ComboFix 11-12-20.04 - ADMIN 20.12.2011  15:54:39.2.2 - x86
Microsoft Windows Vista Home Premium   6.0.6002.2.1250.420.1029.18.3070.1771 [GMT 1:00]
Sputn z: c:\users\ADMIN\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ADMIN\AppData\Local\promo.exe
c:\windows\IsUn0405.exe
c:\windows\system32\rchnewver.dll
c:\windows\system32\tmp2468.tmp
c:\windows\system32\tmp24A8.tmp
c:\windows\system32\tmp57AA.tmp
c:\windows\system32\tmp5809.tmp
c:\windows\system32\tmp8A4A.tmp
c:\windows\system32\tmp8AB8.tmp
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2011-11-20 do 2011-12-20  )))))))))))))))))))))))))))))))
.
.
2011-12-20 15:05 . 2011-12-20 15:05	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-12-20 15:05 . 2011-12-20 15:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-20 12:32 . 2011-12-20 12:32	--------	d-----w-	c:\windows\Sun
2011-12-19 14:08 . 2011-12-19 14:08	512	-c--a-w-	C:\PhysicalMBR.bin
2011-12-17 14:10 . 2011-12-17 14:10	--------	d-----w-	c:\programdata\RELOADED
2011-12-17 13:57 . 2011-12-19 13:50	--------	d-----w-	c:\program files\FlatOut 3
2011-12-14 15:09 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-14 15:09 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-14 15:09 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 15:09 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 15:09 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 15:09 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-04 11:21 . 2011-12-04 11:21	--------	d-----w-	c:\programdata\WEBREG
2011-12-04 11:18 . 2011-12-04 11:18	--------	d-----w-	c:\programdata\HP Product Assistant
2011-12-04 09:06 . 2011-12-04 09:06	--------	d-----w-	c:\program files\MegaDev
2011-11-26 19:50 . 2011-11-26 19:50	--------	d-----w-	c:\program files\JoWooD
2011-11-20 20:03 . 2011-11-20 20:03	--------	d-----w-	c:\program files\Common Files\Java
2011-11-20 20:03 . 2011-11-20 20:03	--------	d-----w-	c:\programdata\Ask
2011-11-20 20:03 . 2011-10-03 04:06	472808	----a-w-	c:\windows\system32\deployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 11:51 . 2011-05-20 13:35	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-12 09:44 . 2011-10-02 10:26	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15	1345336	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"bluebirds"="c:\users\ADMIN\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\users\ADMIN\Program Files\DNA\btdna.exe" [2010-07-10 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-03-01 126976]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Uninstall0001"="c:\program files\Common Files\Totem Shared\Uninstall0001\upd.exe" [2010-10-23 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
c:\users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [N/A]
RollerCoaster Tycoon 3_ Wild Registration.lnk - c:\users\ADMIN\AppData\Local\Temp\{DFC4755D-591B-423A-A600-8CFAF46C13B4}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe [N/A]
Vezy obrazovky a sputn aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI371A~1\Datamngr\datamngr.dll c:\progra~1\WI371A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-03-16 180224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Obsah adrese 'Naplnovan lohy'
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 11:20]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 11:20]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488611974-836433622-4117732827-1001Core.job
- c:\users\ADMIN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 12:55]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-488611974-836433622-4117732827-1001UA.job
- c:\users\ADMIN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-02 12:55]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 10.0.0.138
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
FF - ProfilePath - c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\x4zjju45.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=
.
.
------- Asociace soubor -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
HKLM-Run-nvch - rchnewver.dll
AddRemove-Cultures2 - c:\windows\IsUn0405.exe
AddRemove-yuPlay ??????_is1 - c:\program files\Gaijin\Wings of Prey\yuPlay\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 16:05
Windows 6.0.6002 Service Pack 2 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-488611974-836433622-4117732827-1001\Software\AppDataLow\   
*]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"lastcheck_daily_ping"=dword:00000000
.
[HKEY_USERS\S-1-5-21-488611974-836433622-4117732827-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:05,c4,8a,88,f3,11,97,31,16,c5,2c,76,fe,fa,30,42,8b,48,b7,15,78,18,de,
   57,d9,0f,47,9b,49,55,0b,71,48,7c,01,5b,42,49,79,cd,e2,a6,f2,09,1a,9c,b0,10,\
"??"=hex:b8,44,c5,c3,77,c3,54,36,00,bf,de,57,a0,1d,49,c6
.
[HKEY_USERS\S-1-5-21-488611974-836433622-4117732827-1001\Software\SecuROM\License information*]
"datasecu"=hex:ac,48,d2,5c,c6,11,93,8a,07,80,44,8a,51,3b,1a,01,64,2f,db,9b,24,
   c7,56,16,db,38,bb,99,52,9d,7d,b9,81,3e,6a,3c,25,8e,df,e1,eb,2c,bc,1d,df,2e,\
"rkeysecu"=hex:e0,d5,8a,5e,fb,0d,8c,9b,b5,c1,02,c3,e4,85,00,27
.
Celkov as: 2011-12-20  16:09:16
ComboFix-quarantined-files.txt  2011-12-20 15:09
.
Ped sputnm: Volnch bajt: 303795929088
Po sputn: Volnch bajt: 302672986112
.
- - End Of File - - 951C21FC4962AFD73507D6CA0FC70732
