562368]
"nwiz"="nwiz.exe" [2005-04-28 1495040]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-12 102400]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTSETBOOTKEY]
2003-04-15 09:48 36864 ----a-w- c:\windows\system32\BTSetBootKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTUSRBDG]
2003-11-05 21:21 53248 ----a-w- c:\windows\system32\BtUsrBdg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-10-15 09:31 356352 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hsfpwcfg.exe]
2004-01-28 08:36 167936 ----a-r- c:\windows\Hsfpwcfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-09-13 09:51 1450096 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2004-10-15 09:27 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2002-08-20 13:08 1511453 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\asusdvd\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-30 11:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-17 13:31 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [18.9.2009 12:23 22360]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [28.10.2005 14:27 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [28.10.2005 14:27 27264]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [18.9.2009 12:23 45416]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [15.4.2004 11:02 147456]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [27.10.2005 13:39 114496]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.9.2009 12:23 108289]
R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [3.1.2008 13:18 57512]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [3.1.2008 13:18 15876]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [28.10.2005 14:41 193280]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [28.10.2005 14:32 702326]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [28.10.2005 14:32 4790]
R3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys [3.1.2008 13:18 17792]
S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\drivers\CSRBC01.sys [3.1.2008 13:18 24859]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {A752BE3F-5E2B-4504-8235-BA55A5D6927A} = 10.250.0.10,81.19.47.38
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Radek\Data aplikací\Mozilla\Firefox\Profiles\s0r4wcgy.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - H:\HijackThis.exe
AddRemove-QIP2005 - c:\program files\QIP\unqip.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 11:44
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81E3AF88]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85aaaac
\Driver\ACPI -> ACPI.sys @ 0xf84ef740
\Driver\atapi -> 0x81e3af88
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x80559f4b
ParseProcedure -> ntoskrnl.exe @ 0x805829d5
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x80559f4b
ParseProcedure -> ntoskrnl.exe @ 0x805829d5
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-823518204-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1584)
c:\windows\System32\ODBC32.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1640)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(1976)
c:\windows\System32\nview.dll
c:\windows\System32\NVWRSCS.DLL
c:\windows\System32\nvwddi.dll
c:\windows\System32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\kerio\Personal Firewall 4\kpf4gui.exe
c:\kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\System32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Celkový čas: 2009-09-19 11:49:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-19 09:49

Před spuštěním: Volných bajtů: 22 776 614 912
Po spuštění: Volných bajtů: 23 413 243 904

winxpsp1_cs_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 5E4C1E52B52D0C80853CB3390DE30AA8

[meteorolog]

Dobrý den, vložte sem ještě log z RSIT

[Piszkos Munkák]

Tady to je:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Radek at 2009-09-19 15:09:11
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 22 GB (29%) free of 76 GB
Total RAM: 511 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:14, on 19.9.2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\DOCUME~1\Radek\LOCALS~1\Temp\Google Toolbar\gtb1.tmp.exe
C:\RSIT.exe
C:\Program Files\trend micro\Radek.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A752BE3F-5E2B-4504-8235-BA55A5D6927A}: NameServer = 10.250.0.10,81.19.47.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 4516 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-21 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-21 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-04-28 5562368]
"nwiz"=nwiz.exe /install []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2005-05-12 102400]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTSETBOOTKEY]
C:\WINDOWS\system32\BTSetBootKey.exe [2003-04-15 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTUSRBDG]
C:\WINDOWS\system32\BtUsrBdg.exe [2003-11-05 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hsfpwcfg.exe]
C:\WINDOWS\Hsfpwcfg.exe [2004-01-28 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2004-09-13 1450096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2002-08-20 1511453]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\ASUSDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-03-30 25263144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-17 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE [2007-05-17 661776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE [2009-07-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-10-14 18:11:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2009-10-03 19:50:15 ----D---- C:\Program Files\Autokelly
2009-09-19 15:07:09 ----D---- C:\Program Files\trend micro
2009-09-19 15:07:07 ----D---- C:\rsit
2009-09-19 15:06:54 ----A---- C:\RSIT.exe
2009-09-19 11:49:22 ----D---- C:\WINDOWS\temp
2009-09-19 11:49:17 ----A---- C:\ComboFix.txt
2009-09-19 11:24:49 ----A---- C:\Boot.bak
2009-09-19 11:24:27 ----RASHD---- C:\cmdcons
2009-09-19 11:22:27 ----A---- C:\WINDOWS\zip.exe
2009-09-19 11:22:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-19 11:22:27 ----A---- C:\WINDOWS\SWSC.exe
2009-09-19 11:22:27 ----A---- C:\WINDOWS\SWREG.exe
2009-09-19 11:22:27 ----A---- C:\WINDOWS\sed.exe
2009-09-19 11:22:27 ----A---- C:\WINDOWS\PEV.exe
2009-09-19 11:22:27 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-19 11:22:27 ----A---- C:\WINDOWS\MBR.exe
2009-09-19 11:22:27 ----A---- C:\WINDOWS\grep.exe
2009-09-19 11:22:04 ----D---- C:\WINDOWS\ERDNT
2009-09-19 11:21:21 ----D---- C:\Qoobox
2009-09-19 10:53:52 ----D---- C:\Ultimate Process Manager
2009-09-19 10:41:30 ----D---- C:\RootkitRevealer
2009-09-18 20:37:13 ----D---- C:\Documents and Settings\Radek\Data aplikací\Uniblue
2009-09-18 18:27:32 ----D---- C:\Program Files\CCleaner
2009-09-18 12:23:14 ----D---- C:\Program Files\Avira
2009-09-18 12:23:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2009-09-17 15:31:37 ----A---- C:\WINDOWS\System32\javaws.exe
2009-09-17 15:31:37 ----A---- C:\WINDOWS\System32\javaw.exe
2009-09-17 15:31:37 ----A---- C:\WINDOWS\System32\java.exe
2009-09-17 15:31:37 ----A---- C:\WINDOWS\System32\deploytk.dll
2009-09-17 15:30:56 ----D---- C:\Program Files\Java
2009-09-17 15:22:10 ----D---- C:\Documents and Settings\Radek\Data aplikací\Sun
2009-09-17 15:21:30 ----A---- C:\dxva_sig.txt
2009-09-17 15:03:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-09-17 14:59:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2009-09-17 14:59:04 ----D---- C:\Program Files\McAfee Security Scan
2009-09-17 14:58:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2009-09-17 14:36:48 ----D---- C:\backups
2009-09-17 14:35:44 ----A---- C:\HijackThis.exe
2009-09-09 19:23:28 ----D---- C:\Documents and Settings\Radek\Data aplikací\Media Player Classic
2009-09-09 19:22:12 ----A---- C:\WINDOWS\System32\unrar.dll
2009-09-08 17:09:37 ----A---- C:\WINDOWS\SoundConverter.INI
2009-09-07 22:48:50 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-07 22:48:28 ----D---- C:\82ca0982386a90b31e1c7e
2009-09-06 01:05:53 ----D---- C:\Program Files\Webteh
2009-09-05 19:53:13 ----D---- C:\Program Files\TomTom DesktopSuite

======List of files/folders modified in the last 1 months======

2009-09-19 15:08:23 ----D---- C:\Program Files\Google
2009-09-19 15:07:09 ----RD---- C:\Program Files
2009-09-19 15:05:33 ----D---- C:\WINDOWS\Debug
2009-09-19 11:54:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-19 11:51:16 ----D---- C:\Program Files\Mozilla Firefox
2009-09-19 11:49:26 ----D---- C:\WINDOWS\System32\drivers
2009-09-19 11:49:22 ----D---- C:\WINDOWS
2009-09-19 11:47:47 ----D---- C:\WINDOWS\System32\CatRoot2
2009-09-19 11:46:22 ----D---- C:\WINDOWS\system32
2009-09-19 11:46:19 ----AC---- C:\WINDOWS\System32\PerfStringBackup.INI
2009-09-19 11:45:28 ----D---- C:\WINDOWS\Prefetch
2009-09-19 11:44:47 ----N---- C:\WINDOWS\system.ini
2009-09-19 11:40:01 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-09-19 11:37:02 ----D---- C:\WINDOWS\AppPatch
2009-09-19 11:36:59 ----D---- C:\Program Files\Common Files
2009-09-19 11:27:37 ----D---- C:\WINDOWS\System32\config
2009-09-19 11:24:49 ----RASH---- C:\boot.ini
2009-09-19 11:22:26 ----SHD---- C:\System Volume Information
2009-09-19 11:22:26 ----D---- C:\WINDOWS\System32\Restore
2009-09-18 20:43:42 ----D---- C:\WINDOWS\Minidump
2009-09-18 20:41:26 ----A---- C:\WINDOWS\win.ini
2009-09-18 19:08:04 ----SHD---- C:\WINDOWS\Installer
2009-09-18 19:08:04 ----D---- C:\Config.Msi
2009-09-18 19:07:23 ----D---- C:\Program Files\Common Files\Adobe
2009-09-18 19:07:23 ----D---- C:\Program Files\Adobe
2009-09-18 12:23:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-18 12:22:17 ----D---- C:\WINDOWS\WinSxS
2009-09-17 15:33:29 ----D---- C:\WINDOWS\pss
2009-09-17 12:47:05 ----D---- C:\Documents and Settings\Radek\Data aplikací\Skype
2009-09-12 11:02:06 ----D---- C:\WINDOWS\System32\Adobe
2009-09-09 19:23:12 ----D---- C:\Program Files\DivX
2009-09-08 17:10:31 ----D---- C:\Program Files\Nokia
2009-09-08 17:10:23 ----HD---- C:\WINDOWS\inf
2009-09-08 17:08:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-07 22:48:37 ----D---- C:\WINDOWS\LastGood
2009-09-05 08:02:06 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2009-09-05 08:02:06 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
2009-09-05 08:02:04 ----A---- C:\WINDOWS\ModemLog_Windigo Bluetooth DUN Modem.txt
2009-09-05 08:02:00 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2009-09-05 08:02:00 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači #2.txt
2009-09-05 08:02:00 ----A---- C:\WINDOWS\ModemLog_AC97 SoftV92 Data Fax Modem with SmartCP.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 147456]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-13 28672]
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2005-10-27 114496]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2002-08-29 196288]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2005-10-28 17119]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2001-08-17 55296]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2001-10-25 84864]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-09-20 57344]
R3 axsaki;axsaki; C:\WINDOWS\System32\DRIVERS\axsaki.sys [2003-03-30 102624]
R3 axskbus;axskbus; C:\WINDOWS\System32\DRIVERS\axskbus.sys [2003-03-28 8640]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 BTCOMM;BTCOMM; C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 57512]
R3 BTKRNBDG;Bluetooth COM Bridge; C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys [2003-03-18 15876]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2002-08-29 13184]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-05-12 1037056]
R3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2004-06-17 193280]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\System32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-09-20 57984]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-04-28 3453376]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2002-08-29 156544]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-08-09 70144]
R3 SynMini;USB2.0 1.3M Web Cam; C:\WINDOWS\System32\Drivers\SynMini.sys [2005-06-03 702326]
R3 SynScan;USB2.0 1.3M Web Cam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2005-06-03 4790]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-07-03 16000]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 vad_multi;Windigo Virtual Audio Device (WDM); C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 17792]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\System32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-05-12 685312]
R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2004-09-13 93440]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 cportclm;cportclm; \??\C:\DOCUME~1\Radek\LOCALS~1\Temp\cportclm.sys []
S3 CSRBC01;%CSRBC01.SvcDesc%; C:\WINDOWS\System32\Drivers\csrbc01.sys [2005-06-28 24859]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2003-02-19 19153]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2002-12-20 50396]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2001-08-17 20096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2002-08-29 38272]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;6na4; C:\WINDOWS\System32\svchost.exe [2001-10-25 12800]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2001-10-25 12800]
R2 KPF4;Kerio Personal Firewall 4; C:\Kerio\Personal Firewall 4\kpf4ss.exe [2004-04-15 1949696]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-04-28 127042]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\System32\svchost.exe [2001-10-25 12800]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S3 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-13 1192050]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-17 153376]
S3 NwSapAgent;Agent SAP; C:\WINDOWS\System32\svchost.exe [2001-10-25 12800]
S3 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
S3 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
S3 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-14 138168]

-----------------EOF-----------------

[meteorolog]

vypadá to OK, jen to ještě trochu pročistíme

použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter
(utilita může být označena antivirem jako vir - po použití ji smažte)

potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů

a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:

po spuštění staženého souboru se objeví okno:



zatrhněte Select All, klikněte na Empty Selected a Exit

stejným způsobem vymažte případně cache Firefoxu a Opery

restartujte PC

proveďte sken programem MBAM - http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

[Piszkos Munkák]

Super, jdu na to. Omlouvám se za ten "špatný" log. Ještě ke všemu mně z půlky střechy zhučel sníh a musel jsem to jít zlikvidovat, abych se dostal do baraku, svinsto jedno

[meteorolog]

v pohodě, nic se neděje