asi rootkit - vypíná firewall a antivir

[zbynadovirycz]

Dobrý den,

prosím o radu

AVG napsalo Rootkit Agent.eg a nelze odstranit
mrška vypíná firewall a antivir

dík Zbyna

přikládám log.txt z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by ADMIN at 2010-04-16 22:46:42
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 36 GB (16%) free of 233 GB
Total RAM: 1022 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:05, on 16.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ADMIN\Dokumenty\Stažené soubory\RSIT(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Dokumenty\ADMIN.exe
c:\lsass.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [7620] C:\DOCUME~1\ADMIN\LOCALS~1\Temp\vqvb.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wwwmen32.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6887A6-1EF0-4668-9EAD-FF427347F0FC}: NameServer = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7482 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-07-02 1062184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO.dll [2007-01-11 386624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}]
Alcohol Toolbar Helper - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - Alcohol Toolbar - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll []
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"21780"=C:\DOCUME~1\ADMIN\LOCALS~1\Temp\vqvb.exe [2010-04-16 23040]

C:\Documents and Settings\ADMIN\Nabídka Start\Programy\Po spuštění
wwwmen32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-10 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-21 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Rockstar Games\GTA2\gta2.exe"="C:\Program Files\Rockstar Games\GTA2\gta2.exe:*:Enabled:GTA2 main executable"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe"="C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\Program Files\Starcraft Shareware(ED)\Starcraft.exe"="C:\Program Files\Starcraft Shareware(ED)\Starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe"="C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe:*:Enabled:Client"
"C:\Documents and Settings\ADMIN\Plocha\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\ADMIN\Plocha\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX"
"C:\Program Files\OpenTTD\openttd.exe"="C:\Program Files\OpenTTD\openttd.exe:*:Enabled:OpenTTD"
"C:\Documents and Settings\ADMIN\Plocha\bulanci.exe"="C:\Documents and Settings\ADMIN\Plocha\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Cossacks - Napoleonic Wars\Data\engine.exe"="C:\Program Files\Cossacks - Napoleonic Wars\Data\engine.exe:*:Enabled:Cossacks 2: Napoleonic Wars"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe"="C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE:*:Enabled:Age of Empires II"
"C:\Program Files\Doom 3\Doom3.exe"="C:\Program Files\Doom 3\Doom3.exe:*:Enabled:DOOM 3"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\source sdk base\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\DsNET Corp\aTube Catcher 1.0\smh.exe"="C:\Program Files\DsNET Corp\aTube Catcher 1.0\smh.exe:*:Enabled:Smart Media Hunter 0.7"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\War2Combat\Warcraft II BNE.exe"="C:\Program Files\War2Combat\Warcraft II BNE.exe:*:Enabled:Warcraft II Battle.net Edition"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Documents and Settings\ADMIN\Plocha\Šuplík\Halo 2\halo2.exe"="C:\Documents and Settings\ADMIN\Plocha\Šuplík\Halo 2\halo2.exe:*:Enabled:Halo 2 for Windows Vista"
"C:\Documents and Settings\ADMIN\Plocha\The Lord of the Rings - Conquest™\Conquest.exe"="C:\Documents and Settings\ADMIN\Plocha\The Lord of the Rings - Conquest™\Conquest.exe:*:Enabled:Game"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\zombie panic! source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\zombie panic! source\hl2.exe:*:Disabled:hl2"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\All Users\Dokumenty\aoe2\empires2.exe"="C:\Documents and Settings\All Users\Dokumenty\aoe2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\All Users\Dokumenty\aoe2\age2_x1.exe"="C:\Documents and Settings\All Users\Dokumenty\aoe2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\ADMIN\Plocha\aoe 2\age2_x1.exe"="C:\Documents and Settings\ADMIN\Plocha\aoe 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Prameny Aktualizovat"
"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology"
"C:\Program Files\GMOD10\hl2.exe"="C:\Program Files\GMOD10\hl2.exe:*:Enabled:hl2"
"C:\Program Files\GOG.com\Freespace\FS.exe"="C:\Program Files\GOG.com\Freespace\FS.exe:*:Enabled:FreeSpace"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Activision\Rome - Total War\RomeTW.exe"="C:\Program Files\Activision\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\rc\RAL.EXE"="C:\rc\RAL.EXE:*:Enabled:RAL"
"C:\Program Files\Reality Pump\The Moon Project\TheMoonProject.exe"="C:\Program Files\Reality Pump\The Moon Project\TheMoonProject.exe:*:Enabled:The Moon Project"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Documents and Settings\ADMIN\Local Settings\temp\vqvb.exe"="C:\Documents and Settings\ADMIN\Local Settings\temp\vqvb.exe:*:Disabled:vqvb"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fee9928-cbaa-11dd-b5c7-001676b2cfa9}]
shell\AutoRun\command - M:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-04-16 22:42:56 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-04-16 22:42:43 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-04-16 22:42:43 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-04-16 22:42:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-04-16 22:42:36 ----D---- C:\WINDOWS\LastGood
2010-04-16 22:02:30 ----D---- C:\rsit
2010-04-16 20:40:53 ----A---- C:\Documents and Settings\ADMIN\Data aplikací\file_4.exe
2010-04-16 20:40:45 ----A---- C:\WINDOWS\system32\regedit.exe
2010-04-16 20:40:43 ----A---- C:\lsass.exe
2010-04-10 18:34:58 ----D---- C:\Program Files\Reality Pump
2010-04-10 18:26:24 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-10 18:24:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-04-10 18:24:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2010-04-10 18:24:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-04-10 18:23:12 ----D---- C:\WINDOWS\system32\Adobe
2010-04-07 19:28:46 ----A---- C:\WINDOWS\RomeTW.ini
2010-03-31 16:48:06 ----D---- C:\Program Files\LogMeIn Hamachi
2010-03-29 18:08:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2010-03-29 18:07:53 ----D---- C:\Program Files\NVIDIA Corporation
2010-03-29 18:06:38 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-03-29 18:06:37 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-03-29 18:06:37 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-03-29 18:06:34 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-03-29 18:06:10 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-03-29 18:06:10 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-03-29 18:06:09 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-03-29 18:06:09 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-03-29 18:06:07 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-03-29 18:06:07 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-03-29 18:06:06 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-03-29 18:06:05 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-03-29 18:06:04 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-03-29 18:06:03 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-03-29 18:06:03 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-03-29 18:06:02 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-03-29 18:06:02 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-03-29 18:06:01 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-03-29 18:06:00 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-03-29 18:06:00 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-03-29 18:05:59 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-03-29 18:05:58 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-03-29 18:05:57 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-03-29 18:05:57 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-03-29 18:05:56 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-03-29 18:05:54 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-03-29 18:05:54 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-03-29 18:05:53 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-03-29 18:05:53 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-03-29 18:05:51 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-03-29 18:05:50 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-03-29 18:05:50 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-03-29 18:05:48 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-03-29 18:05:48 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-03-29 18:05:46 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-03-29 18:05:45 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-03-29 18:05:45 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-03-29 18:05:44 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-03-29 18:05:43 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-03-29 18:05:42 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-03-29 18:05:42 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-03-29 18:05:40 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-03-29 18:05:39 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-03-29 18:05:38 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-03-29 18:05:37 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-03-29 18:05:36 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-03-29 18:05:36 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-03-29 18:05:34 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-03-29 18:04:15 ----HD---- C:\WINDOWS\msdownld.tmp
2010-03-29 18:04:06 ----D---- C:\WINDOWS\Logs
2010-03-28 11:38:32 ----D---- C:\WINDOWS\nvidia icons
2010-03-28 11:38:21 ----D---- C:\WINDOWS\NV39123916.TMP
2010-03-28 11:37:50 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-03-28 11:37:40 ----D---- C:\NVIDIA
2010-03-28 11:03:31 ----D---- C:\Program Files\Mass Effect
2010-03-20 21:06:05 ----D---- C:\Program Files\Activision

======List of files/folders modified in the last 1 months======

2010-04-16 22:46:59 ----HD---- C:\WINDOWS\inf
2010-04-16 22:46:59 ----D---- C:\WINDOWS\Prefetch
2010-04-16 22:46:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-16 22:46:57 ----D---- C:\WINDOWS
2010-04-16 22:46:54 ----D---- C:\WINDOWS\temp
2010-04-16 22:43:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-16 22:43:12 ----D---- C:\WINDOWS\system32\drivers
2010-04-16 22:42:58 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-16 22:42:56 ----D---- C:\WINDOWS\system32
2010-04-16 22:42:56 ----D---- C:\WINDOWS\Help
2010-04-16 22:42:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-16 20:42:32 ----D---- C:\Program Files\Internet Explorer
2010-04-16 20:29:30 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\Skype
2010-04-16 14:55:14 ----D---- C:\WINDOWS\system32\Lang
2010-04-16 07:09:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-13 22:37:54 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-11 10:41:26 ----RD---- C:\Program Files
2010-04-10 23:11:35 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\Hamachi
2010-04-10 18:26:24 ----D---- C:\Program Files\Common Files
2010-04-10 18:24:56 ----SD---- C:\WINDOWS\Tasks
2010-04-10 15:24:25 ----D---- C:\Program Files\OpenTTD
2010-04-10 11:49:22 ----D---- C:\Program Files\Garena
2010-04-07 21:36:59 ----D---- C:\Program Files\Warcraft III
2010-04-07 19:28:44 ----SHD---- C:\WINDOWS\Installer
2010-04-07 19:16:30 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 06:58:07 ----D---- C:\Program Files\Mozilla Firefox
2010-03-29 18:08:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-03-29 18:06:12 ----D---- C:\WINDOWS\system32\DirectX
2010-03-29 18:06:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-03-28 18:27:30 ----HD---- C:\$AVG8.VAULT$
2010-03-28 11:42:23 ----D---- C:\WINDOWS\nview
2010-03-28 11:15:26 ----D---- C:\Program Files\Common Files\BioWare
2010-03-28 09:03:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-10 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-10 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-10 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-12-06 17480]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-13 4137984]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-03-16 10232352]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 agkye472;agkye472; C:\WINDOWS\system32\drivers\agkye472.sys []
S3 az71ddtt;az71ddtt; C:\WINDOWS\system32\drivers\az71ddtt.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ADMIN\LOCALS~1\Temp\UAA1A.tmp []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-08 85969]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-12-10 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-12-11 297752]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]

-----------------EOF-----------------

[Caroprd111]

Zdravím


Přečtěte si SZ.


Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Doporučuji odinstalovat:
C:\Program Files\BitComet\BitComet.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[zbynadovirycz]

Dík, bohužel se mi ale nepodařilo deaktivovat AVG, ani shozením procesů.

chybí všechny stavové ikonky programů v liště vpravo dole.

vysledek:
ComboFix 10-04-15.05 - ADMIN 16.04.2010 23:35:35.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1022.544 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Dokumenty\Stažené soubory\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ADMIN\Data aplikací\file_4.exe
C:\lsass.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\regedit.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-16 do 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-16 20:43 . 2010-04-16 20:43 859648 ----a-w- c:\windows\system32\drivers\lqmqpaac.sys
2010-04-16 20:42 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-04-16 20:42 . 2009-08-06 17:24 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2010-04-16 20:42 . 2009-08-06 17:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-04-16 20:42 . 2005-05-26 03:16 173536 ----a-w- c:\windows\system32\wuweb.dll
2010-04-16 20:42 . 2005-05-26 03:16 127768 ----a-w- c:\windows\system32\wucltui.dll
2010-04-16 20:42 . 2005-05-26 03:16 1343768 ----a-w- c:\windows\system32\wuaueng.dll
2010-04-16 20:42 . 2005-05-26 03:16 465176 ----a-w- c:\windows\system32\wuapi.dll
2010-04-16 20:42 . 2005-05-26 03:16 124184 ----a-w- c:\windows\system32\wuauclt.exe
2010-04-16 20:42 . 2005-05-26 03:16 75544 ----a-w- c:\windows\system32\cdm.dll
2010-04-16 20:02 . 2010-04-16 20:03 -------- d-----w- C:\rsit
2010-04-10 16:34 . 2010-04-10 16:34 -------- d-----w- c:\program files\Reality Pump
2010-04-10 16:26 . 2010-04-10 16:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-10 16:23 . 2010-04-10 16:23 -------- d-----w- c:\windows\system32\Adobe
2010-03-31 14:48 . 2010-03-31 14:48 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 16:07 . 2010-03-29 16:07 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-29 16:05 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-03-29 16:04 . 2010-03-29 16:04 -------- d-----w- c:\windows\Logs
2010-03-29 15:11 . 2010-02-03 13:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-28 09:38 . 2010-03-28 09:38 -------- d-----w- c:\windows\nvidia icons
2010-03-28 09:38 . 2010-03-28 09:42 -------- d-----w- c:\windows\NV39123916.TMP
2010-03-28 09:37 . 2010-03-12 09:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-28 09:37 . 2010-03-29 16:06 -------- d-----w- C:\NVIDIA
2010-03-28 09:03 . 2010-03-28 09:22 -------- d-----w- c:\program files\Mass Effect
2010-03-20 19:06 . 2010-03-20 19:06 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 21:20 . 2008-07-02 14:32 -------- d-----w- c:\program files\BitComet
2010-04-10 13:24 . 2008-03-28 18:06 -------- d-----w- c:\program files\OpenTTD
2010-04-10 09:49 . 2009-09-09 12:12 -------- d-----w- c:\program files\Garena
2010-04-07 19:36 . 2007-02-27 17:35 -------- d-----w- c:\program files\Warcraft III
2010-04-07 17:16 . 2006-12-20 03:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 09:15 . 2009-11-08 10:25 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-28 07:03 . 2006-03-02 12:00 74592 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:03 . 2006-03-02 12:00 403140 ----a-w- c:\windows\system32\perfh005.dat
2010-03-17 20:27 . 2008-04-05 19:18 143086 ----a-w- c:\windows\War3Unin.dat
2010-03-06 01:37 . 2010-03-06 01:13 -------- d-----w- c:\program files\ICQ6.5
2010-03-06 01:34 . 2008-06-30 12:18 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-06 01:14 . 2008-06-30 12:17 -------- d-----w- c:\program files\ICQ6
2010-02-21 12:52 . 2007-03-21 17:45 -------- d-----w- c:\program files\World of Warcraft
2010-02-04 08:01 . 2010-03-29 16:06 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-03-29 16:06 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-03-29 16:06 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-03-29 16:06 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\ADMIN\Nabˇdka Start\Programy\Po spuçtŘnˇ\
wwwmen32.exe [2006-3-2 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-10 08:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\condition zero\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\counter-strike\\hl.exe"=
"c:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\War2Combat\\Warcraft II BNE.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Šuplík\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\GMOD10\\hl2.exe"=
"c:\\Program Files\\GOG.com\\Freespace\\FS.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\rc\\RAL.EXE"=
"c:\\Program Files\\Reality Pump\\The Moon Project\\TheMoonProject.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20807:TCP"= 20807:TCP:BitComet 20807 TCP
"20807:UDP"= 20807:UDP:BitComet 20807 UDP

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.12.2009 14:12 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.12.2009 14:12 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.12.2009 14:12 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10.12.2009 10:27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11.12.2009 17:19 297752]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [30.6.2008 14:18 222968]
S0 opeml;opeml; [x]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.2.2007 17:34 639224]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [8.11.2009 12:44 25832]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMIN\LOCALS~1\Temp\UAA1A.tmp --> c:\docume~1\ADMIN\LOCALS~1\Temp\UAA1A.tmp [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {CC6887A6-1EF0-4668-9EAD-FF427347F0FC} = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 23:44
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86DD8AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7648fc3
\Driver\ACPI -> ACPI.sys @ 0xf74dbcb8
\Driver\atapi -> atapi.sys @ 0xf74937b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMIN\LOCALS~1\Temp\UAA1A.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:1c,b1,8f,db,ad,aa,df,2e,93,5a,3e,79,a3,9a,d7,f5,a5,2d,10,60,3c,
ee,14,ca,a3,d2,c3,46,cd,a8,44,5e,4e,bc,06,2b,1f,ff,1f,4e,ff,28,d4,7a,3d,ed,\
"rkeysecu"=hex:71,fd,f4,2e,51,e1,fc,3d,f0,e1,a2,91,5e,9c,9e,55
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-04-16 23:47:37
ComboFix-quarantined-files.txt 2010-04-16 21:47
ComboFix2.txt 2009-02-08 19:50

Před spuštěním: Volných bajtů: 39 302 344 704
Po spuštění: Volných bajtů: 39 976 579 072

- - End Of File - - AC26AEF3E267AF35C4C5EE6CA8A1EADA

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Folder::
c:\program files\Garena
c:\windows\NV39123916.TMP

File::
c:\docume~1\ADMIN\LOCALS~1\Temp\UAA1A.tmp --> c:\docume~1\ADMIN\LOCALS~1\Temp\UAA1A.tmp
c:\documents and settings\ADMIN\Nabídka Start\Programy\Po spuštění\wwwmen32.exe
c:\windows\system32\drivers\lqmqpaac.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Garena\\Garena.exe"=-

Driver::
opeml
GarenaPEngine

RegLock::
[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[zbynadovirycz]

Provedeno - log je zde:

ComboFix 10-04-15.05 - ADMIN 17.04.2010 11:02:34.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1022.643 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\docume~1\ADMIN\LOCALS~1\Temp\UAA1A.tmp --> c:\docume~1\ADMIN\LOCALS~1\Temp\UAA1A.tmp"
"c:\documents and settings\ADMIN\Nabídka Start\Programy\Po spuštění\wwwmen32.exe"
"c:\windows\system32\drivers\lqmqpaac.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ADMIN\Nabídka Start\Programy\Po spuštění\wwwmen32.exe
c:\program files\Garena
c:\program files\Garena\AESocket.dll
c:\program files\Garena\atl71.dll
c:\program files\Garena\Avatar\boy.swf
c:\program files\Garena\Avatar\boy_s.swf
c:\program files\Garena\Avatar\girl.swf
c:\program files\Garena\Avatar\girl_s.swf
c:\program files\Garena\Avatar\unknown.swf
c:\program files\Garena\Avatar\unknown_s.swf
c:\program files\Garena\Cache\1377838_s.swf
c:\program files\Garena\Cache\2927840_s.swf
c:\program files\Garena\Cache\3636952_s.swf
c:\program files\Garena\Cache\4304482_s.swf
c:\program files\Garena\Cache\5157189_s.swf
c:\program files\Garena\Cache\9855767_s.swf
c:\program files\Garena\clients2.dat
c:\program files\Garena\CommonLib.dll
c:\program files\Garena\config\bs.br.xml
c:\program files\Garena\config\bs.cn.xml
c:\program files\Garena\config\bs.en.xml
c:\program files\Garena\config\bs.id.xml
c:\program files\Garena\config\bs.pp.xml
c:\program files\Garena\config\bs.ru.xml
c:\program files\Garena\config\bs.sd.xml
c:\program files\Garena\config\bs.sp.xml
c:\program files\Garena\config\bs.th.xml
c:\program files\Garena\config\bs.tw.xml
c:\program files\Garena\config\bs.vn.xml
c:\program files\Garena\config\loccn.xml
c:\program files\Garena\config\locen.xml
c:\program files\Garena\config\lockr.xml
c:\program files\Garena\config\loctw.xml
c:\program files\Garena\config\locvn.xml
c:\program files\Garena\CS15Hook.dll
c:\program files\Garena\deps\olgame.gga
c:\program files\Garena\deps\vww.gzp
c:\program files\Garena\deps\webgame.gga
c:\program files\Garena\dlls\CTSys.dll
c:\program files\Garena\dlls\flags.dll
c:\program files\Garena\dlls\FPSHelper.dll
c:\program files\Garena\dlls\GFireMan.dll
c:\program files\Garena\dlls\IPvR.dll
c:\program files\Garena\dlls\PEngine.dll
c:\program files\Garena\dlls\PluginLanguage.dll
c:\program files\Garena\dlls\Sca.dll
c:\program files\Garena\dlls\WC3J.dll
c:\program files\Garena\files\files.ggz
c:\program files\Garena\FPSHook.dll
c:\program files\Garena\Gamecn.dat
c:\program files\Garena\GameConfig.xml
c:\program files\Garena\Gameen.dat
c:\program files\Garena\Gametw.dat
c:\program files\Garena\Gamevn.dat
c:\program files\Garena\Garena.dmp
c:\program files\Garena\Garena.exe
c:\program files\Garena\GarenaSkin.dll
c:\program files\Garena\GarenaSkin1.dll
c:\program files\Garena\GarenaSkin2.dll
c:\program files\Garena\GarenaTV.xml
c:\program files\Garena\GarenaTV\0.bmp
c:\program files\Garena\GarenaTV\1.bmp
c:\program files\Garena\GarenaTV\2.bmp
c:\program files\Garena\GarenaTV\3.bmp
c:\program files\Garena\GarenaTV\4.bmp
c:\program files\Garena\GarenaTV\5.bmp
c:\program files\Garena\GarenaTV\6.bmp
c:\program files\Garena\GarenaTV\cn.ggz
c:\program files\Garena\GarenaTV\cn_s.ggz
c:\program files\Garena\GarenaTV\en.ggz
c:\program files\Garena\GarenaTV\en_s.ggz
c:\program files\Garena\GarenaTV\id_s.ggz
c:\program files\Garena\GarenaTV\Thumbs.db
c:\program files\Garena\GarenaTV\tw.ggz
c:\program files\Garena\GarenaTV\tw_s.ggz
c:\program files\Garena\GarenaTV_UI.dll
c:\program files\Garena\GarenaTVHook.dll
c:\program files\Garena\GGICON.ico
c:\program files\Garena\Gn.ggz
c:\program files\Garena\gs.dat
c:\program files\Garena\hc.xml
c:\program files\Garena\Inject.dll
c:\program files\Garena\L4DSocket.dll
c:\program files\Garena\langs.xml
c:\program files\Garena\Languages\FPSGame.dll.cn
c:\program files\Garena\Languages\FPSGame.dll.en
c:\program files\Garena\Languages\FPSGame.dll.tw
c:\program files\Garena\Languages\Garena.exe.br
c:\program files\Garena\Languages\Garena.exe.cn
c:\program files\Garena\Languages\Garena.exe.en
c:\program files\Garena\Languages\Garena.exe.id
c:\program files\Garena\Languages\Garena.exe.ru
c:\program files\Garena\Languages\Garena.exe.sp
c:\program files\Garena\Languages\Garena.exe.th
c:\program files\Garena\Languages\Garena.exe.tw
c:\program files\Garena\Languages\Garena.exe.vn
c:\program files\Garena\Languages\GarenaTV_UI.dll.cn
c:\program files\Garena\Languages\GarenaTV_UI.dll.en
c:\program files\Garena\Languages\GarenaTV_UI.dll.id
c:\program files\Garena\Languages\GarenaTV_UI.dll.tw
c:\program files\Garena\Languages\languages.glf
c:\program files\Garena\Languages\OLGame.dll.en
c:\program files\Garena\Languages\OLGame.dll.vn
c:\program files\Garena\Languages\update.exe.cn
c:\program files\Garena\Languages\update.exe.tw
c:\program files\Garena\Languages\update2.exe.cn
c:\program files\Garena\Languages\update2.exe.tw
c:\program files\Garena\Languages\WC3Ass.dll.br
c:\program files\Garena\Languages\WC3Ass.dll.cn
c:\program files\Garena\Languages\WC3Ass.dll.en
c:\program files\Garena\Languages\WC3Ass.dll.kr
c:\program files\Garena\Languages\WC3Ass.dll.kz
c:\program files\Garena\Languages\WC3Ass.dll.ru
c:\program files\Garena\Languages\WC3Ass.dll.sp
c:\program files\Garena\Languages\WC3Ass.dll.tw
c:\program files\Garena\Languages\WC3Ass.dll.vn
c:\program files\Garena\Languages\WC3Ladder.dll.cn
c:\program files\Garena\Languages\WC3Ladder.dll.en
c:\program files\Garena\Languages\WC3Ladder.dll.tw
c:\program files\Garena\layout\BlackShotView.layout
c:\program files\Garena\layout\layout.ggz
c:\program files\Garena\lib\BlackShot.dll
c:\program files\Garena\lib\common\Language.dll
c:\program files\Garena\lib\GarenaRoomSystem.dll
c:\program files\Garena\lib\GarenaWebService.dll
c:\program files\Garena\lib\HttpLayer.dll
c:\program files\Garena\lib\Layout.dll
c:\program files\Garena\lib\LibPlugin.ggz
c:\program files\Garena\lib\LoadSwf.dll
c:\program files\Garena\lib\MessagePumpLib.dll
c:\program files\Garena\lib\NetworkLayer.dll
c:\program files\Garena\lib\PKCS.dll
c:\program files\Garena\lib\RSA.dll
c:\program files\Garena\lib\WebCache.dll
c:\program files\Garena\mdata.ggz
c:\program files\Garena\newgame.ggz
c:\program files\Garena\onlinegame.ggz
c:\program files\Garena\PluginKernel.dll
c:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\Garena\plugins\Game\WC3Ass.dll
c:\program files\Garena\plugins\Game\WC3Ladder.dll
c:\program files\Garena\plugins\Game\WC3VC.dll
c:\program files\Garena\plugins\Plugins.ggz
c:\program files\Garena\plugins\UI\AdPlugin.dll
c:\program files\Garena\plugins\UI\AdPlugin\close_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\close_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\down_rollover.bmp
c:\program files\Garena\plugins\UI\AdPlugin\skinmsn.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollout.bmp
c:\program files\Garena\plugins\UI\AdPlugin\up_rollover.bmp
c:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\Garena\plugins\UI\BlackShotPlugin.dll
c:\program files\Garena\plugins\UI\CafeLogin.dll
c:\program files\Garena\plugins\UI\FavListUIPlugin.dll
c:\program files\Garena\plugins\UI\FPSGame.dll
c:\program files\Garena\plugins\UI\GarenaTV.dll
c:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\Garena\plugins\UI\GEngine.dll
c:\program files\Garena\plugins\UI\Chenyx.dll
c:\program files\Garena\plugins\UI\ManagePlugin.dll
c:\program files\Garena\plugins\UI\OLGame.dll
c:\program files\Garena\plugins\UI\StatPlugin.dll
c:\program files\Garena\plugins\UI\ViwawaPlugin.dll
c:\program files\Garena\plugins\UI\WebGameUI.dll
c:\program files\Garena\plugins\UI\zDep.dll
c:\program files\Garena\plugins\UI\zzzPlugin.dll
c:\program files\Garena\RecConfig.xml
c:\program files\Garena\roomCN.dat
c:\program files\Garena\roomEN.dat
c:\program files\Garena\roomTW.dat
c:\program files\Garena\server.xml
c:\program files\Garena\shop\items\1.gif
c:\program files\Garena\shop\items\100.gif
c:\program files\Garena\shop\items\105.gif
c:\program files\Garena\shop\items\150.gif
c:\program files\Garena\shop\items\151.gif
c:\program files\Garena\shop\items\2.gif
c:\program files\Garena\shop\items\200.gif
c:\program files\Garena\shop\items\201.gif
c:\program files\Garena\shop\items\202.gif
c:\program files\Garena\shop\items\203.gif
c:\program files\Garena\shop\items\204.gif
c:\program files\Garena\shop\items\205.gif
c:\program files\Garena\shop\items\206.gif
c:\program files\Garena\shop\items\21.gif
c:\program files\Garena\shop\items\22.gif
c:\program files\Garena\shop\items\23.gif
c:\program files\Garena\shop\items\24.gif
c:\program files\Garena\shop\items\3.gif
c:\program files\Garena\shop\items\300.gif
c:\program files\Garena\shop\items\301.gif
c:\program files\Garena\shop\items\302.gif
c:\program files\Garena\shop\items\303.gif
c:\program files\Garena\shop\items\304.gif
c:\program files\Garena\shop\items\305.gif
c:\program files\Garena\shop\items\306.gif
c:\program files\Garena\shop\items\307.gif
c:\program files\Garena\shop\items\308.gif
c:\program files\Garena\shop\items\309.gif
c:\program files\Garena\shop\items\310.gif
c:\program files\Garena\shop\items\311.gif
c:\program files\Garena\shop\items\312.gif
c:\program files\Garena\shop\items\313.gif
c:\program files\Garena\shop\items\4.gif
c:\program files\Garena\shop\items\40.gif
c:\program files\Garena\shop\items\60.gif
c:\program files\Garena\shop\items\61.gif
c:\program files\Garena\shop\items\62.gif
c:\program files\Garena\shop\items\63.gif
c:\program files\Garena\shop\items\64.gif
c:\program files\Garena\shop\items\65.gif
c:\program files\Garena\shop\items\66.gif
c:\program files\Garena\shop\items\67.gif
c:\program files\Garena\shop\items\68.gif
c:\program files\Garena\shop\items\69.gif
c:\program files\Garena\shop\items\70.gif
c:\program files\Garena\shop\items\8.gif
c:\program files\Garena\shop\items\Thumbs.db
c:\program files\Garena\Skin\Flags\-.gif
c:\program files\Garena\Skin\Flags\ad.gif
c:\program files\Garena\Skin\Flags\ae.gif
c:\program files\Garena\Skin\Flags\af.gif
c:\program files\Garena\Skin\Flags\ag.gif
c:\program files\Garena\Skin\Flags\ai.gif
c:\program files\Garena\Skin\Flags\al.gif
c:\program files\Garena\Skin\Flags\am.gif
c:\program files\Garena\Skin\Flags\an.gif
c:\program files\Garena\Skin\Flags\ao.gif
c:\program files\Garena\Skin\Flags\aq.gif
c:\program files\Garena\Skin\Flags\ar.gif
c:\program files\Garena\Skin\Flags\as.gif
c:\program files\Garena\Skin\Flags\at.gif
c:\program files\Garena\Skin\Flags\au.gif
c:\program files\Garena\Skin\Flags\aw.gif
c:\program files\Garena\Skin\Flags\az.gif
c:\program files\Garena\Skin\Flags\ba.gif
c:\program files\Garena\Skin\Flags\bb.gif
c:\program files\Garena\Skin\Flags\bd.gif
c:\program files\Garena\Skin\Flags\be.gif
c:\program files\Garena\Skin\Flags\bf.gif
c:\program files\Garena\Skin\Flags\bg.gif
c:\program files\Garena\Skin\Flags\bh.gif
c:\program files\Garena\Skin\Flags\bi.gif
c:\program files\Garena\Skin\Flags\bj.gif
c:\program files\Garena\Skin\Flags\bm.gif
c:\program files\Garena\Skin\Flags\bn.gif
c:\program files\Garena\Skin\Flags\bo.gif
c:\program files\Garena\Skin\Flags\br.gif
c:\program files\Garena\Skin\Flags\bs.gif
c:\program files\Garena\Skin\Flags\bt.gif
c:\program files\Garena\Skin\Flags\bv.gif
c:\program files\Garena\Skin\Flags\bw.gif
c:\program files\Garena\Skin\Flags\by.gif
c:\program files\Garena\Skin\Flags\bz.gif
c:\program files\Garena\Skin\Flags\ca.gif
c:\program files\Garena\Skin\Flags\cd.gif
c:\program files\Garena\Skin\Flags\cf.gif
c:\program files\Garena\Skin\Flags\cg.gif
c:\program files\Garena\Skin\Flags\ci.gif
c:\program files\Garena\Skin\Flags\ck.gif
c:\program files\Garena\Skin\Flags\cl.gif
c:\program files\Garena\Skin\Flags\cm.gif
c:\program files\Garena\Skin\Flags\cn.gif
c:\program files\Garena\Skin\Flags\co.gif
c:\program files\Garena\Skin\Flags\cr.gif
c:\program files\Garena\Skin\Flags\cu.gif
c:\program files\Garena\Skin\Flags\cv.gif
c:\program files\Garena\Skin\Flags\cy.gif
c:\program files\Garena\Skin\Flags\cz.gif
c:\program files\Garena\Skin\Flags\de.gif
c:\program files\Garena\Skin\Flags\dj.gif
c:\program files\Garena\Skin\Flags\dk.gif
c:\program files\Garena\Skin\Flags\dm.gif
c:\program files\Garena\Skin\Flags\do.gif
c:\program files\Garena\Skin\Flags\dz.gif
c:\program files\Garena\Skin\Flags\ec.gif
c:\program files\Garena\Skin\Flags\ee.gif
c:\program files\Garena\Skin\Flags\eg.gif
c:\program files\Garena\Skin\Flags\er.gif
c:\program files\Garena\Skin\Flags\es.gif
c:\program files\Garena\Skin\Flags\et.gif
c:\program files\Garena\Skin\Flags\eu.gif
c:\program files\Garena\Skin\Flags\fi.gif
c:\program files\Garena\Skin\Flags\fj.gif
c:\program files\Garena\Skin\Flags\fk.gif
c:\program files\Garena\Skin\Flags\fm.gif
c:\program files\Garena\Skin\Flags\fo.gif
c:\program files\Garena\Skin\Flags\fr.gif
c:\program files\Garena\Skin\Flags\fx.gif
c:\program files\Garena\Skin\Flags\ga.gif
c:\program files\Garena\Skin\Flags\gb.gif
c:\program files\Garena\Skin\Flags\gd.gif
c:\program files\Garena\Skin\Flags\ge.gif
c:\program files\Garena\Skin\Flags\gh.gif
c:\program files\Garena\Skin\Flags\gi.gif
c:\program files\Garena\Skin\Flags\gl.gif
c:\program files\Garena\Skin\Flags\gm.gif
c:\program files\Garena\Skin\Flags\gn.gif
c:\program files\Garena\Skin\Flags\gp.gif
c:\program files\Garena\Skin\Flags\gq.gif
c:\program files\Garena\Skin\Flags\gr.gif
c:\program files\Garena\Skin\Flags\gt.gif
c:\program files\Garena\Skin\Flags\gu.gif
c:\program files\Garena\Skin\Flags\gw.gif
c:\program files\Garena\Skin\Flags\gy.gif
c:\program files\Garena\Skin\Flags\hk.gif
c:\program files\Garena\Skin\Flags\hm.gif
c:\program files\Garena\Skin\Flags\hn.gif
c:\program files\Garena\Skin\Flags\hr.gif
c:\program files\Garena\Skin\Flags\ht.gif
c:\program files\Garena\Skin\Flags\hu.gif
c:\program files\Garena\Skin\Flags\ch.gif
c:\program files\Garena\Skin\Flags\id.gif
c:\program files\Garena\Skin\Flags\ie.gif
c:\program files\Garena\Skin\Flags\il.gif
c:\program files\Garena\Skin\Flags\im.gif
c:\program files\Garena\Skin\Flags\in.gif
c:\program files\Garena\Skin\Flags\io.gif
c:\program files\Garena\Skin\Flags\iq.gif
c:\program files\Garena\Skin\Flags\ir.gif
c:\program files\Garena\Skin\Flags\is.gif
c:\program files\Garena\Skin\Flags\it.gif
c:\program files\Garena\Skin\Flags\je.gif
c:\program files\Garena\Skin\Flags\jm.gif
c:\program files\Garena\Skin\Flags\jo.gif
c:\program files\Garena\Skin\Flags\jp.gif
c:\program files\Garena\Skin\Flags\ke.gif
c:\program files\Garena\Skin\Flags\kg.gif
c:\program files\Garena\Skin\Flags\kh.gif
c:\program files\Garena\Skin\Flags\ki.gif
c:\program files\Garena\Skin\Flags\km.gif
c:\program files\Garena\Skin\Flags\kn.gif
c:\program files\Garena\Skin\Flags\kp.gif
c:\program files\Garena\Skin\Flags\kr.gif
c:\program files\Garena\Skin\Flags\kw.gif
c:\program files\Garena\Skin\Flags\ky.gif
c:\program files\Garena\Skin\Flags\kz.gif
c:\program files\Garena\Skin\Flags\la.gif
c:\program files\Garena\Skin\Flags\lb.gif
c:\program files\Garena\Skin\Flags\lc.gif
c:\program files\Garena\Skin\Flags\li.gif
c:\program files\Garena\Skin\Flags\lk.gif
c:\program files\Garena\Skin\Flags\lr.gif
c:\program files\Garena\Skin\Flags\ls.gif
c:\program files\Garena\Skin\Flags\lt.gif
c:\program files\Garena\Skin\Flags\lu.gif
c:\program files\Garena\Skin\Flags\lv.gif
c:\program files\Garena\Skin\Flags\ly.gif
c:\program files\Garena\Skin\Flags\ma.gif
c:\program files\Garena\Skin\Flags\mc.gif
c:\program files\Garena\Skin\Flags\md.gif
c:\program files\Garena\Skin\Flags\me.gif
c:\program files\Garena\Skin\Flags\mg.gif
c:\program files\Garena\Skin\Flags\mh.gif
c:\program files\Garena\Skin\Flags\mk.gif
c:\program files\Garena\Skin\Flags\ml.gif
c:\program files\Garena\Skin\Flags\mm.gif
c:\program files\Garena\Skin\Flags\mn.gif
c:\program files\Garena\Skin\Flags\mo.gif
c:\program files\Garena\Skin\Flags\mp.gif
c:\program files\Garena\Skin\Flags\mq.gif
c:\program files\Garena\Skin\Flags\mr.gif
c:\program files\Garena\Skin\Flags\ms.gif
c:\program files\Garena\Skin\Flags\mt.gif
c:\program files\Garena\Skin\Flags\mu.gif
c:\program files\Garena\Skin\Flags\mv.gif
c:\program files\Garena\Skin\Flags\mw.gif
c:\program files\Garena\Skin\Flags\mx.gif
c:\program files\Garena\Skin\Flags\my.gif
c:\program files\Garena\Skin\Flags\mz.gif
c:\program files\Garena\Skin\Flags\na.gif
c:\program files\Garena\Skin\Flags\nc.gif
c:\program files\Garena\Skin\Flags\ne.gif
c:\program files\Garena\Skin\Flags\nf.gif
c:\program files\Garena\Skin\Flags\ng.gif
c:\program files\Garena\Skin\Flags\ni.gif
c:\program files\Garena\Skin\Flags\nl.gif
c:\program files\Garena\Skin\Flags\no.gif
c:\program files\Garena\Skin\Flags\np.gif
c:\program files\Garena\Skin\Flags\nr.gif
c:\program files\Garena\Skin\Flags\nz.gif
c:\program files\Garena\Skin\Flags\om.gif
c:\program files\Garena\Skin\Flags\pa.gif
c:\program files\Garena\Skin\Flags\pe.gif
c:\program files\Garena\Skin\Flags\pf.gif
c:\program files\Garena\Skin\Flags\pg.gif
c:\program files\Garena\Skin\Flags\ph.gif
c:\program files\Garena\Skin\Flags\pk.gif
c:\program files\Garena\Skin\Flags\pl.gif
c:\program files\Garena\Skin\Flags\pm.gif
c:\program files\Garena\Skin\Flags\pr.gif
c:\program files\Garena\Skin\Flags\ps.gif
c:\program files\Garena\Skin\Flags\pt.gif
c:\program files\Garena\Skin\Flags\pw.gif
c:\program files\Garena\Skin\Flags\py.gif
c:\program files\Garena\Skin\Flags\qa.gif
c:\program files\Garena\Skin\Flags\re.gif
c:\program files\Garena\Skin\Flags\ro.gif
c:\program files\Garena\Skin\Flags\rs.gif
c:\program files\Garena\Skin\Flags\ru.gif
c:\program files\Garena\Skin\Flags\rw.gif
c:\program files\Garena\Skin\Flags\sa.gif
c:\program files\Garena\Skin\Flags\sb.gif
c:\program files\Garena\Skin\Flags\sc.gif
c:\program files\Garena\Skin\Flags\sd.gif
c:\program files\Garena\Skin\Flags\se.gif
c:\program files\Garena\Skin\Flags\sg.gif
c:\program files\Garena\Skin\Flags\si.gif
c:\program files\Garena\Skin\Flags\sk.gif
c:\program files\Garena\Skin\Flags\sl.gif
c:\program files\Garena\Skin\Flags\sm.gif
c:\program files\Garena\Skin\Flags\sn.gif
c:\program files\Garena\Skin\Flags\so.gif
c:\program files\Garena\Skin\Flags\sr.gif
c:\program files\Garena\Skin\Flags\st.gif
c:\program files\Garena\Skin\Flags\sv.gif
c:\program files\Garena\Skin\Flags\sy.gif
c:\program files\Garena\Skin\Flags\sz.gif
c:\program files\Garena\Skin\Flags\tc.gif
c:\program files\Garena\Skin\Flags\td.gif
c:\program files\Garena\Skin\Flags\tf.gif
c:\program files\Garena\Skin\Flags\tg.gif
c:\program files\Garena\Skin\Flags\th.gif
c:\program files\Garena\Skin\Flags\Thumbs.db
c:\program files\Garena\Skin\Flags\tj.gif
c:\program files\Garena\Skin\Flags\tm.gif
c:\program files\Garena\Skin\Flags\tn.gif
c:\program files\Garena\Skin\Flags\to.gif
c:\program files\Garena\Skin\Flags\tp.gif
c:\program files\Garena\Skin\Flags\tr.gif
c:\program files\Garena\Skin\Flags\tt.gif
c:\program files\Garena\Skin\Flags\tv.gif
c:\program files\Garena\Skin\Flags\tw.gif
c:\program files\Garena\Skin\Flags\tz.gif
c:\program files\Garena\Skin\Flags\ua.gif
c:\program files\Garena\Skin\Flags\ug.gif
c:\program files\Garena\Skin\Flags\uk.gif
c:\program files\Garena\Skin\Flags\um.gif
c:\program files\Garena\Skin\Flags\us.gif
c:\program files\Garena\Skin\Flags\uy.gif
c:\program files\Garena\Skin\Flags\uz.gif
c:\program files\Garena\Skin\Flags\va.gif
c:\program files\Garena\Skin\Flags\vc.gif
c:\program files\Garena\Skin\Flags\ve.gif
c:\program files\Garena\Skin\Flags\vg.gif
c:\program files\Garena\Skin\Flags\vi.gif
c:\program files\Garena\Skin\Flags\vn.gif
c:\program files\Garena\Skin\Flags\vu.gif
c:\program files\Garena\Skin\Flags\ws.gif
c:\program files\Garena\Skin\Flags\ye.gif
c:\program files\Garena\Skin\Flags\yu.gif
c:\program files\Garena\Skin\Flags\za.gif
c:\program files\Garena\Skin\Flags\zm.gif
c:\program files\Garena\Skin\Flags\zr.gif
c:\program files\Garena\Skin\Flags\zw.gif
c:\program files\Garena\Skin\garenatv.ggz
c:\program files\Garena\Skin\red_thumbnail.bmp
c:\program files\Garena\Skin\red_thumbnail_select.bmp
c:\program files\Garena\Skin\Skin.ggz
c:\program files\Garena\Skin\SkinSwitcher\skinselect_Logo.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_main_bg.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_ok_btn.bmp
c:\program files\Garena\Skin\SkinSwitcher\skinselect_thumbnail_bg.bmp
c:\program files\Garena\skin_bs\garenatv.ggz
c:\program files\Garena\skin_bs\Skin.ggz
c:\program files\Garena\SkinBlack\black_thumbnail.bmp
c:\program files\Garena\SkinBlack\black_thumbnail_select.bmp
c:\program files\Garena\SkinBlack\garenatv.ggz
c:\program files\Garena\SkinBlack\Skin.ggz
c:\program files\Garena\Skins.xml
c:\program files\Garena\slotmachine.ggz
c:\program files\Garena\SocketHook.dll
c:\program files\Garena\sound\folder.wav
c:\program files\Garena\sound\game.wav
c:\program files\Garena\sound\msg.wav
c:\program files\Garena\sound\nudge.wav
c:\program files\Garena\sound\quit.wav
c:\program files\Garena\sound\ring.wav
c:\program files\Garena\sound\sysmsg.wav
c:\program files\Garena\source.xml
c:\program files\Garena\sqlite3.dll
c:\program files\Garena\uninst.exe
c:\program files\Garena\update.dat
c:\program files\Garena\Update.exe
c:\program files\Garena\update.xml
c:\program files\Garena\update2.exe
c:\program files\Garena\user.xml
c:\program files\Garena\user\20609692\ban.dat
c:\program files\Garena\user\20609692\data.dat
c:\program files\Garena\user\20609692\fps.dat
c:\program files\Garena\user\20609692\recent.txt
c:\program files\Garena\user\20610505\ban.dat
c:\program files\Garena\user\20610505\data.dat
c:\program files\Garena\user\20610505\fps.dat
c:\program files\Garena\user\20610505\recent.txt
c:\program files\Garena\viwawa.cn.xml
c:\program files\Garena\viwawa.en.xml
c:\program files\Garena\viwawa.tw.xml
c:\program files\Garena\War3Hook.dll
c:\program files\Garena\web\1.cn.html
c:\program files\Garena\web\1.en.html
c:\program files\Garena\web\1.tw.html
c:\program files\Garena\web\2.cn.html
c:\program files\Garena\web\2.en.html
c:\program files\Garena\web\2.tw.html
c:\program files\Garena\web\3.cn.html
c:\program files\Garena\web\3.en.html
c:\program files\Garena\web\3.tw.html
c:\program files\Garena\web\6.cn.html
c:\program files\Garena\web\6.en.html
c:\program files\Garena\web\6.tw.html
c:\program files\Garena\web\cache\Freesky\css\foemb_2.css
c:\program files\Garena\web\cache\Freesky\img\do_bg2.jpg
c:\program files\Garena\web\cache\Freesky\img\do_btn.jpg
c:\program files\Garena\web\cache\Freesky\img\ggbackground.jpg
c:\program files\Garena\web\cache\ROM\config\css\screen.css
c:\program files\Garena\web\cache\ROM\config\images\bgd_body.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_hevertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_dotted_vertical.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_footer.gif
c:\program files\Garena\web\cache\ROM\config\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\config\images\header.jpg
c:\program files\Garena\web\cache\ROM\config\images\ico_bullet.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_download.jpg
c:\program files\Garena\web\cache\ROM\config\images\visu_line.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_logo-garena.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_run.gif
c:\program files\Garena\web\cache\ROM\config\images\visu_setting.gif
c:\program files\Garena\web\cache\ROM\css\screen.css
c:\program files\Garena\web\cache\ROM\images\bgd_body.jpg
c:\program files\Garena\web\cache\ROM\images\bgd_html.gif
c:\program files\Garena\web\cache\ROM\images\bgd_news.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_forum_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_support_o.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_n.gif
c:\program files\Garena\web\cache\ROM\images\btn_webiste_o.gif
c:\program files\Garena\web\cache\ROM\images\ico-01.gif
c:\program files\Garena\web\cache\ROM\images\slogan_rom.jpg
c:\program files\Garena\web\cache\ROM\images\topupbanner.jpg
c:\program files\Garena\web\cache\ROM\images\visu_banner.gif
c:\program files\Garena\web\cache\ROM\images\visu_banner_01.gif
c:\program files\Garena\web\cache\ROM\images\visu_forum.gif
c:\program files\Garena\web\cache\ROM\images\visu_garena.gif
c:\program files\Garena\web\cache\RUpoker\css\pokerembed.css
c:\program files\Garena\web\cache\RUpoker\img\bg.jpg
c:\program files\Garena\web\cache\RUpoker\img\btn.jpg
c:\program files\Garena\web\cache\RUpoker\img\ggbackground.jpg
c:\program files\Garena\web\embed_game.jpg
c:\program files\Garena\web\embed_game_cn.jpg
c:\program files\Garena\web\embed_game_tw.jpg
c:\program files\Garena\web\embed_garenafire_ZH.jpg
c:\program files\Garena\web\embed_gfire.jpg
c:\program files\Garena\web\gfire.cn.html
c:\program files\Garena\web\gfire.en.html
c:\program files\Garena\web\gfire.tw.html
c:\program files\Garena\web\ggbackground.jpg
c:\program files\Garena\web\loading.gif
c:\program files\Garena\web\loading.html
c:\program files\Garena\web\Thumbs.db
c:\program files\Garena\YYFileSystem.dll
c:\windows\NV39123916.TMP
c:\windows\NV39123916.TMP\nv3d.chm
c:\windows\NV39123916.TMP\nvcpl.chm
c:\windows\NV39123916.TMP\nvdsp.chm
c:\windows\NV39123916.TMP\nvmob.chm
c:\windows\system32\drivers\lqmqpaac.sys
c:\windows\system32\drivers\ufgiqla.sys
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
-------\Service_opeml


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-16 20:42 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-04-16 20:42 . 2009-08-06 17:24 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2010-04-16 20:42 . 2009-08-06 17:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-04-16 20:42 . 2005-05-26 03:16 173536 ----a-w- c:\windows\system32\wuweb.dll
2010-04-16 20:42 . 2005-05-26 03:16 127768 ----a-w- c:\windows\system32\wucltui.dll
2010-04-16 20:42 . 2005-05-26 03:16 1343768 ----a-w- c:\windows\system32\wuaueng.dll
2010-04-16 20:42 . 2005-05-26 03:16 465176 ----a-w- c:\windows\system32\wuapi.dll
2010-04-16 20:42 . 2005-05-26 03:16 124184 ----a-w- c:\windows\system32\wuauclt.exe
2010-04-16 20:42 . 2005-05-26 03:16 75544 ----a-w- c:\windows\system32\cdm.dll
2010-04-16 20:02 . 2010-04-16 20:03 -------- d-----w- C:\rsit
2010-04-10 16:34 . 2010-04-10 16:34 -------- d-----w- c:\program files\Reality Pump
2010-04-10 16:26 . 2010-04-10 16:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-10 16:23 . 2010-04-10 16:23 -------- d-----w- c:\windows\system32\Adobe
2010-03-31 14:48 . 2010-03-31 14:48 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 16:07 . 2010-03-29 16:07 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-29 16:05 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-03-29 16:04 . 2010-03-29 16:04 -------- d-----w- c:\windows\Logs
2010-03-29 15:11 . 2010-02-03 13:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-28 09:38 . 2010-03-28 09:38 -------- d-----w- c:\windows\nvidia icons
2010-03-28 09:37 . 2010-03-12 09:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-28 09:37 . 2010-03-29 16:06 -------- d-----w- C:\NVIDIA
2010-03-28 09:03 . 2010-03-28 09:22 -------- d-----w- c:\program files\Mass Effect
2010-03-20 19:06 . 2010-03-20 19:06 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 21:20 . 2008-07-02 14:32 -------- d-----w- c:\program files\BitComet
2010-04-10 13:24 . 2008-03-28 18:06 -------- d-----w- c:\program files\OpenTTD
2010-04-07 19:36 . 2007-02-27 17:35 -------- d-----w- c:\program files\Warcraft III
2010-04-07 17:16 . 2006-12-20 03:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 09:15 . 2009-11-08 10:25 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-28 07:03 . 2006-03-02 12:00 74592 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:03 . 2006-03-02 12:00 403140 ----a-w- c:\windows\system32\perfh005.dat
2010-03-17 20:27 . 2008-04-05 19:18 143086 ----a-w- c:\windows\War3Unin.dat
2010-03-06 01:37 . 2010-03-06 01:13 -------- d-----w- c:\program files\ICQ6.5
2010-03-06 01:34 . 2008-06-30 12:18 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-06 01:14 . 2008-06-30 12:17 -------- d-----w- c:\program files\ICQ6
2010-02-21 12:52 . 2007-03-21 17:45 -------- d-----w- c:\program files\World of Warcraft
2010-02-04 08:01 . 2010-03-29 16:06 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-03-29 16:06 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-03-29 16:06 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-03-29 16:06 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-16_21.45.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-17 09:19 . 2010-04-17 09:19 16384 c:\windows\temp\Perflib_Perfdata_780.dat
+ 2009-01-12 18:01 . 2010-04-17 08:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 18:01 . 2010-04-16 20:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-12 18:01 . 2010-04-17 08:25 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-12 18:01 . 2010-04-16 20:42 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-04-17 08:25 . 2010-04-17 08:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-12 18:01 . 2010-04-16 20:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-10 08:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\condition zero\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\counter-strike\\hl.exe"=
"c:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\War2Combat\\Warcraft II BNE.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Šuplík\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\GMOD10\\hl2.exe"=
"c:\\Program Files\\GOG.com\\Freespace\\FS.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\rc\\RAL.EXE"=
"c:\\Program Files\\Reality Pump\\The Moon Project\\TheMoonProject.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20807:TCP"= 20807:TCP:BitComet 20807 TCP
"20807:UDP"= 20807:UDP:BitComet 20807 UDP

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.12.2009 14:12 12552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.2.2007 17:34 639224]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.12.2009 14:12 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.12.2009 14:12 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10.12.2009 10:27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11.12.2009 17:19 297752]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [30.6.2008 14:18 222968]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [8.11.2009 12:44 25832]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {CC6887A6-1EF0-4668-9EAD-FF427347F0FC} = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Garena - c:\program files\Garena\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 11:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F18AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf764cfc3
\Driver\ACPI -> ACPI.sys @ 0xf73f0cb8
\Driver\atapi -> 0x871d61d8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf72b5bc3
PacketIndicateHandler -> NDIS.sys @ 0xf72c1b21
SendHandler -> NDIS.sys @ 0xf72b5d33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:1c,b1,8f,db,ad,aa,df,2e,93,5a,3e,79,a3,9a,d7,f5,a5,2d,10,60,3c,
ee,14,ca,a3,d2,c3,46,cd,a8,44,5e,4e,bc,06,2b,1f,ff,1f,4e,ff,28,d4,7a,3d,ed,\
"rkeysecu"=hex:71,fd,f4,2e,51,e1,fc,3d,f0,e1,a2,91,5e,9c,9e,55
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

- - - - - - - > 'explorer.exe'(1164)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-17 11:25:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-17 09:25
ComboFix2.txt 2010-04-16 21:47
ComboFix3.txt 2009-02-08 19:50

Před spuštěním: Volných bajtů: 39 970 373 632
Po spuštění: Volných bajtů: 39 899 885 568

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A9DC347DBCFD4EFDDB56849B426ECA42

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[zbynadovirycz]

MBR log byl v adresáři plocha, neotevřel se sám, je dost malej, jen toto - je to OK?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FD5AC8]<<
kernel: MBR read successfully
user & kernel MBR OK


Ještě udělám GMER

dík Zbyna

[Caroprd111]

Log z MBR je krátký. Počkám na ten Gmer.

[zbynadovirycz]

log Gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-17 12:36:27
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMIN\LOCALS~1\Temp\pxtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86FD5AC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Ok, ještě druhý log.

[zbynadovirycz]

Na konci scanu GMER došlo k samovolnému restartu, nemohl jsem uložit log.
Asi se někde neukládá sám?
mám to zkusit znovu?

Dík Zbyna

[Caroprd111]

Gmer zatím nechte být.


Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Restore::
C:\WINDOWS\system32\drivers\atapi.sys

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[zbynadovirycz]

Provedu.

Bohužel teď už ale musím odjet, vracím se zítra večer.

Můžu se pak ozvat?

Díky moc a moc!!!

Zdraví Zbyna

[Caroprd111]

Až to bude možné, tak se ozvěte.

[zbynadovirycz]

výsledný log:

ComboFix 10-04-15.05 - ADMIN 19.04.2010 19:33:03.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1022.563 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-19 do 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-16 20:42 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-04-16 20:42 . 2009-08-06 17:24 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2010-04-16 20:42 . 2009-08-06 17:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-04-16 20:42 . 2005-05-26 03:16 173536 ----a-w- c:\windows\system32\wuweb.dll
2010-04-16 20:42 . 2005-05-26 03:16 127768 ----a-w- c:\windows\system32\wucltui.dll
2010-04-16 20:42 . 2005-05-26 03:16 1343768 ----a-w- c:\windows\system32\wuaueng.dll
2010-04-16 20:42 . 2005-05-26 03:16 465176 ----a-w- c:\windows\system32\wuapi.dll
2010-04-16 20:42 . 2005-05-26 03:16 124184 ----a-w- c:\windows\system32\wuauclt.exe
2010-04-16 20:42 . 2005-05-26 03:16 75544 ----a-w- c:\windows\system32\cdm.dll
2010-04-16 20:02 . 2010-04-16 20:03 -------- d-----w- C:\rsit
2010-04-10 16:34 . 2010-04-10 16:34 -------- d-----w- c:\program files\Reality Pump
2010-04-10 16:26 . 2010-04-10 16:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-10 16:23 . 2010-04-10 16:23 -------- d-----w- c:\windows\system32\Adobe
2010-03-31 14:48 . 2010-03-31 14:48 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 16:07 . 2010-03-29 16:07 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-29 16:05 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-03-29 16:04 . 2010-03-29 16:04 -------- d-----w- c:\windows\Logs
2010-03-29 15:11 . 2010-02-03 13:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-28 09:38 . 2010-03-28 09:38 -------- d-----w- c:\windows\nvidia icons
2010-03-28 09:37 . 2010-03-12 09:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-28 09:37 . 2010-03-29 16:06 -------- d-----w- C:\NVIDIA
2010-03-28 09:03 . 2010-03-28 09:22 -------- d-----w- c:\program files\Mass Effect
2010-03-20 19:06 . 2010-03-20 19:06 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 18:12 . 2004-08-17 15:43 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-16 21:20 . 2008-07-02 14:32 -------- d-----w- c:\program files\BitComet
2010-04-10 13:24 . 2008-03-28 18:06 -------- d-----w- c:\program files\OpenTTD
2010-04-07 19:36 . 2007-02-27 17:35 -------- d-----w- c:\program files\Warcraft III
2010-04-07 17:16 . 2006-12-20 03:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 09:15 . 2009-11-08 10:25 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-28 07:03 . 2006-03-02 12:00 74592 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:03 . 2006-03-02 12:00 403140 ----a-w- c:\windows\system32\perfh005.dat
2010-03-17 20:27 . 2008-04-05 19:18 143086 ----a-w- c:\windows\War3Unin.dat
2010-03-06 01:37 . 2010-03-06 01:13 -------- d-----w- c:\program files\ICQ6.5
2010-03-06 01:34 . 2008-06-30 12:18 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-06 01:14 . 2008-06-30 12:17 -------- d-----w- c:\program files\ICQ6
2010-02-21 12:52 . 2007-03-21 17:45 -------- d-----w- c:\program files\World of Warcraft
2010-02-04 08:01 . 2010-03-29 16:06 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-03-29 16:06 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-03-29 16:06 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-03-29 16:06 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-16_21.45.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-19 17:52 . 2010-04-19 17:52 16384 c:\windows\temp\Perflib_Perfdata_788.dat
+ 2004-08-17 15:43 . 2010-04-18 18:12 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2009-01-12 18:01 . 2010-04-17 08:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 18:01 . 2010-04-16 20:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-12 18:01 . 2010-04-17 08:25 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-12 18:01 . 2010-04-16 20:42 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-10 08:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\condition zero\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\counter-strike\\hl.exe"=
"c:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\War2Combat\\Warcraft II BNE.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Šuplík\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\titankiller222\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\GMOD10\\hl2.exe"=
"c:\\Program Files\\GOG.com\\Freespace\\FS.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\rc\\RAL.EXE"=
"c:\\Program Files\\Reality Pump\\The Moon Project\\TheMoonProject.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20807:TCP"= 20807:TCP:BitComet 20807 TCP
"20807:UDP"= 20807:UDP:BitComet 20807 UDP

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.12.2009 14:12 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.12.2009 14:12 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.12.2009 14:12 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10.12.2009 10:27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11.12.2009 17:19 297752]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [30.6.2008 14:18 222968]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [8.11.2009 12:44 25832]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {CC6887A6-1EF0-4668-9EAD-FF427347F0FC} = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 19:52
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FBDAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7648fc3
\Driver\ACPI -> ACPI.sys @ 0xf74dbcb8
\Driver\atapi -> atapi.sys @ 0xf74937b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:1c,b1,8f,db,ad,aa,df,2e,93,5a,3e,79,a3,9a,d7,f5,a5,2d,10,60,3c,
ee,14,ca,a3,d2,c3,46,cd,a8,44,5e,4e,bc,06,2b,1f,ff,1f,4e,ff,28,d4,7a,3d,ed,\
"rkeysecu"=hex:71,fd,f4,2e,51,e1,fc,3d,f0,e1,a2,91,5e,9c,9e,55
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-19 19:58:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-19 17:58
ComboFix2.txt 2010-04-17 09:25
ComboFix3.txt 2010-04-16 21:47
ComboFix4.txt 2009-02-08 19:50

Před spuštěním: Volných bajtů: 39 917 613 056
Po spuštění: Volných bajtů: 39 884 316 672

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EC7ECFD3D9591E729CC24C4C2CF254B8