Prosím o kontrolu logů - heslo "děti + viry" Vyřešeno

[P.O.B]

Dobrý den,

dostal sem do ruky starší PC od známé, která mi ho přinesla s dvěma slovy "děti a viry"...

Provedl sem několik kroků:
1 - vyčistil systém CCleanerem
2 - spustil MbAM (rychlý scan) - 77 výskytů -> all delete
3 - znovu MbAM (full) - čisto
4 - Zaktualizoval avast free a spustil full scan -> 5 výskytů -> do truhly
5 - opět avast "po restartu" - 1 výskyt -> do truhly
6 - instalace symantec NAV v.10 -> 1 výskyt -> delete -> odnistalace (pral se s avastem)
7 - MVAW (dle obvyklého postupu) -> 5 výskytů
8 - RSIT

všechny logy ke krokům:

krok 2: MbAM rychlý scan:

► Zobrazit spoiler

Malwarebytes' Anti-Malware
http://www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.10.2011 15:18:24
mbam-log-2011-10-11 (15-18-15).txt

Typ: Rychlá kontrola
Kontrolované objekty: 165745
Uplynulý čas: 3 minut, 3 sekund

Infikované procesy v paměti: 11
Infikované moduly v paměti: 0
Infikované klíče v registru: 10
Infikované hodnoty v registru: 14
Infikované datové položky v registru: 4
Infikované složky: 1
Infikované soubory: 37

Infikované procesy v paměti:
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1944 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 624 -> No action taken.
c:\documents and settings\Jolana\data aplikací\dwm.exe (Trojan.Agent) -> 2028 -> No action taken.
c:\documents and settings\Jolana\data aplikací\microsoft\conhost.exe (Trojan.Agent) -> 224 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> 468 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> 3056 -> No action taken.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 1480 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 2072 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 2248 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Backdoor.Delf) -> 2280 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 2288 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Backdoor.Delf) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2188084.exe (Trojan.Agent) -> Value: 2188084.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9054013.exe (Trojan.Agent) -> Value: 9054013.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1724991.exe (Trojan.Agent) -> Value: 1724991.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8105379.exe (Trojan.Downloader.H) -> Value: 8105379.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOCUME~1\Jolana\LOCALS~1\Temp\csrss.exe) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\documents and settings\Jolana\data aplikací\dwm.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Jolana\data aplikací\microsoft\conhost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> No action taken.
c:\Documents and Settings\Jolana\Local Settings\Temp\csrss.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Backdoor.Delf) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\services32.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Jolana\local settings\Temp\2188084.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9054013.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\1724991.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8105379.exe (Trojan.Downloader.H) -> No action taken.
c:\documents and settings\Jolana\dokumenty\downloads\Setup.exe (Adware.Hotbar) -> No action taken.
c:\documents and settings\Jolana\dokumenty\downloads\flash-player (1).exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Jolana\dokumenty\downloads\flash-player (2).exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Jolana\dokumenty\downloads\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\program files\internet explorer\conhost.exe (Trojan.Agent) -> No action taken.
c:\program files\windows nt\dwm.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\gbot111.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

krok 7: MVAW

► Zobrazit spoiler

File C:\Documents and Settings\Jolana\Plocha\základní programy\Flash_Disinfector.exe infected by "APPL/NirCmd.2 (ES)" Virus! Action Taken: File Deleted.

Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

Object "DiskKnight Adware" found in File System! Action Taken: Entries Removed.
Object "WORM_PALEVO.KK Worm" found in File System! Action Taken: Entries Removed.

File C:\WINDOWS\ufa\ufa.exe infected by "SPR/Tool.BitCoinMiner.a (ES)" Virus! Action Taken: File Renamed.

Krok 8: RSIT

► Zobrazit spoiler

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jolana at 2011-10-13 12:43:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (74%) free of 80 GB
Total RAM: 1015 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:26, on 13.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jolana\Plocha\základní programy\RSIT.exe
C:\Program Files\trend micro\Jolana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=photopos2_0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:60970
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: PhotoPos Toolbar - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: PhotoPos Toolbar - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Ball%203/Images/stg_drm.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1cace667fcbd4f2) (gupdate1cace667fcbd4f2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8648 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jolana\Data aplikací\Mozilla\Firefox\Profiles\jjt45qwr.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.9, {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778, fbdislike@doweb.fr:1.2.1, {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}:2.0, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550, wrc@avast.com:6.0.1289, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.1&q="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.4]
"Description"=Musicnotes Viewer Plugin
"Path"=C:\Program Files\Musicnotes\npmusicn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48]
"Description"=Sibelius Scorch Plugin
"Path"=C:\Program Files\Musicnotes\npsibelius.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Jolana\Data aplikací\Mozilla\Firefox\Profiles\jjt45qwr.default\extensions\
fbdislike@doweb.fr
{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
{6236BA26-C117-4007-928C-DE0716C7FA80}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\Jolana\Data aplikací\Mozilla\Firefox\Profiles\jjt45qwr.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}]
PhotoPos Toolbar - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll [2009-09-30 91584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2009-12-16 185344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-15 1097480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-12 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-04 1049912]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - PhotoPos Toolbar - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll [2009-09-30 91584]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-15 1097480]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-11-17 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-11-17 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-11-17 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-11-17 17331200]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2009-11-17 57344]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-08-17 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-11-17 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=189
"NoDriveAutoRun"=0xFFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe"="C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Jolana\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\Jolana\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Jolana\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 3 months======

2011-10-12 14:52:42 ----AD---- C:\WINDOWS\rundll16.exe
2011-10-12 14:52:42 ----AD---- C:\WINDOWS\logo1_.exe
2011-10-12 14:46:24 ----AD---- C:\WINDOWS\VDLL.DLL
2011-10-12 14:46:24 ----AD---- C:\WINDOWS\system32\runouce.exe
2011-10-12 14:46:24 ----AD---- C:\WINDOWS\RUNDL132.EXE
2011-10-12 14:46:24 ----AD---- C:\WINDOWS\logo_1.exe
2011-10-12 14:43:02 ----A---- C:\WINDOWS\system32\msvcr80.dll
2011-10-12 14:43:01 ----A---- C:\WINDOWS\system32\msvcp80.dll
2011-10-12 14:43:00 ----A---- C:\WINDOWS\system32\eEmpty.exe
2011-10-12 14:42:56 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2011-10-12 14:42:56 ----A---- C:\WINDOWS\system32\T.COM
2011-10-12 14:42:56 ----A---- C:\WINDOWS\REGEDIT.COM
2011-10-12 14:42:56 ----A---- C:\WINDOWS\R.COM
2011-10-12 14:42:54 ----D---- C:\Program Files\Common Files\MicroWorld
2011-10-12 14:42:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-10-12 14:31:24 ----D---- C:\rsit
2011-10-12 14:31:24 ----D---- C:\Program Files\trend micro
2011-10-12 14:27:01 ----SHD---- C:\Config.Msi
2011-10-12 11:24:17 ----D---- C:\WINDOWS\Minidump
2011-10-12 08:27:29 ----A---- C:\WINDOWS\vpc32.INI
2011-10-12 08:20:54 ----D---- C:\Documents and Settings\Jolana\Data aplikací\DivX
2011-10-12 08:20:32 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-10-12 08:20:32 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-10-12 07:52:48 ----A---- C:\WINDOWS\system32\capicom.dll
2011-10-12 07:52:47 ----D---- C:\Program Files\Symantec
2011-10-12 07:52:34 ----D---- C:\Program Files\Symantec AntiVirus
2011-10-12 07:52:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-10-12 07:52:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2011-10-12 07:49:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-10-12 07:49:37 ----D---- C:\Program Files\Common Files\Java
2011-10-12 07:49:20 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-12 07:49:20 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-12 07:49:20 ----A---- C:\WINDOWS\system32\java.exe
2011-10-12 07:49:20 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-10-12 07:48:58 ----D---- C:\Program Files\Java
2011-10-12 07:48:29 ----D---- C:\Documents and Settings\Jolana\Data aplikací\Sun
2011-10-12 07:24:33 ----D---- C:\Program Files\AVAST Software
2011-10-12 07:24:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-10-11 15:11:32 ----D---- C:\Documents and Settings\Jolana\Data aplikací\Malwarebytes
2011-10-11 15:11:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-10-11 15:11:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-10-11 15:11:24 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-10-11 15:01:11 ----D---- C:\Program Files\CCleaner
2011-07-22 22:51:50 ----A---- C:\WINDOWS\system32\dpl100.dll
2011-07-17 17:24:25 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-17 17:24:22 ----D---- C:\WINDOWS\ufa
2011-07-17 17:24:22 ----D---- C:\WINDOWS\phoenix
2011-07-17 17:24:21 ----A---- C:\WINDOWS\unrar.exe
2011-07-17 17:13:04 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-17 17:13:02 ----D---- C:\Microsoft
2011-07-17 17:12:45 ----HD---- C:\WINDOWS\update.2
2011-07-17 17:12:35 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-17 17:12:15 ----HD---- C:\WINDOWS\update.5.0
2011-07-17 17:11:56 ----A---- C:\WINDOWS\iplist.txt
2011-07-17 17:11:29 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-17 17:11:26 ----D---- C:\WINDOWS\av_ico
2011-07-17 16:56:56 ----HD---- C:\WINDOWS\update.1
2011-07-17 16:56:32 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-17 16:56:32 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-17 16:43:11 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-17 16:43:11 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-15 22:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-15 22:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$

======List of files/folders modified in the last 3 months======

2011-10-13 12:42:40 ----D---- C:\WINDOWS\system32
2011-10-13 12:42:40 ----D---- C:\WINDOWS
2011-10-13 11:38:05 ----D---- C:\WINDOWS\Temp
2011-10-13 11:20:37 ----D---- C:\WINDOWS\Prefetch
2011-10-13 09:28:28 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-10-13 09:27:39 ----D---- C:\Program Files\Windows NT
2011-10-13 08:14:21 ----SHD---- C:\System Volume Information
2011-10-13 08:14:21 ----D---- C:\WINDOWS\system32\Restore
2011-10-13 08:12:41 ----D---- C:\WINDOWS\system32\drivers
2011-10-12 14:44:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-12 14:44:00 ----A---- C:\WINDOWS\win.ini
2011-10-12 14:42:54 ----D---- C:\Program Files\Common Files
2011-10-12 14:31:24 ----RD---- C:\Program Files
2011-10-12 14:27:53 ----SHD---- C:\WINDOWS\Installer
2011-10-12 08:21:29 ----D---- C:\Program Files\DivX
2011-10-12 08:21:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2011-10-12 08:20:20 ----D---- C:\Program Files\Common Files\DivX Shared
2011-10-12 08:18:38 ----D---- C:\WINDOWS\WinSxS
2011-10-12 07:52:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-10-12 07:39:41 ----D---- C:\Program Files\Opera
2011-10-12 07:30:53 ----D---- C:\Program Files\Mozilla Firefox
2011-10-12 06:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-10-11 15:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-10-11 15:18:36 ----D---- C:\Program Files\Internet Explorer
2011-10-11 15:06:25 ----D---- C:\Documents and Settings\Jolana\Data aplikací\Skype
2011-10-11 15:03:49 ----D---- C:\WINDOWS\Debug
2011-10-11 14:57:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-06 22:45:29 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-17 21:20:37 ----A---- C:\boot.ini
2011-07-17 17:23:45 ----SD---- C:\Documents and Settings\Jolana\Data aplikací\Microsoft
2011-07-16 13:37:15 ----HD---- C:\WINDOWS\inf
2011-07-15 22:10:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-15 22:08:39 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-15 15:16:54 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2009-11-17 30720]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-11-17 5851488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-17 4942336]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-12 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-02-14 249648]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1cace667fcbd4f2;Služba Google Update (gupdate1cace667fcbd4f2); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-28 133104]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-02-15 183560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-18 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-28 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

= = = = = = =

Prosím tedy o kontrolu a "vynesení rozsudku". Zajímá mě, co jsou ty položky "tray_ico" v HKLM/Run? Bo to sem ještě neviděl...

jinak ten soubor "File C:\WINDOWS\ufa\ufa.exe" našel i avast (u porestartového scanu i jako "C:\Windows\ufa.rar" Oba jsou v truhle...

Děkuji mnohokrát, Petr

[Reklama]

[jaro3]

Oba jsou známé viry , vyskytující se na FB , neklikat u videií na update flash playeru !!! to je jistá nákaza.
Aktualizovat jen prostřednictvím autora programu!!

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[P.O.B]

Hmmm... klasika, "klikni kam se dá" kor na FB :( děti

CF projel v pohodě, tady je log:

► Zobrazit spoiler

ComboFix 11-10-14.01 - Jolana 14.10.2011 6:36.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.520 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jolana\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jolana\WINDOWS
C:\Microsoft
c:\windows\msmqinst.log
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\system32\TZLog.log
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-14 do 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-13 12:23 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-13 12:22 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-13 12:02 . 2011-10-13 12:20 -------- d-----w- c:\documents and settings\Jolana\Local Settings\Data aplikací\OpenCandy
2011-10-13 12:02 . 2011-10-13 12:02 -------- d-----w- c:\program files\CrystalDiskInfo
2011-10-13 12:02 . 2011-10-13 12:02 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\OpenCandy
2011-10-12 12:52 . 2011-10-12 12:52 -------- d---a-w- c:\windows\rundll16.exe
2011-10-12 12:52 . 2011-10-12 12:52 -------- d---a-w- c:\windows\logo1_.exe
2011-10-12 12:46 . 2011-10-12 12:46 -------- d---a-w- c:\windows\VDLL.DLL
2011-10-12 12:46 . 2011-10-12 12:46 -------- d---a-w- c:\windows\system32\runouce.exe
2011-10-12 12:46 . 2011-10-12 12:46 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-10-12 12:46 . 2011-10-12 12:46 -------- d---a-w- c:\windows\logo_1.exe
2011-10-12 12:43 . 2011-10-12 12:43 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-10-12 12:43 . 2011-10-12 12:43 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-10-12 12:43 . 2011-10-12 12:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-10-12 12:42 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\TASKMGR.COM
2011-10-12 12:42 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-10-12 12:42 . 2008-04-14 03:22 147968 ----a-w- c:\windows\REGEDIT.COM
2011-10-12 12:42 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-10-12 12:42 . 2011-10-12 12:42 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-10-12 12:42 . 2011-10-12 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-10-12 12:31 . 2011-10-13 10:43 -------- d-----w- C:\rsit
2011-10-12 12:31 . 2011-10-13 10:43 -------- d-----w- c:\program files\trend micro
2011-10-12 09:31 . 2011-10-13 10:42 -------- d-sh--w- c:\documents and settings\Jolana\UserData
2011-10-12 06:20 . 2011-10-12 06:20 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\DivX
2011-10-12 06:20 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-10-12 05:54 . 2011-10-12 05:54 -------- d-----w- c:\documents and settings\Jolana\Local Settings\Data aplikací\Symantec
2011-10-12 05:52 . 2011-10-12 12:27 -------- d-----w- c:\program files\Symantec
2011-10-12 05:52 . 2011-10-12 12:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-12 05:52 . 2011-10-12 12:27 -------- d-----w- c:\program files\Symantec AntiVirus
2011-10-12 05:52 . 2011-10-12 12:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Symantec
2011-10-12 05:49 . 2011-10-12 05:49 -------- d-----w- c:\program files\Common Files\Java
2011-10-12 05:49 . 2011-10-12 05:49 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-12 05:49 . 2011-10-12 05:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-12 05:49 . 2011-10-12 05:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-12 05:48 . 2011-10-12 05:48 -------- d-----w- c:\program files\Java
2011-10-12 05:30 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-12 05:30 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-12 05:30 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-12 05:30 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-12 05:30 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-12 05:30 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-12 05:30 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-12 05:30 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-10-12 05:24 . 2011-10-12 05:24 -------- d-----w- c:\program files\AVAST Software
2011-10-12 05:24 . 2011-10-12 05:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-10-11 13:11 . 2011-10-11 13:11 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\Malwarebytes
2011-10-11 13:11 . 2011-10-11 13:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-10-11 13:11 . 2011-10-11 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-11 13:11 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 13:01 . 2011-10-11 13:01 -------- d-----w- c:\program files\CCleaner
2011-09-26 09:41 . 2011-09-26 09:41 613376 ------w- c:\windows\system32\uiautomationcore.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 12:50 . 2011-10-12 12:49 4553624 ----a-w- c:\windows\REGBK00.ZIP
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-01-11 17:08 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-11-17 09:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-05 17:31 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-11-17 09:26 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-11-17 09:26 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-11-17 09:26 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-11-17 09:26 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-11-17 09:26 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-11-17 09:26 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-11-17 09:26 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-17 17:38 . 2011-07-17 15:24 246272 ----a-w- c:\windows\unrar.exe
2011-09-29 07:07 . 2011-10-12 05:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2009-12-16 09:03 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 17331200]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-08-17 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 19:31 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.11.2009 11:26 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.11.2009 11:26 20568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.1.2010 21:40 246520]
S2 gupdate1cace667fcbd4f2;Služba Google Update (gupdate1cace667fcbd4f2);c:\program files\Google\Update\GoogleUpdate.exe [28.3.2010 13:04 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [15.2.2011 1:59 183560]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.3.2010 13:04 133104]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 11:04]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 11:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mystart.com?pr=photopos2_0
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:60970
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jolana\Data aplikací\Mozilla\Firefox\Profiles\jjt45qwr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.1.1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-14 06:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(884)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-10-14 06:54:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-14 04:54
.
Před spuštěním: Volných bajtů: 61 732 343 808
Po spuštění: Volných bajtů: 62 057 431 040
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 8D942998A75EB9100841CF3945A77542

Když sem četl okno výmazů, tak sem se zarazil... "proč smazal složku Windows a Microsoft"?! Pak mi došlo, že ty složky nemají co dělat tam, odkaď je CF smazal... Ale prvotní lek byl dobrý...

Jinak tu truhlu v avastu už asi můžu vysypat, co?

Díky, Petr

[Žbeky]

.

Proxy 127.0.0.1:60970 znáš?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\rundll16.exe
c:\windows\logo1_.exe
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\windows\RUNDL132.EXE
c:\windows\logo_1.exe
c:\documents and settings\Jolana\Local Settings\Data aplikací\Symantec
c:\program files\Symantec
c:\program files\Common Files\Symantec Shared
c:\program files\Symantec AntiVirus
c:\documents and settings\All Users\Data aplikací\Symantec
c:\program files\ICQ6Toolbar

File::
c:\windows\REGBK00.ZIP
c:\windows\unrar.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Driver::
ICQ Service

DDS::
uStart Page = hxxp://www.mystart.com?pr=photopos2_0
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local

Firefox::
FF - ProfilePath - c:\documents and settings\Jolana\Data aplikací\Mozilla\Firefox\Profiles\jjt45qwr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.1.1&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

---

Toto otestuj na Virustotal
c:\windows\system32\TASKMGR.COM
c:\windows\system32\T.COM
c:\windows\REGEDIT.COM
c:\windows\R.COM

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[P.O.B]

Jo, ten port je nastavený v Opeře, takže asi OK...

CF proběhl opět OK (jen si nainstaloval novou verzi)

Zde je log:

► Zobrazit spoiler

ComboFix 11-10-14.02 - Jolana 14.10.2011 9:22.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.668 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jolana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jolana\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\REGBK00.ZIP"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\VirusDefs\Cat.DB
c:\program files\Common Files\Symantec Shared\VirusDefs\lulock.dat
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\filesplace.txt
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\Symantec AntiVirus
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LuComServer_2_6.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\luinventoryinst.jar
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\LUSESAIntegration.dll
c:\program files\Symantec\LiveUpdate\NDETECT.EXE
c:\program files\Symantec\LiveUpdate\NetDetectController_2_6.DLL
c:\program files\Symantec\LiveUpdate\pegclient.DLL
c:\program files\Symantec\LiveUpdate\pegcommon.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL
c:\program files\Symantec\LiveUpdate\ProductRegComPS_2_6.DLL
c:\program files\Symantec\LiveUpdate\providerInst.jar
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
c:\program files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\UNRAR.DLL
c:\program files\Symantec\LiveUpdate\winluproviderinst.jar
c:\windows\logo_1.exe
c:\windows\logo1_.exe
c:\windows\RUNDL132.EXE
c:\windows\rundll16.exe
c:\windows\system32\runouce.exe
c:\windows\VDLL.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-14 do 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-13 12:23 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-13 12:22 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-13 12:02 . 2011-10-13 12:20 -------- d-----w- c:\documents and settings\Jolana\Local Settings\Data aplikací\OpenCandy
2011-10-13 12:02 . 2011-10-13 12:02 -------- d-----w- c:\program files\CrystalDiskInfo
2011-10-13 12:02 . 2011-10-13 12:02 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\OpenCandy
2011-10-12 12:43 . 2011-10-12 12:43 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-10-12 12:43 . 2011-10-12 12:43 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-10-12 12:43 . 2011-10-12 12:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-10-12 12:42 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\TASKMGR.COM
2011-10-12 12:42 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-10-12 12:42 . 2008-04-14 03:22 147968 ----a-w- c:\windows\REGEDIT.COM
2011-10-12 12:42 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-10-12 12:42 . 2011-10-12 12:42 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-10-12 12:42 . 2011-10-12 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-10-12 12:31 . 2011-10-13 10:43 -------- d-----w- C:\rsit
2011-10-12 12:31 . 2011-10-13 10:43 -------- d-----w- c:\program files\trend micro
2011-10-12 09:31 . 2011-10-13 10:42 -------- d-sh--w- c:\documents and settings\Jolana\UserData
2011-10-12 06:20 . 2011-10-12 06:20 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\DivX
2011-10-12 06:20 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-10-12 05:54 . 2011-10-12 05:54 -------- d-----w- c:\documents and settings\Jolana\Local Settings\Data aplikací\Symantec
2011-10-12 05:52 . 2011-10-12 12:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Symantec
2011-10-12 05:49 . 2011-10-12 05:49 -------- d-----w- c:\program files\Common Files\Java
2011-10-12 05:49 . 2011-10-12 05:49 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-12 05:49 . 2011-10-12 05:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-12 05:49 . 2011-10-12 05:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-12 05:48 . 2011-10-12 05:48 -------- d-----w- c:\program files\Java
2011-10-12 05:30 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-12 05:30 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-12 05:30 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-12 05:30 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-12 05:30 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-12 05:30 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-12 05:30 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-12 05:30 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-10-12 05:24 . 2011-10-12 05:24 -------- d-----w- c:\program files\AVAST Software
2011-10-12 05:24 . 2011-10-12 05:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-10-11 13:11 . 2011-10-11 13:11 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\Malwarebytes
2011-10-11 13:11 . 2011-10-11 13:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-10-11 13:11 . 2011-10-11 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-11 13:11 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 13:01 . 2011-10-11 13:01 -------- d-----w- c:\program files\CCleaner
2011-09-26 09:41 . 2011-09-26 09:41 613376 ------w- c:\windows\system32\uiautomationcore.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 12:50 . 2011-10-12 12:49 4553624 ----a-w- c:\windows\REGBK00.ZIP
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-01-11 17:08 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-11-17 09:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-05 17:31 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-11-17 09:26 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-11-17 09:26 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-11-17 09:26 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-11-17 09:26 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-11-17 09:26 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-11-17 09:26 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-11-17 09:26 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-17 17:38 . 2011-07-17 15:24 246272 ----a-w- c:\windows\unrar.exe
2011-09-29 07:07 . 2011-10-12 05:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-14_04.47.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-14 07:35 . 2011-10-14 07:35 16384 c:\windows\temp\Perflib_Perfdata_158.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 17331200]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-08-17 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 19:31 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.11.2009 11:26 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.11.2009 11:26 20568]
S2 gupdate1cace667fcbd4f2;Služba Google Update (gupdate1cace667fcbd4f2);c:\program files\Google\Update\GoogleUpdate.exe [28.3.2010 13:04 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [15.2.2011 1:59 183560]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.3.2010 13:04 133104]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 11:04]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 11:04]
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:60970
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jolana\Data aplikací\Mozilla\Firefox\Profiles\jjt45qwr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-14 09:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-10-14 09:41:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-14 07:41
ComboFix2.txt 2011-10-14 04:54
.
Před spuštěním: Volných bajtů: 62 054 744 064
Po spuštění: Volných bajtů: 62 033 752 064
.
- - End Of File - - 7392B787ADE4CA6C462D1EBE5E492F85

Virustotal:
c:\windows\system32\TASKMGR.COM => čistý => odkaz
c:\windows\system32\T.COM => čistý => odkaz
c:\windows\REGEDIT.COM => čistý => odkaz
c:\windows\R.COM => čistý => odkaz

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\REGBK00.ZIP
c:\windows\unrar.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\documents and settings\Jolana\Local Settings\Data aplikací\Symantec
c:\documents and settings\All Users\Data aplikací\Symantec


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

[P.O.B]

Omlouvám se za zpoždění

CF proběhl opět OK zde je log:

► Zobrazit spoiler

ComboFix 11-10-16.03 - Jolana 17.10.2011 6:30.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.615 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jolana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jolana\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\REGBK00.ZIP"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\ehome\medctrro.exe
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\REGBK00.ZIP
c:\windows\regedit.com
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\taskmgr.com
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\unrar.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-17 do 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-13 12:23 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-13 12:22 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-13 12:02 . 2011-10-13 12:20 -------- d-----w- c:\documents and settings\Jolana\Local Settings\Data aplikací\OpenCandy
2011-10-13 12:02 . 2011-10-13 12:02 -------- d-----w- c:\program files\CrystalDiskInfo
2011-10-13 12:02 . 2011-10-13 12:02 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\OpenCandy
2011-10-12 12:43 . 2011-10-12 12:43 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-10-12 12:43 . 2011-10-12 12:43 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-10-12 12:43 . 2011-10-12 12:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-10-12 12:42 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-10-12 12:42 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-10-12 12:42 . 2011-10-12 12:42 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-10-12 12:42 . 2011-10-12 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-10-12 12:31 . 2011-10-13 10:43 -------- d-----w- C:\rsit
2011-10-12 12:31 . 2011-10-13 10:43 -------- d-----w- c:\program files\trend micro
2011-10-12 09:31 . 2011-10-13 10:42 -------- d-sh--w- c:\documents and settings\Jolana\UserData
2011-10-12 06:20 . 2011-10-12 06:20 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\DivX
2011-10-12 06:20 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-10-12 05:54 . 2011-10-12 05:54 -------- d-----w- c:\documents and settings\Jolana\Local Settings\Data aplikací\Symantec
2011-10-12 05:52 . 2011-10-12 12:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Symantec
2011-10-12 05:49 . 2011-10-12 05:49 -------- d-----w- c:\program files\Common Files\Java
2011-10-12 05:49 . 2011-10-12 05:49 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-12 05:49 . 2011-10-12 05:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-12 05:49 . 2011-10-12 05:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-12 05:48 . 2011-10-12 05:48 -------- d-----w- c:\program files\Java
2011-10-12 05:30 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-12 05:30 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-12 05:30 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-12 05:30 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-12 05:30 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-12 05:30 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-12 05:30 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-12 05:30 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-10-12 05:24 . 2011-10-12 05:24 -------- d-----w- c:\program files\AVAST Software
2011-10-12 05:24 . 2011-10-12 05:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-10-11 13:11 . 2011-10-11 13:11 -------- d-----w- c:\documents and settings\Jolana\Data aplikací\Malwarebytes
2011-10-11 13:11 . 2011-10-11 13:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-10-11 13:11 . 2011-10-11 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-11 13:11 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 13:01 . 2011-10-11 13:01 -------- d-----w- c:\program files\CCleaner
2011-09-26 09:41 . 2011-09-26 09:41 613376 ------w- c:\windows\system32\uiautomationcore.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-01-11 17:08 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-11-17 09:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-05 17:31 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-11-17 09:26 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-11-17 09:26 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-11-17 09:26 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-11-17 09:26 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-11-17 09:26 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-11-17 09:26 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-11-17 09:26 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-09-29 07:07 . 2011-10-12 05:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-14_04.47.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-17 04:43 . 2011-10-17 04:43 16384 c:\windows\temp\Perflib_Perfdata_b0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 17331200]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-08-17 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 19:31 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.11.2009 11:26 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.11.2009 11:26 20568]
S2 gupdate1cace667fcbd4f2;Služba Google Update (gupdate1cace667fcbd4f2);c:\program files\Google\Update\GoogleUpdate.exe [28.3.2010 13:04 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [15.2.2011 1:59 183560]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.3.2010 13:04 133104]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:60970
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jolana\Data aplikací\Mozilla\Firefox\Profiles\jjt45qwr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-17 06:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\_asw_aisI.tm~a02588\onefile.dld 0 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(372)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-10-17 06:51:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-17 04:51
ComboFix2.txt 2011-10-14 07:41
ComboFix3.txt 2011-10-14 04:54
.
Před spuštěním: Volných bajtů: 62 020 866 048
Po spuštění: Volných bajtů: 62 007 402 496
.
- - End Of File - - 7B2942439BD9AFB556CA273A0225133B

Javu jsem upgradoval, starou odstranil... + když už sem měl CCeleaner otevřený, vyčistil sem s ním registry a systém...

Jak to PC nyní vypadá, jsme čistí?

Díky za pomoc, P.O.B

[jaro3]

Nemáš zač!!

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html

smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[P.O.B]

Vše již OK, ještě jednou velké díky za perfektní pomoc

Petr