Kontrola logu Vyřešeno

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

SecCenter::
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Internet Security Suite *On-access scanning enabled* (Updated) {AB5E7998-2ED5-4790-83C8-862BC1A5D4F4}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Internet Security Suite *enabled* {891AC60E-CAF5-4EA7-B227-05C956F5D5C6}

Folder::
c:\program files\DAEMON Tools Toolbar
c:\progra~1\AVG

File::
c:\windows\system32\DRIVERS\szkg.sys

Driver::
szkg5
szkg

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:0000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG8_TRAY"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsear ... searchfor=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\system32\run2.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Tahle znáš?
c:\documents and settings\All Users\Data aplikací\ISBCFS

[Reklama]

[FooGo]

http://www.virustotal.com/file-scan/rep ... 1291452682

c:\documents and settings\All Users\Data aplikací\ISBCFS neznam nevim co to je.

tady je ten log z combofixu

ComboFix 10-12-02.01 - Rodina 04.12.2010 0:14.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1507 [GMT 1:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rodina\Plocha\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Internet Security Suite *On-access scanning enabled* (Updated) {AB5E7998-2ED5-4790-83C8-862BC1A5D4F4}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Internet Security Suite *enabled* {891AC60E-CAF5-4EA7-B227-05C956F5D5C6}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\windows\system32\DRIVERS\szkg.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
c:\program files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_szkg5


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-03 do 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-02 20:06 . 2010-12-02 20:06 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\Malwarebytes
2010-12-02 20:05 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 20:05 . 2010-12-02 20:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-02 20:05 . 2010-12-02 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-02 20:05 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 19:38 . 2010-12-02 19:40 -------- d-----w- c:\documents and settings\Rodina\DoctorWeb
2010-12-01 18:24 . 2010-12-01 18:24 388096 ----a-r- c:\documents and settings\Rodina\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-01 18:24 . 2010-12-01 18:24 -------- d-----w- c:\program files\Trend Micro
2010-11-29 22:07 . 2010-11-29 22:07 -------- d-----w- C:\.jagex_cache_32
2010-11-20 09:34 . 2010-11-20 09:34 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\ISBCFS
2010-11-14 10:48 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-11-14 10:48 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-11-14 10:48 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-11-14 10:48 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-11-14 10:48 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-11-14 10:48 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-11-14 10:48 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-11-14 10:48 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-11-14 10:48 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-11-14 10:48 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-11-14 10:48 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-11-14 10:48 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-11-05 19:59 . 2010-11-05 19:59 -------- d-----w- c:\documents and settings\Rodina\Local Settings\Data aplikací\CrashRpt

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 19:47 . 2009-02-21 17:06 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-21 19:46 . 2009-07-01 20:19 234392 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-21 19:46 . 2009-02-21 17:06 234392 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-13 14:05 . 2009-02-21 17:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-28 10:26 . 2009-03-21 20:16 139152 ----a-w- c:\documents and settings\Rodina\Data aplikací\PnkBstrK.sys
2010-09-28 10:26 . 2009-04-05 11:43 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-07-21 07:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2008-12-11 11:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:23 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-07 15:12 . 2010-07-10 06:53 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-01-29 11:29 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-01-29 11:29 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-01-29 11:29 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-01-29 11:29 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-01-29 11:29 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-01-29 11:29 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-01-29 11:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-01-29 11:29 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2002-06-28 01:07 . 2009-06-01 09:23 110592 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll
2009-03-05 16:08 . 2009-09-22 16:16 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Trust Gaming mouse"="c:\program files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2006-12-28 1232896]
"MS-Windows-post"="c:\windows\system32\run2.exe" [2010-03-07 35840]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=d:\grand theft auto iv\Rockstar Games Social Club\RGSCLauncher.exe /silent
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"AlcoholAutomount"="d:\alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\torrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Grand Theft Auto IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Rodina\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Call Of Duty Modern Warfare\\iw3mp.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"d:\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23.6.2008 23:21 150568]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2009 12:12 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.1.2009 12:29 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15.9.2009 10:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.9.2009 10:42 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.1.2009 12:29 17744]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.2.2009 8:43 2368]
R3 GMFilter Filter;GMFilter Filter;c:\windows\system32\drivers\GMFilter.sys [19.3.2009 14:33 27648]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
S2 gupdate1c9d964735a6712;Služba Google Update (gupdate1c9d964735a6712);c:\program files\Google\Update\GoogleUpdate.exe [20.5.2009 17:02 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.5.2010 16:33 1684736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.9.2009 10:42 7408]
S3 scantool;USB Driver for Scan Tool;c:\windows\system32\drivers\scantool.sys [16.12.2009 18:04 40280]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 11:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-03 c:\windows\Tasks\1-Click Maintenance.job
- d:\tuneup utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-12-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 14:25]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 16:02]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 16:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uDefault_Search_URL = hxxp://www.Google.com
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=127.0.0.1:25444
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: NASA Night Launch: nasanightlaunch@example.com - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\nasanightlaunch@example.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Bloody Red: {2458abc0-f443-11dd-87af-0800200c9a66} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: RedShift V3.6: redshift_V2@shift-themes.com - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\redshift_V2@shift-themes.com
FF - Extension: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Extension: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\extension@virtusdesigns.com
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MS-Windows-post = c:\windows\system32\run2.exe??O?x?;?@?;?xJ;?t?e?????2?\?PL??x?;?x?;??J;?????]LQ?????x?;??????J???????J??pJ;?????8???#???#???2?7?????????????2?0??Y@?3?3?x?;?????HJ;?x?;?#???4???????x?;?????xJ;?????????xJ;?x?;????? ???????????????P????K??pJ;?h?;?????????pJ;?X??

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-746137067-1284227242-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-746137067-1284227242-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:1d,0d,5b,91,ac,a6,8e,c7,36,14,ac,7d,cb,22,3d,b7,0a,3d,06,51,8e,
2a,ab,12,3d,15,88,92,93,ce,79,e0,b7,e0,db,21,aa,c9,9c,68,d3,dc,ab,43,44,eb,\
"rkeysecu"=hex:3d,54,fc,2a,64,d7,c8,09,3a,37,42,10,07,6c,11,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4272)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
d:\program files\Super_DVD_Creator_9.8\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
d:\alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-12-04 00:24:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-03 23:24
ComboFix2.txt 2010-12-03 20:09

Před spuštěním: Volných bajtů: 20 206 157 824
Po spuštění: Volných bajtů: 20 101 709 824

- - End Of File - - BA01BF54CE0336BF5BEF80BEB7CB8F6D

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

SecCenter::
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Internet Security Suite *On-access scanning enabled* (Updated) {AB5E7998-2ED5-4790-83C8-862BC1A5D4F4}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Internet Security Suite *enabled* {891AC60E-CAF5-4EA7-B227-05C956F5D5C6}

File::
c:\windows\system32\run2.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MS-Windows-post"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[FooGo]

ComboFix 10-12-02.01 - Rodina 04.12.2010 10:04:27.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1448 [GMT 1:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rodina\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\run2.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\run2.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-02 20:06 . 2010-12-02 20:06 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\Malwarebytes
2010-12-02 20:05 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-02 20:05 . 2010-12-02 20:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-02 20:05 . 2010-12-02 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-02 20:05 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 19:38 . 2010-12-02 19:40 -------- d-----w- c:\documents and settings\Rodina\DoctorWeb
2010-12-01 18:24 . 2010-12-01 18:24 388096 ----a-r- c:\documents and settings\Rodina\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-01 18:24 . 2010-12-01 18:24 -------- d-----w- c:\program files\Trend Micro
2010-11-29 22:07 . 2010-11-29 22:07 -------- d-----w- C:\.jagex_cache_32
2010-11-20 09:34 . 2010-11-20 09:34 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\ISBCFS
2010-11-14 10:48 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-11-14 10:48 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-11-14 10:48 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-11-14 10:48 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-11-14 10:48 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-11-14 10:48 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-11-14 10:48 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-11-14 10:48 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-11-14 10:48 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-11-14 10:48 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-11-14 10:48 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-11-14 10:48 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-11-05 19:59 . 2010-11-05 19:59 -------- d-----w- c:\documents and settings\Rodina\Local Settings\Data aplikací\CrashRpt

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 19:47 . 2009-02-21 17:06 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-21 19:46 . 2009-07-01 20:19 234392 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-21 19:46 . 2009-02-21 17:06 234392 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-13 14:05 . 2009-02-21 17:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-28 10:26 . 2009-03-21 20:16 139152 ----a-w- c:\documents and settings\Rodina\Data aplikací\PnkBstrK.sys
2010-09-28 10:26 . 2009-04-05 11:43 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-07-21 07:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2008-12-11 11:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:23 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-07 15:12 . 2010-07-10 06:53 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-01-29 11:29 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-01-29 11:29 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-01-29 11:29 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-01-29 11:29 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-01-29 11:29 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-01-29 11:29 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-01-29 11:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-01-29 11:29 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2002-06-28 01:07 . 2009-06-01 09:23 110592 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll
2009-03-05 16:08 . 2009-09-22 16:16 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Trust Gaming mouse"="c:\program files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe" [2006-12-28 1232896]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=d:\grand theft auto iv\Rockstar Games Social Club\RGSCLauncher.exe /silent
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"AlcoholAutomount"="d:\alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\torrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Grand Theft Auto IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Rodina\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Call Of Duty Modern Warfare\\iw3mp.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"d:\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23.6.2008 23:21 150568]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2009 12:12 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.1.2009 12:29 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15.9.2009 10:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.9.2009 10:42 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.1.2009 12:29 17744]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.2.2009 8:43 2368]
R3 GMFilter Filter;GMFilter Filter;c:\windows\system32\drivers\GMFilter.sys [19.3.2009 14:33 27648]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
S2 gupdate1c9d964735a6712;Služba Google Update (gupdate1c9d964735a6712);c:\program files\Google\Update\GoogleUpdate.exe [20.5.2009 17:02 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.5.2010 16:33 1684736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.9.2009 10:42 7408]
S3 scantool;USB Driver for Scan Tool;c:\windows\system32\drivers\scantool.sys [16.12.2009 18:04 40280]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 11:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-04 c:\windows\Tasks\1-Click Maintenance.job
- d:\tuneup utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-12-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 14:25]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 16:02]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 16:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uDefault_Search_URL = hxxp://www.Google.com
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=127.0.0.1:25444
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: NASA Night Launch: nasanightlaunch@example.com - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\nasanightlaunch@example.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Bloody Red: {2458abc0-f443-11dd-87af-0800200c9a66} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Extension: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Extension: RedShift V3.6: redshift_V2@shift-themes.com - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\redshift_V2@shift-themes.com
FF - Extension: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Extension: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\4zvok2tk.default\extensions\extension@virtusdesigns.com
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 10:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-746137067-1284227242-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-746137067-1284227242-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:1d,0d,5b,91,ac,a6,8e,c7,36,14,ac,7d,cb,22,3d,b7,0a,3d,06,51,8e,
2a,ab,12,3d,15,88,92,93,ce,79,e0,b7,e0,db,21,aa,c9,9c,68,d3,dc,ab,43,44,eb,\
"rkeysecu"=hex:3d,54,fc,2a,64,d7,c8,09,3a,37,42,10,07,6c,11,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-04 10:10:02
ComboFix-quarantined-files.txt 2010-12-04 09:10
ComboFix2.txt 2010-12-03 23:24
ComboFix3.txt 2010-12-03 20:09

Před spuštěním: Volných bajtů: 21 173 551 104
Po spuštění: Volných bajtů: 21 155 110 912

- - End Of File - - BFEF7701A096E2A870B4B882F157226A

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+ HJT

Jak se chová PC?

[FooGo]

pc se chová normalne a spravce uz jede... dik

[memphisto]

Ještě bys mohl zaktualizovat starou Javu. Buď stáhneš novou ze stránek SUNu nebo přes ovládací panely - Java - záložka Update - Update Now

[FooGo]

napsalo to ze mam posledni verzi :) dik za pomoc

[memphisto]

Není zač. Pokud je to vše, můžeš téma označit za vyřešené kliknutím na zelenou fajku vpravo nahoře