Prosím o kontrolu HJT

[PECHY15]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:51, on 17.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\qtplugin.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS.0\system32\qtplugin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMonitor1] "C:\WINDOWS.0\system32\qtplugin.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: BSC Applet Security - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
O16 - DPF: BSC Utilities - https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://portal.ozp.cz/obj/Signer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 7013 bytes

[Reklama]

[pitimir]

Ahoj, mas tam bordel.

Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".

[PECHY15]

Jj, bordelu jsem si vědom bohužel ne toho co znám

A koukám že se tady každýho půl roku mění používaný softwery

Tady je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Taťulda at 2009-12-18 18:59:15
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 6 GB (8%) free of 76 GB
Total RAM: 767 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:24, on 18.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS.0\system32\qtplugin.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taťulda\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Taťulda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS.0\system32\qtplugin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [W_MRPPRN] C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe
O4 - HKCU\..\Run: [RegistryMonitor1] "C:\WINDOWS.0\system32\qtplugin.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RegVac.lnk = C:\Program Files\RegVac Registry Cleaner\regvac.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: BSC Applet Security - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
O16 - DPF: BSC Utilities - https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://portal.ozp.cz/obj/Signer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 7165 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS.0\SOUNDMAN.EXE [2007-04-16 577536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS.0\system32\NvMcTray.dll [2006-06-01 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"RegistryMonitor1"=C:\WINDOWS.0\system32\qtplugin.exe [2009-12-15 489984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2004-08-18 15360]
"W_MRPPRN"=C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe [2003-11-24 1134080]
"RegistryMonitor1"=C:\WINDOWS.0\system32\qtplugin.exe [2009-12-15 489984]

C:\Documents and Settings\Taťulda\Nabídka Start\Programy\Po spuštění
RegVac.lnk - C:\Program Files\RegVac Registry Cleaner\regvac.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS.0\system32\usmt\migwiz.exe"="C:\WINDOWS.0\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Documents and Settings\PECHY\Local Settings\Temp\usmt\migwiz.exe"="C:\Documents and Settings\PECHY\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\i_am_pechy\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\i_am_pechy\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6681606f-bcd8-11de-bc3f-008048514af5}]
shell\AutoRun\command - G:\guylkn.exe
shell\explore\command - G:\guylkn.exe
shell\open\command - G:\guylkn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c5d097-bb2d-11de-bc32-008048514af5}]
shell\AutoRun\command - G:\ovjtsw.exe
shell\explore\command - G:\ovjtsw.exe
shell\open\command - G:\ovjtsw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c5d09a-bb2d-11de-bc32-008048514af5}]
shell\AutoRun\command - guylkn.exe
shell\explore\command - guylkn.exe
shell\open\command - guylkn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc4f1d18-bbb0-11de-bc34-008048514af5}]
shell\AutoRun\command - F:\guylkn.exe
shell\explore\command - F:\guylkn.exe
shell\open\command - F:\guylkn.exe


======List of files/folders created in the last 1 months======

2009-12-18 18:59:15 ----D---- C:\rsit
2009-12-17 16:52:00 ----A---- C:\WINDOWS.0\system32\xinput1_1.dll
2009-12-17 16:51:59 ----A---- C:\WINDOWS.0\system32\xactengine2_1.dll
2009-12-17 16:51:59 ----A---- C:\WINDOWS.0\system32\x3daudio1_0.dll
2009-12-17 16:51:52 ----A---- C:\WINDOWS.0\system32\d3dx9_30.dll
2009-12-17 16:51:19 ----D---- C:\Program Files\THQ
2009-12-17 16:05:36 ----A---- C:\WINDOWS.0\ntbtlog.txt
2009-12-15 08:25:50 ----A---- C:\WINDOWS.0\system32\qtplugin.exe
2009-12-13 18:58:26 ----D---- C:\Documents and Settings\Taťulda\Data aplikací\Malwarebytes
2009-12-13 15:58:36 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2009-12-13 15:58:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\system32\TASKMGR.COM
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\system32\T.COM
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\REGEDIT.COM
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\R.COM
2009-12-12 16:30:18 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\MicroWorld
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\javaws.exe
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\javaw.exe
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\java.exe
2009-11-26 20:33:15 ----D---- C:\Documents and Settings\Taťulda\Data aplikací\Broad Intelligence
2009-11-26 16:48:01 ----D---- C:\!KillBox
2009-11-22 07:55:49 ----D---- C:\Program Files\rajce

======List of files/folders modified in the last 1 months======

2009-12-18 18:59:20 ----D---- C:\WINDOWS.0\Prefetch
2009-12-18 17:42:38 ----D---- C:\WINDOWS.0\system32
2009-12-18 17:27:21 ----D---- C:\WINDOWS.0\Temp
2009-12-18 15:37:59 ----D---- C:\WINDOWS.0\system32\CatRoot2
2009-12-18 12:18:16 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2009-12-18 08:01:02 ----D---- C:\WINDOWS.0
2009-12-18 08:00:46 ----D---- C:\Program Files\RegVac Registry Cleaner
2009-12-17 18:35:41 ----D---- C:\Program Files\Steam
2009-12-17 17:09:20 ----SHD---- C:\WINDOWS.0\Installer
2009-12-17 16:57:32 ----D---- C:\Config.Msi
2009-12-17 16:57:31 ----SD---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Microsoft
2009-12-17 16:52:03 ----D---- C:\WINDOWS.0\system32\DirectX
2009-12-17 16:52:01 ----HD---- C:\WINDOWS.0\inf
2009-12-17 16:51:19 ----RD---- C:\Program Files
2009-12-16 21:00:53 ----D---- C:\Documents and Settings\Taťulda\Data aplikací\uTorrent
2009-12-15 08:59:57 ----AD---- C:\DOSITECH
2009-12-13 18:57:09 ----D---- C:\WINDOWS.0\srchasst
2009-12-13 18:57:08 ----D---- C:\WINDOWS.0\system32\drivers
2009-12-13 14:47:20 ----D---- C:\Program Files\iTunes
2009-12-13 14:46:18 ----D---- C:\Program Files\iPod
2009-12-13 14:46:15 ----D---- C:\Program Files\Common Files\Apple
2009-12-13 14:42:53 ----D---- C:\Program Files\QuickTime
2009-12-13 14:40:19 ----D---- C:\WINDOWS.0\WinSxS
2009-12-12 16:34:46 ----D---- C:\WINDOWS.0\Debug
2009-12-12 15:48:30 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-10 17:28:35 ----D---- C:\Program Files\Java
2009-12-10 09:51:03 ----D---- C:\MRPPRN
2009-12-04 15:16:07 ----D---- C:\UCTO2009
2009-11-27 19:07:27 ----A---- C:\WINDOWS.0\system.ini
2009-11-27 18:32:33 ----SHD---- C:\RECYCLER
2009-11-27 18:31:59 ----D---- C:\Documents and Settings
2009-11-26 21:04:22 ----D---- C:\Temp
2009-11-26 20:25:22 ----D---- C:\Documents and Settings\Taťulda\Data aplikací\Apple Computer
2009-11-26 08:11:42 ----D---- C:\Documents and Settings\Taťulda\Data aplikací\Adobe
2009-11-24 20:13:57 ----SD---- C:\Documents and Settings\Taťulda\Data aplikací\Microsoft
2009-11-24 16:10:33 ----D---- C:\Hry

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS.0\system32\DRIVERS\amdk7.sys [2004-08-18 41216]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SbFw;SbFw; C:\WINDOWS.0\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS.0\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SCDEmu;SCDEmu; C:\WINDOWS.0\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS.0\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS.0\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS.0\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS.0\system32\DRIVERS\nvcap.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-08 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2006-06-01 155715]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[pitimir]

Pol roka je dlha doba, hlavne v tejto brandi...len niektori ludia to nevedia ci nechcu pochopit :)

1) Stiahni OTM. Do laveho policka skopiruj:

Kód: Vybrat vše

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RegistryMonitor1"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RegistryMonitor1"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6681606f-bcd8-11de-bc3f-008048514af5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c5d097-bb2d-11de-bc32-008048514af5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c5d09a-bb2d-11de-bc32-008048514af5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc4f1d18-bbb0-11de-bc34-008048514af5}]

:files
C:\Program Files\AskBarDis
C:\Program Files\ICQ6Toolbar
C:\WINDOWS.0\system32\qtplugin.exe
C:\!KillBox

:services
ICQ Service

:commands
[purity]
[emptytemp]
[reboot]

Klik na "Move It". Nasledne sa ti objavi v okne "Result" pokec, ktory sem cely skopiruj.

P.S.: Keby program ziadal restart, potvr ho. Nasledujuci log najdes v "C:\_OTM\MovedFiles\".


2) Stiahni USBFix. Ukonci vsetky spustene veci a spust program. Vyber jazyk - v pripade anglictiny stlac E -> Enter. Dostanes do dalsieho menu. V nom stlac 2 -> Enter. Zacne sa scan, nezasahuj donho. Mozny je restart PC. Vytvoreny log najdes na "C:\UsbFix.txt", vloz ho sem.

[PECHY15]

Prvy log...

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6681606f-bcd8-11de-bc3f-008048514af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6681606f-bcd8-11de-bc3f-008048514af5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c5d097-bb2d-11de-bc32-008048514af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c5d097-bb2d-11de-bc32-008048514af5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c5d09a-bb2d-11de-bc32-008048514af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c5d09a-bb2d-11de-bc32-008048514af5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc4f1d18-bbb0-11de-bc34-008048514af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc4f1d18-bbb0-11de-bc34-008048514af5}\ not found.
========== FILES ==========
C:\Program Files\AskBarDis\PopSwatter\History folder moved successfully.
C:\Program Files\AskBarDis\PopSwatter folder moved successfully.
C:\Program Files\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files\AskBarDis\bar\History folder moved successfully.
C:\Program Files\AskBarDis\bar\Cache folder moved successfully.
C:\Program Files\AskBarDis\bar\bin folder moved successfully.
C:\Program Files\AskBarDis\bar folder moved successfully.
C:\Program Files\AskBarDis folder moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\WINDOWS.0\system32\qtplugin.exe moved successfully.
C:\!KillBox\Logs folder moved successfully.
C:\!KillBox\Jindra\Dokumenty\Downloads folder moved successfully.
C:\!KillBox\Jindra\Dokumenty folder moved successfully.
C:\!KillBox\Jindra\Application Data\Spyware Terminator\Reports folder moved successfully.
C:\!KillBox\Jindra\Application Data\Spyware Terminator\LanguageAct folder moved successfully.
C:\!KillBox\Jindra\Application Data\Spyware Terminator folder moved successfully.
C:\!KillBox\Jindra\Application Data folder moved successfully.
C:\!KillBox\Jindra folder moved successfully.
C:\!KillBox folder moved successfully.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: All Users.WINDOWS.0

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS.0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 75221037 bytes
->Temporary Internet Files folder emptied: 2206134 bytes
->FireFox cache emptied: 14813485 bytes

User: Jindra

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 466775 bytes

User: PECHY
->Temp folder emptied: 122254534 bytes
->Temporary Internet Files folder emptied: 2563959 bytes
->Java cache emptied: 13692923 bytes

User: Taťulda
->Temp folder emptied: 15194610 bytes
->Temporary Internet Files folder emptied: 51586824 bytes
->Java cache emptied: 40326030 bytes
->FireFox cache emptied: 3645570 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
Windows Temp folder emptied: 1072827 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 329,42 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12192009_125016

Files moved on Reboot...

Registry entries deleted on Reboot...

[PECHY15]

A tady je druhy...


############################## | UsbFix V6.065 |

User : PECHY (Administrators) # PECHAL-4D98CE7E
Update on 18/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 13:04:57 | 19.12.2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Sempron(tm) 2500+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
FW : Sunbelt Personal Firewall[ Enabled ]4.6.1845 T

A:\ -> Disketová jednotka 3 1/2" # 1,39 Mo (1,39 Mo free) [30161000] # FAT
C:\ -> Místní pevný disk # 74,53 Go (5,49 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Disk CD-ROM

############################## | Active processes |

C:\WINDOWS.0\System32\smss.exe 732
C:\WINDOWS.0\system32\csrss.exe 816
C:\WINDOWS.0\system32\winlogon.exe 856
C:\WINDOWS.0\system32\services.exe 904
C:\WINDOWS.0\system32\lsass.exe 916
C:\WINDOWS.0\system32\svchost.exe 1084
C:\WINDOWS.0\system32\svchost.exe 1156
C:\WINDOWS.0\System32\svchost.exe 1256
C:\WINDOWS.0\system32\logonui.exe 1268
C:\WINDOWS.0\system32\svchost.exe 1380
C:\WINDOWS.0\system32\svchost.exe 1520
C:\WINDOWS.0\system32\spoolsv.exe 1648
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1700
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1816
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1832
C:\Program Files\Bonjour\mDNSResponder.exe 1852
C:\Program Files\Java\jre6\bin\jqs.exe 1920
C:\WINDOWS.0\system32\nvsvc32.exe 1992
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe 148
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe 264
C:\WINDOWS.0\system32\svchost.exe 548
C:\WINDOWS.0\Explorer.EXE 1500
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe 1280
C:\WINDOWS.0\System32\alg.exe 696
C:\WINDOWS.0\system32\wbem\wmiprvse.exe 2592

################## | Files # Infected Folders |

Deleted ! C:\WINDOWS.0\regedit.com
Deleted ! C:\Recycler\S-1-5-21-177604574-1196308928-46328469-1006
Deleted ! C:\Recycler\S-1-5-21-177604574-1196308928-46328469-1009
Deleted ! C:\Recycler\S-1-5-21-177604574-1196308928-46328469-1032
Deleted ! C:\Recycler\S-1-5-21-2025429265-789336058-725345543-1004
Deleted ! C:\Recycler\S-1-5-21-2025429265-789336058-725345543-1005
Deleted ! C:\Recycler\S-1-5-21-2025429265-789336058-725345543-500

################## | Registry # Infected Keys |


################## | Registry # Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{fb1b1678-e7ef-11de-bcb5-008048514af5}\Shell\AutoRun\Command

################## | Listing of the present files |

[15.10.2009 18:43|--a------|0] C:\AUTOEXEC.BAT
[14.10.2009 16:50|--a------|614912] C:\blackra1n.exe
[23.10.2009 20:26|--a------|4759] C:\blackra1n.log
[05.04.2008 16:25|---hs----|211] C:\Boot.bak
[04.11.2009 16:18|--ahs----|395] C:\boot.ini
[18.08.2004 15:00|-rahs----|4952] C:\Bootfont.bin
[03.08.2004 23:00|--a------|261312] C:\cmldr
[28.05.2009 21:01|--a------|13071] C:\ComboFix.txt
[18.10.2009 16:08|--a------|244] C:\CONFIG.SYS
[04.11.2009 19:37|--a------|1956] C:\GE Podpisovy certifikat 2009_11_04.p12
[04.11.2009 19:36|--a------|1812] C:\GE SSL certifikat 2009_11_04.p12
[?|?|?] C:\hiberfil.sys
[21.09.2004 06:51|-rahs----|0] C:\IO.SYS
[03.10.2007 16:45|--a------|125] C:\ioSpecial.ini
[28.05.2009 17:50|-rahs----|0] C:\kht
[02.07.2009 15:13|-rahs----|0] C:\khu
[15.08.2009 05:26|-rahs----|0] C:\khv
[21.09.2004 06:51|-rahs----|0] C:\MSDOS.SYS
[18.08.2004 15:00|-rahs----|47564] C:\NTDETECT.COM
[18.08.2004 15:00|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[19.12.2009 13:18|--a------|3812] C:\UsbFix.txt
[24.11.2003 17:20|--a------|1134080] C:\W_mrpprn.exe

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\PECHY\PECHY - dokumenty\U§iteźně Instalaźky\MixMeister Fusion v7.0.2.0\Crack\FusionDemo.exe"
28.08.2006 02:15 |Size 2588672 |Crc32 6cb902f0 |Md5 bfbf38ebf6484ad059f1fd93ceaca6c8

"C:\Documents and Settings\PECHY\PECHY - dokumenty\U§iteźně Instalaźky\Virtual DJ 6.0.1 + Crack\install_virtualdj_trial_v6.0.1.exe"
04.06.2009 16:34 |Size 21115845 |Crc32 9edbc546 |Md5 9c0c66d8d973b7561f16765903244b44

"C:\Documents and Settings\PECHY\PECHY - dokumenty\U§iteźně Instalaźky\Virtual DJ 6.0.1 + Crack\Crack\virtualdj_trial.exe"
04.06.2009 18:12 |Size 9986048 |Crc32 c81349a5 |Md5 b2f2e659261bab3e7cfbaf3bee55cf19

"C:\Program Files\Babylon\crack.exe"
19.10.2005 02:30 |Size 58928 |Crc32 3beb3765 |Md5 62858e01bff5adba0e76b0001ddc887a

END.

[pitimir]

Mozem vidiet novy log z RSITu?

[PECHY15]

Tady ho máš...

Logfile of random's system information tool 1.06 (written by random/random)
Run by PECHY at 2009-12-19 18:37:18
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (13%) free of 76 GB
Total RAM: 767 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:24, on 19.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS.0\system32\qtplugin.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Documents and Settings\PECHY\Plocha\PC-HELP\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PECHY.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS.0\system32\qtplugin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMonitor1] "C:\WINDOWS.0\system32\qtplugin.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: BSC Applet Security - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
O16 - DPF: BSC Utilities - https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://portal.ozp.cz/obj/Signer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6542 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS.0\SOUNDMAN.EXE [2007-04-16 577536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS.0\system32\NvMcTray.dll [2006-06-01 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"RegistryMonitor1"=C:\WINDOWS.0\system32\qtplugin.exe [2009-12-19 489472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2004-08-18 15360]
"RegistryMonitor1"=C:\WINDOWS.0\system32\qtplugin.exe [2009-12-19 489472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS.0\system32\usmt\migwiz.exe"="C:\WINDOWS.0\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Documents and Settings\PECHY\Local Settings\Temp\usmt\migwiz.exe"="C:\Documents and Settings\PECHY\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\i_am_pechy\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\i_am_pechy\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-12-19 15:51:56 ----D---- C:\Documents and Settings\PECHY\Data aplikací\Hamachi
2009-12-19 15:51:37 ----D---- C:\WINDOWS.0\LastGood
2009-12-19 15:51:29 ----D---- C:\Program Files\Hamachi
2009-12-19 13:18:12 ----RASHD---- C:\autorun.inf
2009-12-19 13:04:53 ----A---- C:\UsbFix.txt
2009-12-19 12:58:25 ----D---- C:\UsbFix
2009-12-19 12:52:04 ----A---- C:\WINDOWS.0\system32\qtplugin.exe
2009-12-19 12:50:16 ----D---- C:\_OTM
2009-12-18 21:03:08 ----D---- C:\WINDOWS.0\Minidump
2009-12-18 18:59:15 ----D---- C:\rsit
2009-12-17 16:52:00 ----A---- C:\WINDOWS.0\system32\xinput1_1.dll
2009-12-17 16:51:59 ----A---- C:\WINDOWS.0\system32\xactengine2_1.dll
2009-12-17 16:51:59 ----A---- C:\WINDOWS.0\system32\x3daudio1_0.dll
2009-12-17 16:51:52 ----A---- C:\WINDOWS.0\system32\d3dx9_30.dll
2009-12-17 16:51:19 ----D---- C:\Program Files\THQ
2009-12-17 16:47:55 ----D---- C:\Documents and Settings\PECHY\Data aplikací\teamspeak2
2009-12-17 16:05:36 ----A---- C:\WINDOWS.0\ntbtlog.txt
2009-12-13 18:37:49 ----D---- C:\Documents and Settings\PECHY\Data aplikací\U3
2009-12-13 15:58:46 ----D---- C:\Documents and Settings\PECHY\Data aplikací\Malwarebytes
2009-12-13 15:58:36 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2009-12-13 15:58:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\system32\TASKMGR.COM
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\system32\T.COM
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\R.COM
2009-12-12 16:30:18 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\MicroWorld
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\javaws.exe
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\javaw.exe
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\java.exe
2009-11-22 07:55:49 ----D---- C:\Program Files\rajce

======List of files/folders modified in the last 1 months======

2009-12-19 18:37:24 ----D---- C:\WINDOWS.0\Prefetch
2009-12-19 18:12:29 ----D---- C:\WINDOWS.0\Temp
2009-12-19 18:11:00 ----SHD---- C:\RECYCLER
2009-12-19 18:10:54 ----D---- C:\WINDOWS.0\system32
2009-12-19 16:36:07 ----D---- C:\Program Files\RegVac Registry Cleaner
2009-12-19 15:51:40 ----HD---- C:\WINDOWS.0\inf
2009-12-19 15:51:38 ----D---- C:\WINDOWS.0\system32\drivers
2009-12-19 15:51:37 ----D---- C:\WINDOWS.0
2009-12-19 15:51:30 ----D---- C:\Temp
2009-12-19 15:51:29 ----RD---- C:\Program Files
2009-12-19 15:04:28 ----D---- C:\Program Files\Steam
2009-12-19 13:18:09 ----SHD---- C:\System Volume Information
2009-12-19 13:04:49 ----D---- C:\WINDOWS.0\system32\CatRoot2
2009-12-19 13:03:28 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2009-12-17 17:09:20 ----SHD---- C:\WINDOWS.0\Installer
2009-12-17 16:57:32 ----D---- C:\Config.Msi
2009-12-17 16:57:31 ----SD---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Microsoft
2009-12-17 16:52:03 ----D---- C:\WINDOWS.0\system32\DirectX
2009-12-15 08:59:57 ----AD---- C:\DOSITECH
2009-12-13 18:57:09 ----D---- C:\WINDOWS.0\srchasst
2009-12-13 14:47:20 ----D---- C:\Program Files\iTunes
2009-12-13 14:46:18 ----D---- C:\Program Files\iPod
2009-12-13 14:46:15 ----D---- C:\Program Files\Common Files\Apple
2009-12-13 14:42:53 ----D---- C:\Program Files\QuickTime
2009-12-13 14:40:19 ----D---- C:\WINDOWS.0\WinSxS
2009-12-12 16:34:46 ----D---- C:\WINDOWS.0\Debug
2009-12-12 16:25:58 ----SD---- C:\Documents and Settings\PECHY\Data aplikací\Microsoft
2009-12-12 15:48:30 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-10 17:28:35 ----D---- C:\Program Files\Java
2009-12-10 09:51:03 ----D---- C:\MRPPRN
2009-12-04 15:16:07 ----D---- C:\UCTO2009
2009-11-27 19:07:27 ----A---- C:\WINDOWS.0\system.ini
2009-11-27 18:31:59 ----D---- C:\Documents and Settings
2009-11-24 16:10:33 ----D---- C:\Hry

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS.0\system32\DRIVERS\amdk7.sys [2004-08-18 41216]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SbFw;SbFw; C:\WINDOWS.0\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS.0\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SCDEmu;SCDEmu; C:\WINDOWS.0\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS.0\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS.0\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS.0\system32\DRIVERS\nvcap.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS.0\system32\DRIVERS\hamachi.sys [2009-12-19 17480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS.0\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Třída USB Printer; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-08 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2006-06-01 155715]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[pitimir]

No nic, bordel sa vracia, takze vytiahneme solidnejsi donucovaci prostriedok:

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

[PECHY15]

ComboFix 09-12-19.03 - PECHY 20.12.2009 17:26:30.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.767.522 [GMT 1:00]
Spuštěný z: c:\documents and settings\PECHY\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows.0\system32\qtplugin.exe
c:\windows.0\system32\taskmgr.com

Nakažená kopie c:\windows.0\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-20 do 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-19 19:14 . 2009-12-19 19:31 137464 ----a-w- c:\windows.0\system32\drivers\PnkBstrK.sys
2009-12-19 19:14 . 2009-12-19 19:30 214520 ----a-w- c:\windows.0\system32\PnkBstrB.exe
2009-12-19 19:14 . 2009-12-19 19:14 -------- d-----w- c:\windows.0\system32\LogFiles
2009-12-19 19:14 . 2009-12-19 19:14 75064 ----a-w- c:\windows.0\system32\PnkBstrA.exe
2009-12-19 19:08 . 2009-12-19 19:08 -------- d-----w- c:\program files\GamePark
2009-12-19 14:51 . 2009-12-19 14:51 -------- d-----w- c:\program files\Hamachi
2009-12-19 14:51 . 2009-12-19 14:51 17480 ----a-w- c:\windows.0\system32\drivers\hamachi.sys
2009-12-17 15:51 . 2009-12-17 15:51 -------- d-----w- c:\program files\THQ
2009-12-13 14:58 . 2009-12-03 15:14 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-12-13 14:58 . 2009-12-13 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-13 14:58 . 2009-12-03 15:13 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2009-12-12 15:30 . 2004-08-18 14:00 147968 ----a-w- c:\windows.0\R.COM
2009-12-12 15:30 . 2004-08-18 14:00 137216 ----a-w- c:\windows.0\system32\T.COM
2009-12-01 14:18 . 2009-12-01 14:18 -------- d-sh--w- c:\documents and settings\PECHY\IECompatCache
2009-11-27 17:31 . 2009-11-27 17:32 -------- d-----w- c:\documents and settings\Administrator
2009-11-22 06:55 . 2009-11-22 11:22 -------- d-----w- c:\program files\rajce

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 10:30 . 2009-02-27 18:07 -------- d-----w- c:\program files\Steam
2009-12-20 07:29 . 2006-12-16 10:11 -------- d-----w- c:\program files\RegVac Registry Cleaner
2009-12-13 13:51 . 2009-11-18 20:24 664 ----a-w- c:\windows.0\system32\d3d9caps.dat
2009-12-13 13:47 . 2006-07-18 08:13 -------- d-----w- c:\program files\iTunes
2009-12-13 13:46 . 2006-07-18 08:13 -------- d-----w- c:\program files\iPod
2009-12-13 13:46 . 2009-10-16 21:57 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 13:42 . 2007-09-16 10:35 -------- d-----w- c:\program files\QuickTime
2009-12-12 14:48 . 2007-10-16 22:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-10 16:28 . 2009-10-18 11:45 -------- d-----w- c:\program files\Java
2009-12-08 16:37 . 2009-08-04 13:02 56816 ----a-w- c:\windows.0\system32\drivers\avgntflt.sys
2009-11-08 12:14 . 2009-11-08 12:10 -------- d-----w- c:\program files\Strategy First
2009-11-04 15:50 . 2009-11-04 15:50 -------- d-----w- c:\program files\WinSCP
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\K5R9BNJT.DAT
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\HRXF35R9.DAT
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\ZNXF1ZN7.DAT
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\WNVDFTZP.DAT
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\F9NVJ1F3.DAT
2009-11-01 21:07 . 2004-12-21 13:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-01 11:03 . 2009-11-01 11:03 0 ----a-w- c:\windows.0\nsreg.dat
2009-10-31 22:18 . 2009-10-31 22:15 43520 ----a-w- c:\windows.0\system32\CmdLineExt03.dll
2009-10-31 22:08 . 2009-10-31 21:45 21840 ----atw- c:\windows.0\system32\SIntfNT.dll
2009-10-31 22:08 . 2009-10-31 21:45 17212 ----atw- c:\windows.0\system32\SIntf32.dll
2009-10-31 22:08 . 2009-10-31 21:45 12067 ----atw- c:\windows.0\system32\SIntf16.dll
2009-10-28 21:12 . 2009-10-28 21:12 -------- d-----w- c:\program files\PowerISO
2009-10-28 21:03 . 2009-10-28 21:03 717296 ----a-w- c:\windows.0\system32\drivers\sptd.sys
2009-10-28 16:58 . 2007-07-30 18:31 -------- d-----w- c:\program files\uTorrent
2009-10-25 06:17 . 2004-08-18 14:00 47206 ----a-w- c:\windows.0\system32\perfc005.dat
2009-10-25 06:17 . 2004-08-18 14:00 312970 ----a-w- c:\windows.0\system32\perfh005.dat
2009-10-21 18:57 . 2009-10-21 18:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-21 18:57 . 2009-10-21 18:57 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-18 13:09 . 2009-10-18 13:09 2726 ----a-w- c:\windows.0\java\Packages\Data\9BBT333L.DAT
2009-10-18 13:09 . 2009-10-18 13:09 2726 ----a-w- c:\windows.0\java\Packages\Data\1NXVTVXR.DAT
2009-10-18 13:05 . 2009-10-18 13:05 3396 ----a-w- c:\windows.0\java\Packages\I2T3LFV5.ZIP
2009-10-18 13:05 . 2009-10-18 13:05 2726 ----a-w- c:\windows.0\java\Packages\Data\7FZRBVXB.DAT
2009-10-18 13:05 . 2009-10-18 13:05 7458 ----a-w- c:\windows.0\java\Packages\JDN1RHZZ.ZIP
2009-10-18 13:05 . 2009-10-18 13:05 2726 ----a-w- c:\windows.0\java\Packages\Data\DRDV173F.DAT
2009-10-18 13:05 . 2009-10-18 13:05 2726 ----a-w- c:\windows.0\java\Packages\Data\BPVBL7VN.DAT
2009-10-18 13:03 . 2009-10-18 13:03 2726 ----a-w- c:\windows.0\java\Packages\Data\VFBRPB1N.DAT
2009-10-18 13:02 . 2009-10-18 13:02 2726 ----a-w- c:\windows.0\java\Packages\Data\NDJJPNJP.DAT
2009-10-18 12:04 . 2009-10-18 12:04 2232 ----a-w- c:\windows.0\java\Packages\Data\BTJRV9FF.DAT
2009-10-18 12:04 . 2009-10-18 12:04 155995 ----a-w- c:\windows.0\java\Packages\OH39F39J.ZIP
2009-10-16 19:51 . 2009-10-16 19:51 737280 ----a-w- c:\windows.0\iun6002.exe
2009-10-15 19:22 . 2009-10-15 17:42 76499 ----a-w- c:\windows.0\pchealth\helpctr\OfflineCache\index.dat
2009-10-15 19:22 . 2009-10-15 17:42 2402 ----a-w- c:\windows.0\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-15 19:21 . 2009-10-15 17:42 8972 ----a-w- c:\windows.0\pchealth\helpctr\Config\Cntstore.bin
2009-10-15 17:39 . 2009-10-15 17:39 21812 ----a-w- c:\windows.0\system32\emptyregdb.dat
2009-10-14 15:50 . 2009-10-17 08:40 614912 ----a-w- C:\blackra1n.exe
2009-10-11 03:17 . 2009-10-18 10:17 411368 ----a-w- c:\windows.0\system32\deploytk.dll
2008-09-22 18:11 . 2008-09-22 18:11 914305 ----a-w- c:\program files\PVD15.rar
2007-01-01 18:26 . 2007-01-01 18:25 40006376 ----a-w- c:\program files\ec_602pcsuite41.exe
2005-09-22 15:53 . 2006-11-18 12:40 718336 ----a-w- c:\program files\ABBYY FineReader 8.0 Professional Edition.msi
2003-04-21 13:09 . 2006-11-18 12:39 245408 ----a-w- c:\program files\unicows.dll
2002-03-11 10:06 . 2006-11-18 12:40 1822520 ----a-w- c:\program files\instmsiW.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Taśulda\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RegVac.lnk - c:\program files\RegVac Registry Cleaner\regvac.exe [2006-12-16 2633216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS.0\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\i_am_pechy\\counter-strike\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 12:53 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 32256]
R1 SbFw;SbFw;c:\windows.0\system32\drivers\SbFw.sys [18.10.2009 20:39 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows.0\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.8.2009 14:02 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows.0\system32\drivers\SbFwIm.sys [18.10.2009 20:39 65576]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS.0/Java/classes/xmldso.cab
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} - hxxps://portal.ozp.cz/obj/Signer.cab
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Vampire - c:\program files\Vampire The Masquerade - Redemption\Vampire.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 17:41
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3396)
c:\windows.0\system32\nview.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\nvwddi.dll
c:\windows.0\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows.0\system32\nvsvc32.exe
c:\windows.0\system32\PnkBstrA.exe
c:\windows.0\system32\PnkBstrB.exe
c:\windows.0\system32\wscntfy.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows.0\SOUNDMAN.EXE
c:\windows.0\system32\RUNDLL32.EXE
c:\windows.0\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2009-12-20 17:48:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-20 16:48
ComboFix2.txt 2009-05-28 20:01

Před spuštěním: Volných bajtů: 10 591 383 552
Po spuštění: Volných bajtů: 10 619 822 080

- - End Of File - - 1381A26D24CE118CB1E0DC15CFCF6F8B

+ už lépe vypadající RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by PECHY at 2009-12-20 18:01:05
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (13%) free of 76 GB
Total RAM: 767 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:06, on 20.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\WINDOWS.0\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\PECHY\Plocha\PC-HELP\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PECHY.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: BSC Applet Security - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
O16 - DPF: BSC Utilities - https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://portal.ozp.cz/obj/Signer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS.0\system32\PnkBstrB.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6296 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS.0\SOUNDMAN.EXE [2007-04-16 577536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS.0\system32\NvMcTray.dll [2006-06-01 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS.0\system32\usmt\migwiz.exe"="C:\WINDOWS.0\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\i_am_pechy\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\i_am_pechy\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-12-20 17:55:13 ----D---- C:\rsit
2009-12-20 17:48:56 ----A---- C:\ComboFix.txt
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\zip.exe
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\SWXCACLS.exe
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\SWSC.exe
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\SWREG.exe
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\sed.exe
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\PEV.exe
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\NIRCMD.exe
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\MBR.exe
2009-12-20 17:04:56 ----A---- C:\WINDOWS.0\grep.exe
2009-12-20 17:04:23 ----D---- C:\WINDOWS.0\ERDNT
2009-12-19 20:14:28 ----A---- C:\WINDOWS.0\system32\PnkBstrB.exe
2009-12-19 20:14:23 ----D---- C:\WINDOWS.0\system32\LogFiles
2009-12-19 20:14:22 ----A---- C:\WINDOWS.0\system32\PnkBstrA.exe
2009-12-19 20:08:24 ----D---- C:\Program Files\GamePark
2009-12-19 15:51:56 ----D---- C:\Documents and Settings\PECHY\Data aplikací\Hamachi
2009-12-19 15:51:29 ----D---- C:\Program Files\Hamachi
2009-12-19 13:18:12 ----RAD---- C:\autorun.inf
2009-12-18 21:03:08 ----D---- C:\WINDOWS.0\Minidump
2009-12-17 16:52:00 ----A---- C:\WINDOWS.0\system32\xinput1_1.dll
2009-12-17 16:51:59 ----A---- C:\WINDOWS.0\system32\xactengine2_1.dll
2009-12-17 16:51:59 ----A---- C:\WINDOWS.0\system32\x3daudio1_0.dll
2009-12-17 16:51:52 ----A---- C:\WINDOWS.0\system32\d3dx9_30.dll
2009-12-17 16:51:19 ----D---- C:\Program Files\THQ
2009-12-17 16:47:55 ----D---- C:\Documents and Settings\PECHY\Data aplikací\teamspeak2
2009-12-17 16:05:36 ----A---- C:\WINDOWS.0\ntbtlog.txt
2009-12-13 18:37:49 ----D---- C:\Documents and Settings\PECHY\Data aplikací\U3
2009-12-13 15:58:46 ----D---- C:\Documents and Settings\PECHY\Data aplikací\Malwarebytes
2009-12-13 15:58:36 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Malwarebytes
2009-12-13 15:58:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\system32\T.COM
2009-12-12 16:30:22 ----A---- C:\WINDOWS.0\R.COM
2009-12-12 16:30:18 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\MicroWorld
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\javaws.exe
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\javaw.exe
2009-12-10 17:28:41 ----A---- C:\WINDOWS.0\system32\java.exe
2009-11-22 07:55:49 ----D---- C:\Program Files\rajce

======List of files/folders modified in the last 1 months======

2009-12-20 17:55:21 ----D---- C:\WINDOWS.0\Prefetch
2009-12-20 17:49:03 ----D---- C:\WINDOWS.0\system32\drivers
2009-12-20 17:49:03 ----D---- C:\Qoobox
2009-12-20 17:48:04 ----D---- C:\WINDOWS.0\Temp
2009-12-20 17:41:17 ----D---- C:\WINDOWS.0
2009-12-20 17:41:17 ----A---- C:\WINDOWS.0\system.ini
2009-12-20 17:40:37 ----D---- C:\WINDOWS.0\system32\CatRoot2
2009-12-20 17:37:18 ----D---- C:\WINDOWS.0\system32
2009-12-20 17:34:07 ----D---- C:\WINDOWS.0\AppPatch
2009-12-20 17:34:04 ----D---- C:\Program Files\Common Files
2009-12-20 17:26:33 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2009-12-20 17:26:03 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2009-12-20 11:30:48 ----D---- C:\Program Files\Steam
2009-12-20 08:29:46 ----D---- C:\Program Files\RegVac Registry Cleaner
2009-12-19 20:08:24 ----RD---- C:\Program Files
2009-12-19 15:51:40 ----HD---- C:\WINDOWS.0\inf
2009-12-19 15:51:30 ----D---- C:\Temp
2009-12-19 13:18:09 ----SHD---- C:\System Volume Information
2009-12-17 17:09:20 ----SHD---- C:\WINDOWS.0\Installer
2009-12-17 16:57:32 ----D---- C:\Config.Msi
2009-12-17 16:57:31 ----SD---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Microsoft
2009-12-17 16:52:03 ----D---- C:\WINDOWS.0\system32\DirectX
2009-12-15 08:59:57 ----AD---- C:\DOSITECH
2009-12-13 18:57:09 ----D---- C:\WINDOWS.0\srchasst
2009-12-13 14:47:20 ----D---- C:\Program Files\iTunes
2009-12-13 14:46:18 ----D---- C:\Program Files\iPod
2009-12-13 14:46:15 ----D---- C:\Program Files\Common Files\Apple
2009-12-13 14:42:53 ----D---- C:\Program Files\QuickTime
2009-12-13 14:40:19 ----D---- C:\WINDOWS.0\WinSxS
2009-12-12 16:34:46 ----D---- C:\WINDOWS.0\Debug
2009-12-12 16:25:58 ----SD---- C:\Documents and Settings\PECHY\Data aplikací\Microsoft
2009-12-12 15:48:30 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-10 17:28:35 ----D---- C:\Program Files\Java
2009-12-10 09:51:03 ----D---- C:\MRPPRN
2009-12-04 15:16:07 ----D---- C:\UCTO2009
2009-11-27 18:31:59 ----D---- C:\Documents and Settings
2009-11-24 16:10:33 ----D---- C:\Hry

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS.0\system32\DRIVERS\amdk7.sys [2004-08-18 41216]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SbFw;SbFw; C:\WINDOWS.0\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS.0\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SCDEmu;SCDEmu; C:\WINDOWS.0\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS.0\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS.0\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS.0\system32\DRIVERS\nvcap.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS.0\system32\DRIVERS\hamachi.sys [2009-12-19 17480]
S3 mbr;mbr; \??\C:\DOCUME~1\PECHY\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS.0\system32\drivers\PnkBstrK.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS.0\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Třída USB Printer; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-08 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2006-06-01 155715]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS.0\system32\PnkBstrA.exe [2009-12-19 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS.0\system32\PnkBstrB.exe [2009-12-19 214520]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[pitimir]

Uvidime, este mozno nemame vyhrate...

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
FileLook::
C:\blackra1n.exe

Folder::
c:\program files\ICQ6Toolbar
c:\program files\AskBarDis

DDS::
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS.0/Java/classes/xmldso.cab
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} - hxxps://portal.ozp.cz/obj/Signer.cab

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[PECHY15]

ComboFix 09-12-22.09 - PECHY 23.12.2009 16:49:21.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.767.489 [GMT 1:00]
Spuštěný z: c:\documents and settings\PECHY\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PECHY\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *enabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.0\system32\SIntf16.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-21 20:02 . 2009-12-21 20:02 413696 ----a-w- c:\windows.0\system32\wrap_oal.dll
2009-12-21 20:02 . 2009-12-21 20:02 110592 ----a-w- c:\windows.0\system32\OpenAL32.dll
2009-12-21 20:02 . 2009-12-21 20:02 -------- d-----w- c:\program files\OpenAL
2009-12-21 20:01 . 2009-12-21 20:01 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-12-20 16:55 . 2009-12-20 16:55 -------- d-----w- C:\rsit
2009-12-19 19:14 . 2009-12-21 19:04 137464 ----a-w- c:\windows.0\system32\drivers\PnkBstrK.sys
2009-12-19 19:14 . 2009-12-21 19:04 214520 ----a-w- c:\windows.0\system32\PnkBstrB.exe
2009-12-19 19:14 . 2009-12-19 19:14 -------- d-----w- c:\windows.0\system32\LogFiles
2009-12-19 19:14 . 2009-12-19 19:14 75064 ----a-w- c:\windows.0\system32\PnkBstrA.exe
2009-12-19 19:08 . 2009-12-19 19:08 -------- d-----w- c:\program files\GamePark
2009-12-19 14:51 . 2009-12-19 14:51 -------- d-----w- c:\program files\Hamachi
2009-12-19 14:51 . 2009-12-19 14:51 17480 ----a-w- c:\windows.0\system32\drivers\hamachi.sys
2009-12-17 15:51 . 2009-12-17 15:51 -------- d-----w- c:\program files\THQ
2009-12-13 14:58 . 2009-12-03 15:14 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-12-13 14:58 . 2009-12-13 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-13 14:58 . 2009-12-03 15:13 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2009-12-12 15:30 . 2004-08-18 14:00 147968 ----a-w- c:\windows.0\R.COM
2009-12-12 15:30 . 2004-08-18 14:00 137216 ----a-w- c:\windows.0\system32\T.COM
2009-12-01 14:18 . 2009-12-01 14:18 -------- d-sh--w- c:\documents and settings\PECHY\IECompatCache
2009-11-27 17:31 . 2009-11-27 17:32 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 14:50 . 2006-12-16 10:11 -------- d-----w- c:\program files\RegVac Registry Cleaner
2009-12-23 10:05 . 2009-02-27 17:45 -------- d-----w- c:\program files\Valve
2009-12-20 10:30 . 2009-02-27 18:07 -------- d-----w- c:\program files\Steam
2009-12-13 13:51 . 2009-11-18 20:24 664 ----a-w- c:\windows.0\system32\d3d9caps.dat
2009-12-13 13:47 . 2006-07-18 08:13 -------- d-----w- c:\program files\iTunes
2009-12-13 13:46 . 2006-07-18 08:13 -------- d-----w- c:\program files\iPod
2009-12-13 13:46 . 2009-10-16 21:57 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 13:42 . 2007-09-16 10:35 -------- d-----w- c:\program files\QuickTime
2009-12-12 14:48 . 2007-10-16 22:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-10 16:28 . 2009-10-18 11:45 -------- d-----w- c:\program files\Java
2009-12-08 16:37 . 2009-08-04 13:02 56816 ----a-w- c:\windows.0\system32\drivers\avgntflt.sys
2009-11-22 11:22 . 2009-11-22 06:55 -------- d-----w- c:\program files\rajce
2009-11-08 12:14 . 2009-11-08 12:10 -------- d-----w- c:\program files\Strategy First
2009-11-04 15:50 . 2009-11-04 15:50 -------- d-----w- c:\program files\WinSCP
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\K5R9BNJT.DAT
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\HRXF35R9.DAT
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\ZNXF1ZN7.DAT
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\WNVDFTZP.DAT
2009-11-04 14:15 . 2009-11-04 14:15 2678 ----a-w- c:\windows.0\java\Packages\Data\F9NVJ1F3.DAT
2009-11-01 21:07 . 2004-12-21 13:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-01 11:03 . 2009-11-01 11:03 0 ----a-w- c:\windows.0\nsreg.dat
2009-10-31 22:18 . 2009-10-31 22:15 43520 ----a-w- c:\windows.0\system32\CmdLineExt03.dll
2009-10-31 22:08 . 2009-10-31 21:45 21840 ----atw- c:\windows.0\system32\SIntfNT.dll
2009-10-31 22:08 . 2009-10-31 21:45 17212 ----atw- c:\windows.0\system32\SIntf32.dll
2009-10-28 21:12 . 2009-10-28 21:12 -------- d-----w- c:\program files\PowerISO
2009-10-28 21:03 . 2009-10-28 21:03 717296 ----a-w- c:\windows.0\system32\drivers\sptd.sys
2009-10-28 16:58 . 2007-07-30 18:31 -------- d-----w- c:\program files\uTorrent
2009-10-25 06:17 . 2004-08-18 14:00 47206 ----a-w- c:\windows.0\system32\perfc005.dat
2009-10-25 06:17 . 2004-08-18 14:00 312970 ----a-w- c:\windows.0\system32\perfh005.dat
2009-10-18 13:09 . 2009-10-18 13:09 2726 ----a-w- c:\windows.0\java\Packages\Data\9BBT333L.DAT
2009-10-18 13:09 . 2009-10-18 13:09 2726 ----a-w- c:\windows.0\java\Packages\Data\1NXVTVXR.DAT
2009-10-18 13:05 . 2009-10-18 13:05 3396 ----a-w- c:\windows.0\java\Packages\I2T3LFV5.ZIP
2009-10-18 13:05 . 2009-10-18 13:05 2726 ----a-w- c:\windows.0\java\Packages\Data\7FZRBVXB.DAT
2009-10-18 13:05 . 2009-10-18 13:05 7458 ----a-w- c:\windows.0\java\Packages\JDN1RHZZ.ZIP
2009-10-18 13:05 . 2009-10-18 13:05 2726 ----a-w- c:\windows.0\java\Packages\Data\DRDV173F.DAT
2009-10-18 13:05 . 2009-10-18 13:05 2726 ----a-w- c:\windows.0\java\Packages\Data\BPVBL7VN.DAT
2009-10-18 13:03 . 2009-10-18 13:03 2726 ----a-w- c:\windows.0\java\Packages\Data\VFBRPB1N.DAT
2009-10-18 13:02 . 2009-10-18 13:02 2726 ----a-w- c:\windows.0\java\Packages\Data\NDJJPNJP.DAT
2009-10-18 12:04 . 2009-10-18 12:04 2232 ----a-w- c:\windows.0\java\Packages\Data\BTJRV9FF.DAT
2009-10-18 12:04 . 2009-10-18 12:04 155995 ----a-w- c:\windows.0\java\Packages\OH39F39J.ZIP
2009-10-16 19:51 . 2009-10-16 19:51 737280 ----a-w- c:\windows.0\iun6002.exe
2009-10-15 19:22 . 2009-10-15 17:42 76499 ----a-w- c:\windows.0\pchealth\helpctr\OfflineCache\index.dat
2009-10-15 19:22 . 2009-10-15 17:42 2402 ----a-w- c:\windows.0\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-15 19:21 . 2009-10-15 17:42 8972 ----a-w- c:\windows.0\pchealth\helpctr\Config\Cntstore.bin
2009-10-15 17:39 . 2009-10-15 17:39 21812 ----a-w- c:\windows.0\system32\emptyregdb.dat
2009-10-14 15:50 . 2009-10-17 08:40 614912 ----a-w- C:\blackra1n.exe
2009-10-11 03:17 . 2009-10-18 10:17 411368 ----a-w- c:\windows.0\system32\deploytk.dll
2008-09-22 18:11 . 2008-09-22 18:11 914305 ----a-w- c:\program files\PVD15.rar
2007-01-01 18:26 . 2007-01-01 18:25 40006376 ----a-w- c:\program files\ec_602pcsuite41.exe
2005-09-22 15:53 . 2006-11-18 12:40 718336 ----a-w- c:\program files\ABBYY FineReader 8.0 Professional Edition.msi
2003-04-21 13:09 . 2006-11-18 12:39 245408 ----a-w- c:\program files\unicows.dll
2002-03-11 10:06 . 2006-11-18 12:40 1822520 ----a-w- c:\program files\instmsiW.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- C:\blackra1n.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 614912
Created time: 2009-10-17 08:40
Modified time: 2009-10-14 15:50
MD5: B2132DDD48C1F6B79CFB6F601F86EFB7
SHA1: 8392F9FA565DCF0BA2017A98F0D16433570BCBC2
.

((((((((((((((((((((((((((((( SnapShot@2009-12-20_16.41.15 )))))))))))))))))))))))))))))))))))))))))
.

+ 2006-12-01 23:46 . 2006-12-01 23:46 65536 c:\windows.0\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 45056 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 40960 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 57344 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 65536 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 23:26 . 2006-12-01 23:26 57856 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 23:25 . 2006-12-01 23:25 69632 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 21:56 . 2006-12-01 21:56 96256 c:\windows.0\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-12-23 16:01 . 2009-12-23 16:01 16384 c:\windows.0\temp\Perflib_Perfdata_224.dat
+ 2009-10-15 19:15 . 2009-12-23 15:29 193776 c:\windows.0\system32\FNTCACHE.DAT
+ 2009-12-21 20:02 . 2009-12-21 20:02 331264 c:\windows.0\Installer\29393d.msi
+ 2006-12-01 23:25 . 2006-12-01 23:25 1093120 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 23:25 . 2006-12-01 23:25 1101824 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2009-12-23 10:20 . 2009-12-23 10:20 5376512 c:\windows.0\Installer\6fd61.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Taśulda\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RegVac.lnk - c:\program files\RegVac Registry Cleaner\regvac.exe [2006-12-16 2633216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS.0\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\i_am_pechy\\counter-strike\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 12:53 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 32256]
R1 SbFw;SbFw;c:\windows.0\system32\drivers\SbFw.sys [18.10.2009 20:39 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows.0\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.8.2009 14:02 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows.0\system32\drivers\SbFwIm.sys [18.10.2009 20:39 65576]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS.0/Java/classes/xmldso.cab
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 17:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2788)
c:\windows.0\system32\nview.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\nvwddi.dll
c:\windows.0\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows.0\system32\nvsvc32.exe
c:\windows.0\system32\PnkBstrA.exe
c:\windows.0\system32\PnkBstrB.exe
c:\windows.0\SOUNDMAN.EXE
c:\windows.0\system32\RUNDLL32.EXE
c:\windows.0\system32\rundll32.exe
c:\windows.0\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
.
**************************************************************************
.
Celkový čas: 2009-12-23 17:10:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-23 16:10
ComboFix2.txt 2009-12-20 16:48
ComboFix3.txt 2009-05-28 20:01

Před spuštěním: 5 975 351 296
Po spuštění: 6 032 756 736

- - End Of File - - 2603071260C2059C4B8A087C05FC25F5