sekani PC

[tomes55]

Seká se mi PC. Prosím o kontrolu


Logfile of random's system information tool 1.08 (written by random/random)
Run by Tomáš at 2010-07-19 14:43:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 39 GB (33%) free of 120 GB
Total RAM: 1023 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:45:20 , on 19.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\program files\steam\steam.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\WowMultiHackInstall.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\Tomáš\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Tomáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: 2Shared Toolbar - {ef468e5b-5b30-4136-a833-7f2e3a31afdf} - C:\Program Files\2Shared\tb2Sh0.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O2 - BHO: 2Shared Toolbar - {ef468e5b-5b30-4136-a833-7f2e3a31afdf} - C:\Program Files\2Shared\tb2Sh0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: 2Shared Toolbar - {ef468e5b-5b30-4136-a833-7f2e3a31afdf} - C:\Program Files\2Shared\tb2Sh0.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Windows Update] C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\WowMultiHackInstall.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CurseClientStartup.ccip (User 'SYSTEM')
O4 - .DEFAULT Startup: CurseClientStartup.ccip (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Twelveg Game Guard - Unknown owner - C:\Program Files\HeroesLand MuOnline\TweGameGuard\TweGameGuard.exe (file missing)

--
End of file - 11021 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{ABB8DD75-5AF4-4B00-9084-B05A71F40CD0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-05-05 1736472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}]
2Shared Toolbar - C:\Program Files\2Shared\tb2Sh0.dll [2010-05-04 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{ef468e5b-5b30-4136-a833-7f2e3a31afdf} - 2Shared Toolbar - C:\Program Files\2Shared\tb2Sh0.dll [2010-05-04 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-14 12669544]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-14 110184]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-26 172032]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-06-11 1280344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-05-26 2346192]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-06-08 133368]
"Steam"=c:\program files\steam\steam.exe [2010-06-28 1238352]
"Windows Update"=C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\WowMultiHackInstall.exe [2010-07-02 172093]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Watch.lnk - C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe

C:\Documents and Settings\Tomáš\Nabídka Start\Programy\Po spuštění
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-21 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Tomáš\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Tomáš\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\VentSrv\ventrilo_srv.exe"="C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"D:\FinaLongju2\Server1Ch2.exe"="D:\FinaLongju2\Server1Ch2.exe:*:Enabled:Server1Ch2"
"D:\FinaLongju2\Server2Ch1.exe"="D:\FinaLongju2\Server2Ch1.exe:*:Enabled:Server2Ch1"
"D:\FinaLongju2\Server1Ch1.exe"="D:\FinaLongju2\Server1Ch1.exe:*:Enabled:Server1Ch1"
"C:\zaloha\client DarkLongju2\mc.exe"="C:\zaloha\client DarkLongju2\mc.exe:*:Enabled:mc"
"D:\wow 3.3.2a\World of Warcraft\Launcher.exe"="D:\wow 3.3.2a\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"D:\wow 3.3.2a\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="D:\wow 3.3.2a\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\xxdemoxx112\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\xxdemoxx112\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.scr - open - "%1" %*
.scr - config - "%1" %*

======List of files/folders created in the last 1 months======

2010-07-19 14:43:55 ----D---- C:\Program Files\trend micro
2010-07-19 14:43:51 ----D---- C:\rsit
2010-07-19 14:11:03 ----D---- C:\Program Files\Activision
2010-07-19 14:10:55 ----D---- C:\Program Files\VentSrv
2010-07-19 13:35:13 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-18 02:39:55 ----DC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-08 21:34:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\PopCap Games
2010-07-08 15:38:01 ----A---- C:\WINDOWS\game.ini
2010-07-08 15:31:46 ----SHD---- C:\WINDOWS\ftpcache
2010-07-04 15:15:53 ----D---- C:\Program Files\Scorpions WinCheater
2010-07-03 17:24:27 ----A---- C:\WINDOWS\War3Unin.pif
2010-07-03 17:24:26 ----A---- C:\WINDOWS\War3Unin.exe
2010-07-03 17:19:07 ----D---- C:\Program Files\Warcraft III
2010-07-02 20:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-02 20:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-02 20:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-02 20:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-02 20:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-02 20:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-02 10:38:44 ----D---- C:\Program Files\WoWStatChanger
2010-06-28 01:27:02 ----D---- C:\Program Files\Steam

======List of files/folders modified in the last 1 months======

2010-07-19 14:44:40 ----D---- C:\WINDOWS\Temp
2010-07-19 14:43:55 ----RD---- C:\Program Files
2010-07-19 14:43:51 ----D---- C:\WINDOWS\Prefetch
2010-07-19 14:25:25 ----A---- C:\WINDOWS\WINCMD.INI
2010-07-19 14:13:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-19 14:11:23 ----D---- C:\WINDOWS\system32\config
2010-07-19 14:11:10 ----D---- C:\WINDOWS\system32\wbem
2010-07-19 14:11:09 ----D---- C:\WINDOWS\Registration
2010-07-19 14:11:04 ----SHD---- C:\Config.Msi
2010-07-19 14:11:03 ----SHD---- C:\WINDOWS\Installer
2010-07-19 14:10:56 ----D---- C:\Program Files\Ventrilo
2010-07-19 14:10:55 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-19 14:10:52 ----HD---- C:\WINDOWS\inf
2010-07-19 14:10:52 ----D---- C:\WINDOWS\system32
2010-07-19 14:10:52 ----D---- C:\WINDOWS
2010-07-19 14:10:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-19 14:04:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-18 23:33:45 ----D---- C:\sprayes
2010-07-18 15:23:04 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Skype
2010-07-18 13:50:37 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\skypePM
2010-07-18 02:39:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-18 02:39:51 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-18 02:36:41 ----D---- C:\WINDOWS\Debug
2010-07-17 22:45:41 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Ventrilo
2010-07-11 14:45:33 ----SD---- C:\Program Files\Xfire
2010-07-11 14:45:33 ----D---- C:\zaloha
2010-07-11 14:45:33 ----D---- C:\WINDOWS\Logs
2010-07-11 14:45:33 ----D---- C:\Program Files\VentriloMIX
2010-07-11 14:45:33 ----D---- C:\Program Files\Seznam.cz
2010-07-11 14:45:33 ----D---- C:\Program Files\Mozilla Firefox
2010-07-11 14:45:33 ----D---- C:\Program Files\Metin2_CZ
2010-07-11 14:45:33 ----D---- C:\Program Files\Avidemux 2.5
2010-07-11 14:45:33 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\TeamViewer
2010-07-11 14:45:32 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2010-07-11 14:45:11 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\IObit
2010-07-11 14:31:30 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-09 17:14:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-08 15:38:00 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-07 11:04:48 ----D---- C:\Program Files\LogMeIn Hamachi
2010-07-07 11:03:52 ----D---- C:\Program Files\Hamachi
2010-07-07 11:03:06 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Hamachi
2010-07-05 21:56:36 ----D---- C:\Program Files\PowerArchiver
2010-07-05 21:55:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-07-04 14:20:05 ----D---- C:\WINDOWS\system32\DirectX
2010-07-04 14:19:49 ----RSD---- C:\WINDOWS\assembly
2010-07-02 21:27:00 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-02 20:23:20 ----D---- C:\Program Files\Internet Explorer
2010-07-02 20:23:11 ----D---- C:\WINDOWS\ie8updates
2010-07-02 20:17:07 ----D---- C:\Program Files\a-squared Free
2010-07-02 20:06:59 ----D---- C:\WINDOWS\WinSxS
2010-07-02 19:53:29 ----D---- C:\Program Files\CCleaner
2010-07-02 19:38:41 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-01 17:44:00 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-03 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-05-26 82380]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43008]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 cm102u32;C-Media CM6501 Like Sound Interface; C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 1419968]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-14 10236192]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-27 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\TOM~1\LOCALS~1\Temp\YEZ3264.tmp []
S3 GT680x;GrandTechICNameNT; C:\WINDOWS\System32\Drivers\gt680x.sys [2001-11-08 18120]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-06-07 25280]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 snpstd;VideoCAM Trek; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2005-06-20 390912]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-05-14 1872320]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-14 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-13 75064]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Twelveg Game Guard;Twelveg Game Guard; C:\Program Files\HeroesLand MuOnline\TweGameGuard\TweGameGuard.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-04-06 2743325]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-11-27 306432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[riffman]

zdravim

stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[tomes55]

ComboFix 10-07-18.03 - Tomáš 19.07.2010 17:00:01.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.563 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-19 do 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-19 13:30 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-19 12:43 . 2010-07-19 12:45 -------- d-----w- c:\program files\trend micro
2010-07-19 12:43 . 2010-07-19 12:45 -------- d-----w- C:\rsit
2010-07-19 12:11 . 2010-07-19 12:11 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-19 12:11 . 2010-07-19 12:11 -------- d-----w- c:\program files\Activision
2010-07-19 12:10 . 2010-07-19 12:10 -------- d-----w- c:\program files\VentSrv
2010-07-12 22:18 . 2010-07-12 22:18 25 ----a-w- c:\windows\popcinfot.dat
2010-07-08 13:31 . 2010-07-08 13:31 -------- d-sh--w- c:\windows\ftpcache
2010-07-04 13:15 . 2010-07-04 15:26 -------- d-----w- c:\program files\Scorpions WinCheater
2010-07-03 15:24 . 2010-07-05 20:00 52016 ----a-w- c:\windows\War3Unin.dat
2010-07-03 15:24 . 2010-07-05 20:00 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-03 15:24 . 2010-07-05 20:00 139264 ----a-w- c:\windows\War3Unin.exe
2010-07-03 15:19 . 2010-07-06 18:28 -------- d-----w- c:\program files\Warcraft III
2010-07-02 17:44 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-02 08:38 . 2010-07-02 08:38 -------- d-----w- c:\program files\WoWStatChanger
2010-06-27 23:27 . 2010-07-19 14:43 -------- d-----w- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 13:40 . 2009-11-27 12:13 -------- d-----w- c:\program files\a-squared Free
2010-07-19 12:10 . 2010-02-12 17:33 -------- d-----w- c:\program files\Ventrilo
2010-07-19 12:10 . 2009-11-27 12:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-11 12:45 . 2010-03-12 19:26 -------- d-s---w- c:\program files\Xfire
2010-07-11 12:45 . 2010-01-01 15:09 -------- d-----w- c:\program files\Avidemux 2.5
2010-07-11 12:45 . 2009-12-30 13:22 -------- d-----w- c:\program files\VentriloMIX
2010-07-11 12:45 . 2009-11-27 22:02 -------- d-----w- c:\program files\Metin2_CZ
2010-07-11 12:45 . 2009-11-27 09:44 -------- d-----w- c:\program files\Seznam.cz
2010-07-11 12:45 . 2009-12-09 17:14 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-07-09 15:14 . 2001-10-25 14:00 509162 ----a-w- c:\windows\system32\perfh005.dat
2010-07-09 15:14 . 2001-10-25 14:00 106430 ----a-w- c:\windows\system32\perfc005.dat
2010-07-08 13:38 . 2009-11-27 11:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-07 09:04 . 2010-03-08 14:21 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-07-07 09:03 . 2010-06-07 16:02 -------- d-----w- c:\program files\Hamachi
2010-07-05 19:56 . 2010-03-15 19:11 -------- d-----w- c:\program files\PowerArchiver
2010-07-02 17:53 . 2009-11-27 12:17 -------- d-----w- c:\program files\CCleaner
2010-06-14 14:31 . 2009-11-27 08:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:05 . 2010-06-12 19:19 -------- d-----w- c:\program files\Cossacks - European Wars
2010-06-10 15:59 . 2010-03-18 22:48 -------- d-----w- c:\program files\ICQ7.0
2010-06-09 15:13 . 2010-05-04 12:17 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-07 16:02 . 2009-09-23 08:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-03 21:54 . 2009-11-30 22:22 -------- d-----w- c:\program files\Xvid
2010-05-26 14:36 . 2009-11-27 14:50 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-26 14:36 . 2010-05-26 14:36 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-05-20 15:38 . 2009-11-27 10:59 -------- d-----w- c:\program files\Microsoft.NET
2010-05-17 21:20 . 2010-05-17 21:20 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 23:10 . 2010-05-20 18:35 180 ----a-w- c:\windows\Fonts\READ ME .txt
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-12-06 14:30 . 2009-12-06 14:29 1160 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ef468e5b-5b30-4136-a833-7f2e3a31afdf}"= "c:\program files\2Shared\tb2Sh0.dll" [2010-05-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}]
2010-05-04 12:46 2515552 ----a-w- c:\program files\2Shared\tb2Sh0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ef468e5b-5b30-4136-a833-7f2e3a31afdf}"= "c:\program files\2Shared\tb2Sh0.dll" [2010-05-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EF468E5B-5B30-4136-A833-7F2E3A31AFDF}"= "c:\program files\2Shared\tb2Sh0.dll" [2010-05-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-06-08 133368]
"Steam"="c:\program files\steam\steam.exe" [2010-06-27 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-13 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-13 110184]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Tom ç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-1-29 0]

c:\documents and settings\Tom ç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-1-29 0]

c:\documents and settings\Tom ç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-1-29 0]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Watch.lnk - c:\program files\Mustek 1200 UB Plus\Driver\WATCH.exe [2009-11-27 364544]

c:\documents and settings\Tom ç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-1-29 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Tomáš\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\FinaLongju2\\Server1Ch2.exe"=
"d:\\FinaLongju2\\Server2Ch1.exe"=
"d:\\FinaLongju2\\Server1Ch1.exe"=
"c:\\zaloha\\client DarkLongju2\\mc.exe"=
"d:\\wow 3.3.2a\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\wow 3.3.2a\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\xxdemoxx112\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"27001:UDP"= 27001:UDP:st
"27002:UDP"= 27002:UDP:st
"27003:UDP"= 27003:UDP:st
"27004:UDP"= 27004:UDP:st
"27005:UDP"= 27005:UDP:st
"27006:TCP"= 27006:TCP:st
"27007:UDP"= 27007:UDP:st
"27008:UDP"= 27008:UDP:st
"27009:UDP"= 27009:UDP:st
"27010:UDP"= 27010:UDP:st
"27011:UDP"= 27011:UDP:st
"27012:UDP"= 27012:UDP:st
"27013:UDP"= 27013:UDP:st
"27014:UDP"= 27014:UDP:st
"27015:UDP"= 27015:UDP:st
"1200:UDP"= 1200:UDP:st
"27020:UDP"= 27020:UDP:st
"27021:TCP"= 27021:TCP:st
"27022:TCP"= 27022:TCP:st
"27023:TCP"= 27023:TCP:st
"27024:TCP"= 27024:TCP:st

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.11.2009 13:33 5248]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [27.11.2009 14:13 1872320]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.12.2009 14:49 246520]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [2.7.2010 20:27 312152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 Twelveg Game Guard;Twelveg Game Guard;c:\program files\HeroesLand MuOnline\TweGameGuard\TweGameGuard.exe --> c:\program files\HeroesLand MuOnline\TweGameGuard\TweGameGuard.exe [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\TOM~1\LOCALS~1\Temp\YEZ3264.tmp --> c:\docume~1\TOM~1\LOCALS~1\Temp\YEZ3264.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.11.2009 13:33 160640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:02]

2010-07-19 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-11-27 12:11]

2010-07-17 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-11-27 15:20]

2010-07-19 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-05 12:48]

2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{ABB8DD75-5AF4-4B00-9084-B05A71F40CD0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\fz3plk0o.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-C6501Sound - c6501.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 17:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\TOM~1\LOCALS~1\Temp\YEZ3264.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,a3,62,54,0a,bf,c8,4d,8b,fb,5d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,a3,62,54,0a,bf,c8,4d,8b,fb,5d,\

[HKEY_USERS\S-1-5-21-515967899-507921405-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-515967899-507921405-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:b4,70,d3,d7,f9,ea,d4,d0,ad,6a,f1,d1,e8,c2,94,6b,e6,e7,ab,17,5f,
cd,02,7d,54,59,c4,17,ab,55,2a,45,02,4c,2a,5c,9c,20,b2,c5,2b,66,f6,d6,e5,09,\
"rkeysecu"=hex:91,84,04,ea,b5,cd,4c,e3,93,18,fe,59,cf,c9,fa,7c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-07-19 17:08:05
ComboFix-quarantined-files.txt 2010-07-19 15:08

Před spuštěním: Volných bajtů: 41 254 014 976
Po spuštění: Volných bajtů: 41 231 876 096

- - End Of File - - 7F6D5BD6118A9869FC7E7C3C4EC13443

[riffman]

"27001:UDP"= 27001:UDP:st
"27002:UDP"= 27002:UDP:st
"27003:UDP"= 27003:UDP:st
"27004:UDP"= 27004:UDP:st
"27005:UDP"= 27005:UDP:st
"27006:TCP"= 27006:TCP:st
"27007:UDP"= 27007:UDP:st
"27008:UDP"= 27008:UDP:st
"27009:UDP"= 27009:UDP:st
"27010:UDP"= 27010:UDP:st
"27011:UDP"= 27011:UDP:st
"27012:UDP"= 27012:UDP:st
"27013:UDP"= 27013:UDP:st
"27014:UDP"= 27014:UDP:st
"27015:UDP"= 27015:UDP:st
"1200:UDP"= 1200:UDP:st
"27020:UDP"= 27020:UDP:st
"27021:TCP"= 27021:TCP:st
"27022:TCP"= 27022:TCP:st
"27023:TCP"= 27023:TCP:st
"27024:TCP"= 27024:TCP:st

tyhle porty mate otevrene zamerne?

[tomes55]

Omlouvám se ale netuším...nevyznám se v tom

[riffman]

aha...

http://www.esagelab.com/files/bootkit_remover.rar

stahnout, rozbalit na plochu, spustit

po spusteni klik pravym mysidlem do okna, zvolit moznost Vybrat vse, CTRL+C a sem do odpovedi CTRL+V (tim mi sem plesknete log)

[tomes55]

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive2
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive2
MD5: ee7fe9f24bc949ea3a78cf7064fbe50b
\\.\D: -> \\.\PhysicalDrive2
\\.\G: -> \\.\PhysicalDrive0
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\H: -> \\.\PhysicalDrive1
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive1
MD5: ee7fe9f24bc949ea3a78cf7064fbe50b
\\.\J: -> \\.\PhysicalDrive3
MD5: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive2 Unknown boot code
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
37 GB \\.\PhysicalDrive1 Unknown boot code
372 GB \\.\PhysicalDrive3 OK (DOS/Win32 Boot code found)

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...

[riffman]

dobre...pouzivate nejake bootloadery a la GRUB?

[tomes55]

Netuším co to je ..proto předpokládám že nepouzžívám

[riffman]

dobre...

Start/Spustit a do chlivku zkopirujte nasledujici text:

"c:\documents and settings\jmeno_uzivatele - doplnte dle jmena uzivatele, pod kterym jste prave prihlasen\Plocha\remover.exe" fix \\.\PhysicalDrive0

potvrdit, restart a novy sken jako v predchozim pripade bootkit removerem, log sem

[tomes55]

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive2
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive2
MD5: ee7fe9f24bc949ea3a78cf7064fbe50b
\\.\D: -> \\.\PhysicalDrive2
\\.\G: -> \\.\PhysicalDrive0
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\H: -> \\.\PhysicalDrive1
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive1
MD5: ee7fe9f24bc949ea3a78cf7064fbe50b
\\.\J: -> \\.\PhysicalDrive3
MD5: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive2 Unknown boot code
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
37 GB \\.\PhysicalDrive1 Unknown boot code
372 GB \\.\PhysicalDrive3 OK (DOS/Win32 Boot code found)

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...

[riffman]

zopakujte to same postupne v tomto tvaru:

"c:\documents and settings\jmeno_uzivatele - doplnte dle jmena uzivatele, pod kterym jste prave prihlasen\Plocha\remover.exe" fix \\.\PhysicalDrive1

a pote

"c:\documents and settings\jmeno_uzivatele - doplnte dle jmena uzivatele, pod kterym jste prave prihlasen\Plocha\remover.exe" fix \\.\PhysicalDrive2

[tomes55]

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive2
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive2
MD5: ee7fe9f24bc949ea3a78cf7064fbe50b
\\.\D: -> \\.\PhysicalDrive2
\\.\G: -> \\.\PhysicalDrive0
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\H: -> \\.\PhysicalDrive1
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive1
MD5: ee7fe9f24bc949ea3a78cf7064fbe50b
\\.\J: -> \\.\PhysicalDrive3
MD5: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive2 Unknown boot code
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
37 GB \\.\PhysicalDrive1 Unknown boot code
372 GB \\.\PhysicalDrive3 OK (DOS/Win32 Boot code found)

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...

[riffman]

ten kram tam visi furt...mate instalacni CD s Windows?

[tomes55]

Ano mám