objevil se rootkit,pc je pomalý

[dwarf253]

Dobrý den,
Avast mi začal vyhazovat upozornění na desítku souborů napadené rootkitem,objevil se dnes i červ,takže dávám log z rsit....děkuju za radu

Logfile of random's system information tool 1.06 (written by random/random)
Run by I'am the BOSS at 2010-02-26 21:44:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 121 GB (40%) free of 305 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:48, on 26.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\MuralPix\MpAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\CursorFX\CursorFX.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Bezdrátová klávesnice a myš Labtec\MagicKey.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Bezdrátová klávesnice a myš Labtec\OSD.EXE
C:\Documents and Settings\I'am the BOSS\Plocha\HYGIENA\RootkitRevealer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\I'am the BOSS\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\I'am the BOSS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MuralPixAgent] C:\MuralPix\MpAgent.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorFX] "C:\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-21-343818398-1417001333-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '@nNi€')
O4 - HKUS\S-1-5-21-343818398-1417001333-839522115-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '@nNi€')
O4 - HKUS\S-1-5-21-343818398-1417001333-839522115-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '@nNi€')
O4 - HKUS\S-1-5-21-343818398-1417001333-839522115-1006\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (User '@nNi€')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-343818398-1417001333-839522115-1006 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User '@nNi€')
O4 - S-1-5-21-343818398-1417001333-839522115-1006 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User '@nNi€')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: winesm32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Povolit program Bezdrátová klávesnice a myš Labtec.lnk = ?
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFAEF903-3ADF-41DB-B85A-6052FEE05649}: NameServer = 62.129.50.20,62.129.32.100
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ZTJXIFCGEJUA - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\I'AMTH~1\LOCALS~1\Temp\ZTJXIFCGEJUA.exe

--
End of file - 12767 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-10 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Stylish Profile\enlbrdr.dll [2010-01-07 185344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-12-08 550912]
"ShowWnd"=C:\WINDOWS\ShowWnd.exe [2003-09-18 36864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-07-13 1077248]
"Adobe Reader Speed Launcher"=C:\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SMSTray"=C:\Samsung Media Studio 5\SMSTray.exe [2007-02-23 126976]
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe [2007-01-30 57344]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"MuralPixAgent"=C:\MuralPix\MpAgent.exe [2006-12-30 102400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"CursorFX"=C:\CursorFX\CursorFX.exe [2008-07-07 416768]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech Desktop Messenger.lnk - C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Povolit program Bezdrátová klávesnice a myš Labtec.lnk - C:\Program Files\Bezdrátová klávesnice a myš Labtec\MagicKey.exe

C:\Documents and Settings\I'am the BOSS\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\gisusuje.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Pro Evolution Soccer 2008\PES2008.exe"="C:\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Condition Zero\czero.exe"="C:\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\Knights Of The Temple\Templar.exe"="C:\Knights Of The Temple\Templar.exe:*:Enabled:Templar"
"C:\Documents and Settings\I'am the BOSS\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\I'am the BOSS\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Pro Evolution Soccer 2008\xex\PES2008.exe"="C:\Pro Evolution Soccer 2008\xex\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\uTorrent\utorrent.exe"="C:\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\FlashGet\flashget.exe"="C:\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Football Manager 2009\fm.exe"="C:\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009"
"C:\SopCast\adv\SopAdver.exe"="C:\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\SopCast\SopCast.exe"="C:\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe"="C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)"
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe"="C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Pro Evolution Soccer 2010\pes2010.exe"="C:\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe:*:Disabled:Football Manager 2010 Demo"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2010-02-26 21:44:37 ----D---- C:\rsit
2010-02-24 11:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-20 11:16:03 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\MuralPix
2010-02-20 11:16:01 ----D---- C:\MuralPix
2010-02-10 19:35:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 19:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 19:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 19:32:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 19:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 19:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 19:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 19:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 19:32:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-10 18:00:21 ----D---- C:\Program Files\Apple Software Update
2010-02-08 13:51:37 ----D---- C:\Program Files\Stylish Profile
2010-01-30 10:00:28 ----D---- C:\Program Files\Common Files\Nero
2010-01-30 09:46:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited

======List of files/folders modified in the last 1 months======

2010-02-26 21:44:39 ----D---- C:\Program Files\HijackThis
2010-02-26 21:41:28 ----D---- C:\Program Files\Mozilla Firefox
2010-02-26 21:24:37 ----D---- C:\WINDOWS\system32
2010-02-26 21:24:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-26 20:38:50 ----D---- C:\WINDOWS\system32\drivers
2010-02-26 20:37:43 ----D---- C:\WINDOWS\Temp
2010-02-26 20:37:42 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\OpenOffice.org2
2010-02-26 20:28:07 ----D---- C:\WINDOWS
2010-02-26 20:25:02 ----D---- C:\Samsung Media Studio 5
2010-02-26 20:22:26 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\AIMP
2010-02-26 18:59:20 ----SHD---- C:\WINDOWS\Installer
2010-02-26 14:21:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-26 14:18:18 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-25 19:16:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-25 18:58:54 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\gtk-2.0
2010-02-24 16:55:17 ----A---- C:\WINDOWS\win.ini
2010-02-24 11:17:52 ----HD---- C:\WINDOWS\inf
2010-02-21 15:11:11 ----D---- C:\Program Files\uTorrent
2010-02-21 13:00:26 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\uTorrent
2010-02-19 19:06:25 ----D---- C:\WINDOWS\Prefetch
2010-02-19 15:01:16 ----D---- C:\Program Files\Ask.com
2010-02-19 15:01:15 ----SD---- C:\WINDOWS\Tasks
2010-02-17 15:24:11 ----A---- C:\WINDOWS\FISHUI.INI
2010-02-13 08:20:08 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-11 18:35:07 ----D---- C:\Program Files
2010-02-11 18:34:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-02-10 19:35:05 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 19:35:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-07 10:22:55 ----D---- C:\CoD Modern Warfare 2
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-01 14:43:29 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-30 14:05:18 ----D---- C:\WINDOWS\SxsCaPendDel
2010-01-30 10:41:29 ----D---- C:\Program Files\ICQ6.5
2010-01-30 10:00:51 ----D---- C:\Program Files\Nero
2010-01-30 10:00:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-01-30 10:00:28 ----D---- C:\Program Files\Common Files
2010-01-30 09:58:55 ----D---- C:\WINDOWS\WinSxS
2010-01-30 09:58:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-28 15:44:16 ----D---- C:\Pro Evolution Soccer 2010

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 11776]
R1 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 9548]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-04 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 ae556pnm;ae556pnm; C:\WINDOWS\system32\drivers\ae556pnm.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-08 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 ZTJXIFCGEJUA;ZTJXIFCGEJUA; C:\DOCUME~1\I'AMTH~1\LOCALS~1\Temp\ZTJXIFCGEJUA.exe [2010-02-26 523136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Můžeme smazat ICQ ToolBar a Ask Toolbar


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[dwarf253]

ComboFix 10-02-26.01 - I'am the BOSS 26.02.2010 22:46:13.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1536 [GMT 1:00]
Spuštěný z: c:\documents and settings\I'am the BOSS\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100226-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\@nNi€\Plocha\[Torrentsworld.net] - Jonas Brothers - Lines, Vines and Trying Times.torrent
c:\documents and settings\@nNi€\Plocha\[Torrentsworld.net] - Jonas Brothers - Lines, Vines and Trying Times.torrent
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\muzapp.exe
c:\windows\system32\twain_32.dll

c:\windows\system32\drivers\asyncmac.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\asyncmac.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 21:50 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-02-26 21:50 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-02-26 20:44 . 2010-02-26 20:44 -------- d-----w- C:\rsit
2010-02-26 20:07 . 2010-02-26 20:07 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2010-02-26 13:17 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-26 13:17 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-26 13:17 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-26 13:17 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-26 13:17 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-26 13:17 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-20 10:16 . 2010-02-20 10:16 160 ----a-w- c:\windows\LearsyShare.dat
2010-02-20 10:16 . 2010-02-20 10:16 -------- d-----w- C:\MuralPix
2010-02-10 17:00 . 2010-02-10 17:00 -------- d-----w- c:\program files\Apple Software Update
2010-02-08 12:51 . 2010-02-08 12:51 -------- d-----w- c:\program files\Stylish Profile
2010-01-30 09:00 . 2010-01-30 09:01 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 13:18 . 2009-01-09 17:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 13:14 . 2010-02-26 13:14 792064 ----a-w- c:\windows\system32\drivers\OLD280.tmp
2010-02-21 14:11 . 2009-02-09 16:20 -------- d-----w- c:\program files\uTorrent
2010-02-19 14:01 . 2009-07-12 07:53 -------- d-----w- c:\program files\Ask.com
2010-02-13 07:20 . 2008-10-12 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-30 09:41 . 2009-03-11 16:40 -------- d-----w- c:\program files\ICQ6.5
2010-01-30 09:00 . 2008-01-30 17:34 -------- d-----w- c:\program files\Nero
2010-01-15 16:53 . 2008-11-15 06:29 -------- d-----w- c:\program files\Opera
2010-01-15 16:04 . 2008-01-30 12:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 14:23 . 2008-03-08 11:15 -------- d-----w- c:\program files\Electronic Arts
2010-01-10 14:51 . 2010-01-10 14:51 -------- d-----w- c:\program files\BRS
2010-01-10 14:50 . 2008-03-05 16:45 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-10 14:50 . 2008-03-05 16:45 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-10 14:50 . 2008-03-05 16:45 -------- d-----w- c:\program files\OpenAL
2010-01-10 14:28 . 2010-01-10 14:28 -------- d-----w- c:\program files\Codemasters
2010-01-10 14:22 . 2009-01-07 05:52 -------- d-----w- c:\program files\Sports Interactive
2010-01-05 09:58 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 17:48 . 2009-12-29 17:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-29 17:48 . 2009-12-29 17:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-12-29 17:48 . 2009-12-29 17:48 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-29 17:33 . 2009-12-29 17:33 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-12-29 17:33 . 2004-08-18 12:00 401462 ----a-w- c:\windows\system32\MSVCP60.DLL
2009-12-29 17:32 . 2009-12-29 17:32 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-25 08:07 . 2009-12-25 08:07 65024 ----a-w- c:\windows\IFinst26.exe
2009-12-17 07:42 . 2008-01-30 12:12 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 12:31 . 2004-08-18 12:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 12:31 . 2004-08-18 12:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{95289393-33EA-4F8D-B952-483415B9C955}"= "c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-02-10 119808]

[HKEY_CLASSES_ROOT\clsid\{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
2009-02-10 14:56 119808 ----a-w- c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"CursorFX"="c:\cursorfx\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CHotkey"="zHotkey.exe" [2004-12-08 550912]
"ShowWnd"="ShowWnd.exe" [2003-09-18 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-07-13 1077248]
"Adobe Reader Speed Launcher"="c:\adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSTray"="c:\samsung media studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"MuralPixAgent"="c:\muralpix\MpAgent.exe" [2006-12-30 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\@nNi?\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\Mamźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\Tatka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]
PowerReg Scheduler.exe [2008-2-2 256000]

c:\documents and settings\I'am the BOSS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]
winesm32.exe [2008-4-14 29184]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-29 67128]
Logitech SetPoint.lnk - c:\logitech\SetPoint\SetPoint.exe [2009-12-29 688128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Povolit program Bezdr tov  kl vesnice a myç Labtec.lnk - c:\program files\Bezdr tov  kl vesnice a myç Labtec\MagicKey.exe [2008-12-29 258048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\alienguise\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Condition Zero\\czero.exe"=
"c:\\Documents and Settings\\I'am the BOSS\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Pro Evolution Soccer 2008\\xex\\PES2008.exe"=
"c:\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\SopCast\\adv\\SopAdver.exe"=
"c:\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2008 8:29 715248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.8.2008 12:32 114768]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [1.2.2008 10:42 11776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2008 12:32 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.3.2009 17:42 222456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\sasenum.sys [28.5.2008 10:33 792064]
S3 ZTJXIFCGEJUA;ZTJXIFCGEJUA;c:\docume~1\I'AMTH~1\LOCALS~1\Temp\ZTJXIFCGEJUA.exe --> c:\docume~1\I'AMTH~1\LOCALS~1\Temp\ZTJXIFCGEJUA.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {FFAEF903-3ADF-41DB-B85A-6052FEE05649} = 62.129.50.20,62.129.32.100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\I'am the BOSS\Data aplikací\Mozilla\Firefox\Profiles\zo6n9qws.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/|http://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
SafeBoot-AVG Anti-Spyware Driver
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 22:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys sfsync02.sys atapi.sys spww.sys >>UNKNOWN [0x8A3E6944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba91cf28
\Driver\ACPI -> ACPI.sys @ 0xba669cb8
\Driver\atapi -> sfsync03.sys @ 0xba8e995c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba51abb0
PacketIndicateHandler -> NDIS.sys @ 0xba527a21
SendHandler -> NDIS.sys @ 0xba50587b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"=""
"ShortlistDir"=""
"ScreenshotsDir"=""
"SaveDir"="c:\\Documents and Settings\\I&apos;am the BOSS\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\I'am the BOSS\\Plocha\\programs\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\I'am the BOSS\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games\\FC FCB FC BANIK OLE.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="C8-F345-2643"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,e1,de,42,0d,a9,68,af,58,9b,21,f2,f6,59,d0,cf,32,d0,e9,3a,4c,8a,f0,
1d,7b,29,1b,b6,88,41,ad,6c,2a,f1,da,d6,05,26,41,78,7e,d3,a3,98,0f,2b,77,94,\
"??"=hex:41,4c,c7,73,4a,a1,b8,12,56,08,27,18,87,e6,75,b2

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\SecuROM\License information*]
"datasecu"=hex:18,d6,6c,ef,6f,b8,5e,59,ad,46,c7,2f,92,a0,d8,93,0e,d7,80,26,65,
5d,1f,71,6e,a8,2f,ac,1a,b7,8f,53,19,1b,99,ad,d7,aa,df,a7,83,e6,56,fa,7a,ae,\
"rkeysecu"=hex:93,30,3d,94,89,6f,5b,ec,a9,d6,12,46,5b,bd,a7,e5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\alienguise\fastload.dll

- - - - - - - > 'explorer.exe'(668)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-26 23:00:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-26 22:00
ComboFix2.txt 2009-01-12 04:59
ComboFix3.txt 2009-01-10 05:40

Před spuštěním: Volných bajtů: 129 846 394 880
Po spuštění: Volných bajtů: 132 432 203 776

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 2AC10CF0C9A8E9A2C92A3B00995C5368

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File:: 
C:\Documents and Settings\I'am the BOSS\Nabídka Start\Programy\Po spuštění\winesm32.exe

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

• uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
• po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\system32\gisusuje.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

[dwarf253]

ComboFix 10-02-26.01 - I'am the BOSS 26.02.2010 23:20:10.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1550 [GMT 1:00]
Spuštěný z: c:\documents and settings\I'am the BOSS\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\I'am the BOSS\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100226-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\I'am the BOSS\Nabídka Start\Programy\Po spuštění\winesm32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\I'am the BOSS\Nabídka Start\Programy\Po spuštění\winesm32.exe
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 21:50 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-02-26 21:50 . 2008-04-13 18:57 14336 ------w- c:\windows\system32\drivers\asyncmac.sys
2010-02-26 20:44 . 2010-02-26 20:44 -------- d-----w- C:\rsit
2010-02-26 20:07 . 2010-02-26 20:07 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2010-02-26 13:17 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-26 13:17 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-26 13:17 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-26 13:17 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-26 13:17 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-26 13:17 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-20 10:16 . 2010-02-20 10:16 160 ----a-w- c:\windows\LearsyShare.dat
2010-02-20 10:16 . 2010-02-20 10:16 -------- d-----w- C:\MuralPix
2010-02-10 17:00 . 2010-02-10 17:00 -------- d-----w- c:\program files\Apple Software Update
2010-02-08 12:51 . 2010-02-08 12:51 -------- d-----w- c:\program files\Stylish Profile
2010-01-30 09:00 . 2010-01-30 09:01 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 13:18 . 2009-01-09 17:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 13:14 . 2010-02-26 13:14 792064 ----a-w- c:\windows\system32\drivers\OLD280.tmp
2010-02-21 14:11 . 2009-02-09 16:20 -------- d-----w- c:\program files\uTorrent
2010-02-13 07:20 . 2008-10-12 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-30 09:41 . 2009-03-11 16:40 -------- d-----w- c:\program files\ICQ6.5
2010-01-30 09:00 . 2008-01-30 17:34 -------- d-----w- c:\program files\Nero
2010-01-15 16:53 . 2008-11-15 06:29 -------- d-----w- c:\program files\Opera
2010-01-15 16:04 . 2008-01-30 12:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 14:23 . 2008-03-08 11:15 -------- d-----w- c:\program files\Electronic Arts
2010-01-10 14:51 . 2010-01-10 14:51 -------- d-----w- c:\program files\BRS
2010-01-10 14:50 . 2008-03-05 16:45 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-10 14:50 . 2008-03-05 16:45 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-10 14:50 . 2008-03-05 16:45 -------- d-----w- c:\program files\OpenAL
2010-01-10 14:28 . 2010-01-10 14:28 -------- d-----w- c:\program files\Codemasters
2010-01-10 14:22 . 2009-01-07 05:52 -------- d-----w- c:\program files\Sports Interactive
2010-01-05 09:58 . 2004-08-18 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 17:48 . 2009-12-29 17:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-29 17:48 . 2009-12-29 17:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-12-29 17:48 . 2009-12-29 17:48 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-29 17:33 . 2009-12-29 17:33 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-12-29 17:33 . 2004-08-18 12:00 401462 ----a-w- c:\windows\system32\MSVCP60.DLL
2009-12-29 17:32 . 2009-12-29 17:32 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-25 08:07 . 2009-12-25 08:07 65024 ----a-w- c:\windows\IFinst26.exe
2009-12-17 07:42 . 2008-01-30 12:12 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 12:31 . 2004-08-18 12:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 12:31 . 2004-08-18 12:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_21.52.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-26 22:18 . 2010-02-26 22:18 16384 c:\windows\Temp\Perflib_Perfdata_738.dat
+ 2010-02-26 22:19 . 2010-02-26 22:19 16384 c:\windows\Temp\Perflib_Perfdata_6c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{95289393-33EA-4F8D-B952-483415B9C955}"= "c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-02-10 119808]

[HKEY_CLASSES_ROOT\clsid\{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
2009-02-10 14:56 119808 ----a-w- c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"CursorFX"="c:\cursorfx\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CHotkey"="zHotkey.exe" [2004-12-08 550912]
"ShowWnd"="ShowWnd.exe" [2003-09-18 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-07-13 1077248]
"Adobe Reader Speed Launcher"="c:\adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSTray"="c:\samsung media studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"MuralPixAgent"="c:\muralpix\MpAgent.exe" [2006-12-30 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\@nNi?\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\Mamźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\Tatka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]
PowerReg Scheduler.exe [2008-2-2 256000]

c:\documents and settings\I'am the BOSS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-29 67128]
Logitech SetPoint.lnk - c:\logitech\SetPoint\SetPoint.exe [2009-12-29 688128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Povolit program Bezdr tov  kl vesnice a myç Labtec.lnk - c:\program files\Bezdr tov  kl vesnice a myç Labtec\MagicKey.exe [2008-12-29 258048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\alienguise\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Condition Zero\\czero.exe"=
"c:\\Documents and Settings\\I'am the BOSS\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Pro Evolution Soccer 2008\\xex\\PES2008.exe"=
"c:\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\SopCast\\adv\\SopAdver.exe"=
"c:\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.8.2008 12:32 114768]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [1.2.2008 10:42 11776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2008 12:32 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.3.2009 17:42 222456]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2008 8:29 715248]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\sasenum.sys [28.5.2008 10:33 792064]
S3 ZTJXIFCGEJUA;ZTJXIFCGEJUA;c:\docume~1\I'AMTH~1\LOCALS~1\Temp\ZTJXIFCGEJUA.exe --> c:\docume~1\I'AMTH~1\LOCALS~1\Temp\ZTJXIFCGEJUA.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {FFAEF903-3ADF-41DB-B85A-6052FEE05649} = 62.129.50.20,62.129.32.100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\I'am the BOSS\Data aplikací\Mozilla\Firefox\Profiles\zo6n9qws.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/|http://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 23:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"=""
"ShortlistDir"=""
"ScreenshotsDir"=""
"SaveDir"="c:\\Documents and Settings\\I&apos;am the BOSS\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\I'am the BOSS\\Plocha\\programs\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\I'am the BOSS\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games\\FC FCB FC BANIK OLE.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="C8-F345-2643"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,e1,de,42,0d,a9,68,af,58,9b,21,f2,f6,59,d0,cf,32,d0,e9,3a,4c,8a,f0,
1d,7b,29,1b,b6,88,41,ad,6c,2a,f1,da,d6,05,26,41,78,7e,d3,a3,98,0f,2b,77,94,\
"??"=hex:41,4c,c7,73,4a,a1,b8,12,56,08,27,18,87,e6,75,b2

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\SecuROM\License information*]
"datasecu"=hex:18,d6,6c,ef,6f,b8,5e,59,ad,46,c7,2f,92,a0,d8,93,0e,d7,80,26,65,
5d,1f,71,6e,a8,2f,ac,1a,b7,8f,53,19,1b,99,ad,d7,aa,df,a7,83,e6,56,fa,7a,ae,\
"rkeysecu"=hex:93,30,3d,94,89,6f,5b,ec,a9,d6,12,46,5b,bd,a7,e5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\alienguise\fastload.dll
.
Celkový čas: 2010-02-26 23:33:47
ComboFix-quarantined-files.txt 2010-02-26 22:33
ComboFix2.txt 2010-02-26 22:00
ComboFix3.txt 2009-01-12 04:59
ComboFix4.txt 2009-01-10 05:40

Před spuštěním: Volných bajtů: 132 441 767 936
Po spuštění: Volných bajtů: 132 403 425 280

- - End Of File - - 6B0237D693EFF8A251E7C179F78BF186


a cestu k souboru gisusuje.dll jsem tam zkoušel vložit,ale nejde to a soubor jsem ani nenašel

[dwarf253]

a ještě se chci zeptat,protože mi nejde připojit do PC žádný usb kabel(ani od mobilu,ani od mp3 přehrávače)...jestli tedy nevíte,čím by to mohlo být....díky za odpovědi

edit: tak tohle už je vyřešeno

[Caroprd111]

Ještě jednou spusťte ComboFix s tímto skriptem.

Kód: Vybrat vše

Driver::
ZTJXIFCGEJUA

File::
c:\docume~1\I'AMTH~1\LOCALS~1\Temp\ZTJXIFCGEJUA.exe 

[dwarf253]

ComboFix 10-02-26.02 - I'am the BOSS 28.02.2010 13:18:19.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1553 [GMT 1:00]
Spuštěný z: c:\documents and settings\I'am the BOSS\Plocha\HYGIENA\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\I'am the BOSS\Plocha\HYGIENA\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100227-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\docume~1\I'AMTH~1\LOCALS~1\Temp\ZTJXIFCGEJUA.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZTJXIFCGEJUA
-------\Service_ZTJXIFCGEJUA


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-28 do 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-27 09:58 . 2010-02-27 09:58 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-27 09:58 . 2010-02-27 10:02 -------- d-----w- C:\DAEMON Tools Lite
2010-02-26 21:50 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-02-26 21:50 . 2008-04-13 18:57 14336 ------w- c:\windows\system32\drivers\asyncmac.sys
2010-02-26 20:44 . 2010-02-26 20:44 -------- d-----w- C:\rsit
2010-02-26 20:07 . 2010-02-26 20:07 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2010-02-26 13:17 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-26 13:17 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-26 13:17 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-26 13:17 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-26 13:17 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-26 13:17 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-20 10:16 . 2010-02-20 10:16 160 ----a-w- c:\windows\LearsyShare.dat
2010-02-20 10:16 . 2010-02-20 10:16 -------- d-----w- C:\MuralPix
2010-02-10 17:00 . 2010-02-10 17:00 -------- d-----w- c:\program files\Apple Software Update
2010-02-08 12:51 . 2010-02-08 12:51 -------- d-----w- c:\program files\Stylish Profile
2010-01-30 09:00 . 2010-01-30 09:01 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 09:58 . 2008-02-17 07:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-26 13:18 . 2009-01-09 17:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 13:14 . 2010-02-26 13:14 792064 ----a-w- c:\windows\system32\drivers\OLD280.tmp
2010-02-21 14:11 . 2009-02-09 16:20 -------- d-----w- c:\program files\uTorrent
2010-02-13 07:20 . 2008-10-12 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-30 09:41 . 2009-03-11 16:40 -------- d-----w- c:\program files\ICQ6.5
2010-01-30 09:00 . 2008-01-30 17:34 -------- d-----w- c:\program files\Nero
2010-01-15 16:53 . 2008-11-15 06:29 -------- d-----w- c:\program files\Opera
2010-01-15 16:04 . 2008-01-30 12:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 14:23 . 2008-03-08 11:15 -------- d-----w- c:\program files\Electronic Arts
2010-01-10 14:51 . 2010-01-10 14:51 -------- d-----w- c:\program files\BRS
2010-01-10 14:50 . 2008-03-05 16:45 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-10 14:50 . 2008-03-05 16:45 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-10 14:50 . 2008-03-05 16:45 -------- d-----w- c:\program files\OpenAL
2010-01-10 14:28 . 2010-01-10 14:28 -------- d-----w- c:\program files\Codemasters
2010-01-10 14:22 . 2009-01-07 05:52 -------- d-----w- c:\program files\Sports Interactive
2010-01-05 09:58 . 2004-08-18 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 17:33 . 2009-12-29 17:33 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-12-29 17:33 . 2004-08-18 12:00 401462 ----a-w- c:\windows\system32\MSVCP60.DLL
2009-12-25 08:07 . 2009-12-25 08:07 65024 ----a-w- c:\windows\IFinst26.exe
2009-12-17 07:42 . 2008-01-30 12:12 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 12:31 . 2004-08-18 12:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 12:31 . 2004-08-18 12:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_21.52.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-28 12:29 . 2010-02-28 12:29 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
- 2010-02-26 21:52 . 2010-02-26 21:52 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
+ 2010-02-28 12:29 . 2010-02-28 12:29 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
+ 2010-02-27 19:11 . 2010-02-27 19:11 46392 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\ProductName.chm.de_E8BE655ADEA641369B5E012FC4DD61C6.exe
+ 2010-02-27 19:11 . 2010-02-27 19:11 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.pt_6CF114D33913468CBA2AA6967939B819.exe
+ 2010-02-27 19:11 . 2010-02-27 19:11 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.it_251B66F1CA924E82A1EE29E85D5EC5A1.exe
+ 2010-02-27 19:11 . 2010-02-27 19:11 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.fr_E1678746353A46E3A9150D3E8B3832B1.exe
+ 2010-02-27 19:11 . 2010-02-27 19:11 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.es_654C8EA5162D4D4084239A5EDD67F462.exe
+ 2010-02-27 19:12 . 2010-02-27 19:12 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\f174336d77cca9803f143aeba56531e9\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\0cc40a53f7164b18276f528714befc40\XPBurnComponent.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 303616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\fd11431610ee99e6f551a75cf7002750\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 148992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\9ab053bddaf1831f7b21e77165a2eef7\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 309248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\05b903398e7615fd16371cce6c4cf6a3\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 230400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\3003a4c83ac14600b7e3225f934b4d54\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 307200 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\7e2dd8bd0295498d5e550f00c088d378\DriversHQ.DriverDetective.Common.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 296960 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\546ee146131e448c9838049fc12a888b\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 483328 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.Common\e9cb4203837a8ffad211d0507fd833cf\DriversHQ.Common.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 3833856 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\a7ae5f0b8a629fb4bc01dd81af2e5ee7\DriversHQ.DriverDetective.Client.ni.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{95289393-33EA-4F8D-B952-483415B9C955}"= "c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-02-10 119808]

[HKEY_CLASSES_ROOT\clsid\{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
2009-02-10 14:56 119808 ----a-w- c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"CursorFX"="c:\cursorfx\CursorFX.exe" [2008-07-07 416768]
"DAEMON Tools Lite"="c:\daemon tools lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CHotkey"="zHotkey.exe" [2004-12-08 550912]
"ShowWnd"="ShowWnd.exe" [2003-09-18 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-07-13 1077248]
"Adobe Reader Speed Launcher"="c:\adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSTray"="c:\samsung media studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"MuralPixAgent"="c:\muralpix\MpAgent.exe" [2006-12-30 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\@nNi?\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\Mamźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\Tatka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]
PowerReg Scheduler.exe [2008-2-2 256000]

c:\documents and settings\I'am the BOSS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]
winesm32.exe [2008-4-14 29184]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-29 67128]
Logitech SetPoint.lnk - c:\logitech\SetPoint\SetPoint.exe [2009-12-29 688128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Povolit program Bezdr tov  kl vesnice a myç Labtec.lnk - c:\program files\Bezdr tov  kl vesnice a myç Labtec\MagicKey.exe [2008-12-29 258048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\alienguise\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Condition Zero\\czero.exe"=
"c:\\Documents and Settings\\I'am the BOSS\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Pro Evolution Soccer 2008\\xex\\PES2008.exe"=
"c:\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\SopCast\\adv\\SopAdver.exe"=
"c:\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2008 8:29 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.8.2008 12:32 114768]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [1.2.2008 10:42 11776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2008 12:32 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.3.2009 17:42 222456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\sasenum.sys [28.5.2008 10:33 792064]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {FFAEF903-3ADF-41DB-B85A-6052FEE05649} = 62.129.50.20,62.129.32.100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\I'am the BOSS\Data aplikací\Mozilla\Firefox\Profiles\zo6n9qws.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/|http://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: c:\adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 13:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys sfsync02.sys atapi.sys spfo.sys >>UNKNOWN [0x8A3E3938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba91cf28
\Driver\ACPI -> ACPI.sys @ 0xba674cb8
\Driver\atapi -> sfsync03.sys @ 0xba8e995c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba525bb0
PacketIndicateHandler -> NDIS.sys @ 0xba532a21
SendHandler -> NDIS.sys @ 0xba51087b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"=""
"ShortlistDir"=""
"ScreenshotsDir"=""
"SaveDir"="c:\\Documents and Settings\\I&apos;am the BOSS\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\I'am the BOSS\\Plocha\\programs\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\I'am the BOSS\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games\\FC FCB FC BANIK OLE.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="C8-F345-2643"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,e1,de,42,0d,a9,68,af,58,9b,21,f2,f6,59,d0,cf,32,d0,e9,3a,4c,8a,f0,
1d,7b,29,1b,b6,88,41,ad,6c,2a,f1,da,d6,05,26,41,78,7e,d3,a3,98,0f,2b,77,94,\
"??"=hex:41,4c,c7,73,4a,a1,b8,12,56,08,27,18,87,e6,75,b2

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\SecuROM\License information*]
"datasecu"=hex:18,d6,6c,ef,6f,b8,5e,59,ad,46,c7,2f,92,a0,d8,93,0e,d7,80,26,65,
5d,1f,71,6e,a8,2f,ac,1a,b7,8f,53,19,1b,99,ad,d7,aa,df,a7,83,e6,56,fa,7a,ae,\
"rkeysecu"=hex:93,30,3d,94,89,6f,5b,ec,a9,d6,12,46,5b,bd,a7,e5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\alienguise\fastload.dll

- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-28 13:37:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-28 12:36
ComboFix2.txt 2010-02-26 22:33
ComboFix3.txt 2010-02-26 22:00
ComboFix4.txt 2009-01-12 04:59
ComboFix5.txt 2010-02-27 09:02

Před spuštěním: Volných bajtů: 130 795 167 744
Po spuštění: Volných bajtů: 130 764 197 888

- - End Of File - - 8CF63D4366AD7A1BEEF53A500C458366

tady je log,omlouvám se že až teď ale nebyl jsem na pc

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
C:\Documents and Settings\I'am the BOSS\Nabídka Start\Programy\Po spuštění\winesm32.exe

• uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
• po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[dwarf253]

ComboFix 10-02-26.02 - I'am the BOSS 06.03.2010 7:28.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1550 [GMT 1:00]
Spuštěný z: c:\documents and settings\I'am the BOSS\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\I'am the BOSS\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100305-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\I'am the BOSS\Nabídka Start\Programy\Po spuštění\winesm32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-06 do 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-02 17:49 . 2010-03-02 17:49 -------- d-----w- c:\program files\QIP
2010-03-02 15:53 . 2010-03-02 15:53 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-27 09:58 . 2010-02-27 09:58 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-27 09:58 . 2010-02-27 10:02 -------- d-----w- C:\DAEMON Tools Lite
2010-02-26 21:50 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-02-26 21:50 . 2008-04-13 18:57 14336 ------w- c:\windows\system32\drivers\asyncmac.sys
2010-02-26 20:44 . 2010-02-26 20:44 -------- d-----w- C:\rsit
2010-02-26 20:07 . 2010-02-26 20:07 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2010-02-26 13:17 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-26 13:17 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-26 13:17 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-26 13:17 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-26 13:17 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-26 13:17 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-20 10:16 . 2010-02-20 10:16 160 ----a-w- c:\windows\LearsyShare.dat
2010-02-20 10:16 . 2010-02-20 10:16 -------- d-----w- C:\MuralPix
2010-02-10 17:00 . 2010-02-10 17:00 -------- d-----w- c:\program files\Apple Software Update
2010-02-08 12:51 . 2010-02-08 12:51 -------- d-----w- c:\program files\Stylish Profile

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 09:58 . 2008-02-17 07:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-26 13:18 . 2009-01-09 17:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-26 13:14 . 2010-02-26 13:14 792064 ----a-w- c:\windows\system32\drivers\OLD280.tmp
2010-02-21 14:11 . 2009-02-09 16:20 -------- d-----w- c:\program files\uTorrent
2010-02-13 07:20 . 2008-10-12 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-30 09:41 . 2009-03-11 16:40 -------- d-----w- c:\program files\ICQ6.5
2010-01-30 09:01 . 2010-01-30 09:00 -------- d-----w- c:\program files\Common Files\Nero
2010-01-30 09:00 . 2008-01-30 17:34 -------- d-----w- c:\program files\Nero
2010-01-15 16:53 . 2008-11-15 06:29 -------- d-----w- c:\program files\Opera
2010-01-15 16:04 . 2008-01-30 12:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 14:23 . 2008-03-08 11:15 -------- d-----w- c:\program files\Electronic Arts
2010-01-10 14:51 . 2010-01-10 14:51 -------- d-----w- c:\program files\BRS
2010-01-10 14:50 . 2008-03-05 16:45 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-10 14:50 . 2008-03-05 16:45 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-10 14:50 . 2008-03-05 16:45 -------- d-----w- c:\program files\OpenAL
2010-01-10 14:28 . 2010-01-10 14:28 -------- d-----w- c:\program files\Codemasters
2010-01-10 14:22 . 2009-01-07 05:52 -------- d-----w- c:\program files\Sports Interactive
2010-01-05 09:58 . 2004-08-18 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 17:33 . 2009-12-29 17:33 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-12-29 17:33 . 2004-08-18 12:00 401462 ----a-w- c:\windows\system32\MSVCP60.DLL
2009-12-25 08:07 . 2009-12-25 08:07 65024 ----a-w- c:\windows\IFinst26.exe
2009-12-17 07:42 . 2008-01-30 12:12 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 12:31 . 2004-08-18 12:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 12:31 . 2004-08-18 12:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_21.52.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-06 06:26 . 2010-03-06 06:26 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2010-03-06 06:26 . 2010-03-06 06:26 16384 c:\windows\Temp\Perflib_Perfdata_67c.dat
+ 2008-01-30 12:34 . 2010-03-02 15:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-30 12:34 . 2010-02-26 13:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-30 12:34 . 2010-02-26 13:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-30 12:34 . 2010-03-02 15:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-02 15:53 . 2010-03-02 15:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-02-27 19:11 . 2010-02-27 19:11 46392 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\ProductName.chm.de_E8BE655ADEA641369B5E012FC4DD61C6.exe
+ 2010-02-27 19:11 . 2010-02-27 19:11 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.pt_6CF114D33913468CBA2AA6967939B819.exe
+ 2010-02-27 19:11 . 2010-02-27 19:11 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.it_251B66F1CA924E82A1EE29E85D5EC5A1.exe
+ 2010-02-27 19:11 . 2010-02-27 19:11 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.fr_E1678746353A46E3A9150D3E8B3832B1.exe
+ 2010-02-27 19:11 . 2010-02-27 19:11 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.es_654C8EA5162D4D4084239A5EDD67F462.exe
+ 2010-02-27 19:12 . 2010-02-27 19:12 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\f174336d77cca9803f143aeba56531e9\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\0cc40a53f7164b18276f528714befc40\XPBurnComponent.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 303616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\fd11431610ee99e6f551a75cf7002750\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 148992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\9ab053bddaf1831f7b21e77165a2eef7\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 309248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\05b903398e7615fd16371cce6c4cf6a3\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 230400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\3003a4c83ac14600b7e3225f934b4d54\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 307200 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\7e2dd8bd0295498d5e550f00c088d378\DriversHQ.DriverDetective.Common.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 296960 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\546ee146131e448c9838049fc12a888b\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 483328 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.Common\e9cb4203837a8ffad211d0507fd833cf\DriversHQ.Common.ni.dll
+ 2010-02-27 19:12 . 2010-02-27 19:12 3833856 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\a7ae5f0b8a629fb4bc01dd81af2e5ee7\DriversHQ.DriverDetective.Client.ni.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\daemon tools lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CHotkey"="zHotkey.exe" [2004-12-08 550912]
"ShowWnd"="ShowWnd.exe" [2003-09-18 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-07-13 1077248]
"Adobe Reader Speed Launcher"="c:\adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSTray"="c:\samsung media studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"MuralPixAgent"="c:\muralpix\MpAgent.exe" [2006-12-30 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\@nNi?\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\Mamźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\Tatka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]
PowerReg Scheduler.exe [2008-2-2 256000]

c:\documents and settings\I'am the BOSS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-29 67128]
Logitech SetPoint.lnk - c:\logitech\SetPoint\SetPoint.exe [2009-12-29 688128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Povolit program Bezdr tov  kl vesnice a myç Labtec.lnk - c:\program files\Bezdr tov  kl vesnice a myç Labtec\MagicKey.exe [2008-12-29 258048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\alienguise\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Condition Zero\\czero.exe"=
"c:\\Documents and Settings\\I'am the BOSS\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Pro Evolution Soccer 2008\\xex\\PES2008.exe"=
"c:\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\SopCast\\adv\\SopAdver.exe"=
"c:\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.8.2008 12:32 114768]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [1.2.2008 10:42 11776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2008 12:32 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.3.2009 17:42 222456]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.2.2008 8:29 691696]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\sasenum.sys [28.5.2008 10:33 792064]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {FFAEF903-3ADF-41DB-B85A-6052FEE05649} = 62.129.50.20,62.129.32.100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\I'am the BOSS\Data aplikací\Mozilla\Firefox\Profiles\zo6n9qws.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/|http://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
URLSearchHooks-{95289393-33EA-4F8D-B952-483415B9C955} - c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
BHO-{95289393-33EA-4F8D-B952-483415B9C955} - c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
BHO-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - c:\documents and settings\I'am the BOSS\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 07:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"=""
"ShortlistDir"=""
"ScreenshotsDir"=""
"SaveDir"="c:\\Documents and Settings\\I&apos;am the BOSS\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\I'am the BOSS\\Plocha\\programs\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\I'am the BOSS\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games\\FC FCB FC BANIK OLE.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="C8-F345-2643"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,e1,de,42,0d,a9,68,af,58,9b,21,f2,f6,59,d0,cf,32,d0,e9,3a,4c,8a,f0,
1d,7b,29,1b,b6,88,41,ad,6c,2a,f1,da,d6,05,26,41,78,7e,d3,a3,98,0f,2b,77,94,\
"??"=hex:41,4c,c7,73,4a,a1,b8,12,56,08,27,18,87,e6,75,b2

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1007\Software\SecuROM\License information*]
"datasecu"=hex:18,d6,6c,ef,6f,b8,5e,59,ad,46,c7,2f,92,a0,d8,93,0e,d7,80,26,65,
5d,1f,71,6e,a8,2f,ac,1a,b7,8f,53,19,1b,99,ad,d7,aa,df,a7,83,e6,56,fa,7a,ae,\
"rkeysecu"=hex:93,30,3d,94,89,6f,5b,ec,a9,d6,12,46,5b,bd,a7,e5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\alienguise\fastload.dll
.
Celkový čas: 2010-03-06 07:44:08
ComboFix-quarantined-files.txt 2010-03-06 06:44
ComboFix2.txt 2010-02-28 12:37
ComboFix3.txt 2010-02-26 22:33
ComboFix4.txt 2010-02-26 22:00
ComboFix5.txt 2010-03-06 06:27

Před spuštěním: Volných bajtů: 131 100 176 384
Po spuštění: Volných bajtů: 131 116 167 168

- - End Of File - - D55A5DDDDD08E7857DFB0A017AC0A187

[Caroprd111]

Dejte nový log z RSIT.

[dwarf253]

Logfile of random's system information tool 1.06 (written by random/random)
Run by I'am the BOSS at 2010-03-06 13:07:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 125 GB (41%) free of 305 GB
Total RAM: 2047 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:39, on 6.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Bezdrátová klávesnice a myš Labtec\MagicKey.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Bezdrátová klávesnice a myš Labtec\OSD.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe
C:\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\I'am the BOSS\Plocha\programs\fmrte\FMRTE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\I'am the BOSS\Plocha\HYGIENA\RSIT.exe
C:\Program Files\HijackThis\I'am the BOSS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MuralPixAgent] C:\MuralPix\MpAgent.exe /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Povolit program Bezdrátová klávesnice a myš Labtec.lnk = ?
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFAEF903-3ADF-41DB-B85A-6052FEE05649}: NameServer = 62.129.50.20,62.129.32.100
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10555 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Stylish Profile\enlbrdr.dll [2010-01-07 185344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-12-08 550912]
"ShowWnd"=C:\WINDOWS\ShowWnd.exe [2003-09-18 36864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-07-13 1077248]
"Adobe Reader Speed Launcher"=C:\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SMSTray"=C:\Samsung Media Studio 5\SMSTray.exe [2007-02-23 126976]
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe [2007-01-30 57344]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"MuralPixAgent"=C:\MuralPix\MpAgent.exe [2006-12-30 102400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech Desktop Messenger.lnk - C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Povolit program Bezdrátová klávesnice a myš Labtec.lnk - C:\Program Files\Bezdrátová klávesnice a myš Labtec\MagicKey.exe

C:\Documents and Settings\I'am the BOSS\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Condition Zero\czero.exe"="C:\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\Documents and Settings\I'am the BOSS\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\I'am the BOSS\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Pro Evolution Soccer 2008\xex\PES2008.exe"="C:\Pro Evolution Soccer 2008\xex\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\uTorrent\utorrent.exe"="C:\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\SopCast\adv\SopAdver.exe"="C:\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\SopCast\SopCast.exe"="C:\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe"="C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)"
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe"="C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Pro Evolution Soccer 2010\pes2010.exe"="C:\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{772d1baa-2387-11df-ba42-0019dbb026ff}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2010-03-06 08:23:18 ----SHD---- C:\RECYCLER
2010-03-06 07:44:09 ----A---- C:\ComboFix.txt
2010-03-02 18:49:32 ----D---- C:\Program Files\QIP
2010-03-02 16:53:14 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-02-27 20:34:06 ----A---- C:\WINDOWS\setuplog.txt
2010-02-27 20:09:32 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\GetRightToGo
2010-02-27 10:58:46 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-02-27 10:58:35 ----D---- C:\DAEMON Tools Lite
2010-02-27 10:58:17 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\DAEMON Tools Lite
2010-02-27 10:58:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-02-26 22:38:23 ----A---- C:\Boot.bak
2010-02-26 22:38:20 ----RASHD---- C:\cmdcons
2010-02-26 22:34:06 ----A---- C:\WINDOWS\MBR.exe
2010-02-26 22:34:05 ----A---- C:\WINDOWS\PEV.exe
2010-02-26 21:44:37 ----D---- C:\rsit
2010-02-24 11:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-20 11:16:03 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\MuralPix
2010-02-20 11:16:01 ----D---- C:\MuralPix
2010-02-10 19:35:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 19:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 19:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 19:32:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 19:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 19:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 19:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 19:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 19:32:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-10 18:00:21 ----D---- C:\Program Files\Apple Software Update
2010-02-08 13:51:37 ----D---- C:\Program Files\Stylish Profile

======List of files/folders modified in the last 1 months======

2010-03-06 13:07:31 ----D---- C:\Program Files\HijackThis
2010-03-06 13:06:39 ----D---- C:\Program Files\Mozilla Firefox
2010-03-06 09:12:39 ----D---- C:\WINDOWS\Temp
2010-03-06 09:12:32 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\OpenOffice.org2
2010-03-06 08:45:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-06 08:00:34 ----D---- C:\Program Files\SUPERAntiSpyware
2010-03-06 07:44:10 ----D---- C:\Qoobox
2010-03-06 07:38:05 ----D---- C:\WINDOWS
2010-03-06 07:38:05 ----A---- C:\WINDOWS\system.ini
2010-03-06 07:37:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-06 07:35:20 ----D---- C:\WINDOWS\system32\drivers
2010-03-06 07:35:20 ----D---- C:\WINDOWS\system32
2010-03-06 07:35:20 ----D---- C:\WINDOWS\AppPatch
2010-03-06 07:35:16 ----D---- C:\Program Files\Common Files
2010-03-05 18:20:11 ----SHD---- C:\WINDOWS\Installer
2010-03-05 17:51:13 ----D---- C:\Samsung Media Studio 5
2010-03-05 11:23:47 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\gtk-2.0
2010-03-05 09:12:15 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\AIMP
2010-03-05 08:25:38 ----D---- C:\Documents and Settings\I'am the BOSS\Data aplikací\uTorrent
2010-03-02 18:49:32 ----D---- C:\QIP
2010-03-02 18:49:32 ----D---- C:\Program Files
2010-03-02 13:00:31 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-01 17:36:09 ----A---- C:\WINDOWS\win.ini
2010-02-28 13:28:11 ----D---- C:\WINDOWS\system32\config
2010-02-28 13:28:02 ----D---- C:\WINDOWS\ERDNT
2010-02-27 20:12:16 ----RSD---- C:\WINDOWS\assembly
2010-02-27 00:11:15 ----HD---- C:\WINDOWS\inf
2010-02-26 23:33:21 ----SD---- C:\WINDOWS\Tasks
2010-02-26 22:50:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-26 22:38:23 ----RASH---- C:\boot.ini
2010-02-21 15:11:11 ----D---- C:\Program Files\uTorrent
2010-02-19 19:06:25 ----D---- C:\WINDOWS\Prefetch
2010-02-17 15:24:11 ----A---- C:\WINDOWS\FISHUI.INI
2010-02-13 08:20:08 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-11 18:34:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-02-10 19:35:05 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 19:35:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-07 10:22:55 ----D---- C:\CoD Modern Warfare 2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 11776]
R1 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 9548]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\I'AMTH~1\LOCALS~1\Temp\ALSysIO.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-04 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 atyi1l1g;atyi1l1g; C:\WINDOWS\system32\drivers\atyi1l1g.sys []
S3 azao2r7z;azao2r7z; C:\WINDOWS\system32\drivers\azao2r7z.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\I'AMTH~1\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-08 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878


K čemu používáte jednotku F:

[dwarf253]

log mbr:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK





log gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-06 14:22:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\I'AMTH~1\LOCALS~1\Temp\axtdapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


pak jsem dával ten druhý sken,pc se restartoval a log nikde

a F: používám k hraní manažera tedy pc hry