Prosím o kontrolu

[Meny]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Simon at 2011-05-05 18:40:21
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 93 GB (58%) free of 160 GB
Total RAM: 2301 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:23, on 5.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\CursorFX\CursorFX.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Simon\Desktop\RSIT.exe
C:\Program Files\trend micro\Simon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AutoKMS] C:\WINDOWS\AutoKMS.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Simon\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1082687109
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 9809 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B8CEFDA0-2825-49EF-A0D3-FC6730F4C183}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\Snagit 10\SnagitBHO.dll [2010-04-13 63304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152]
{855F3B16-6D32-4FE6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-10 218032]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"AutoKMS"=C:\WINDOWS\AutoKMS.exe [2011-04-24 615936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"CursorFX"=C:\Program Files\CursorFX\CursorFX.exe [2010-03-23 417280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.4\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2011-04-01 15145352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoUserNameInStartMenu"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Simon\Desktop\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Simon\Desktop\Bulánci.exe"="C:\Documents and Settings\Simon\Desktop\Bulánci.exe:*:Enabled:Bulánci"
"C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe"="C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe:*:Enabled:Mount and Blade: Warband"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

======List of files/folders created in the last 1 months======

2011-05-05 18:40:21 ----D---- C:\rsit
2011-05-05 18:40:21 ----D---- C:\Program Files\trend micro
2011-05-05 18:21:48 ----D---- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab
2011-05-05 18:02:17 ----D---- C:\Program Files\ICQ6Toolbar
2011-05-05 18:02:00 ----D---- C:\Documents and Settings\Simon\Application Data\ICQ
2011-05-05 18:01:51 ----D---- C:\Program Files\ICQ7.5
2011-05-05 16:57:20 ----N---- C:\WINDOWS\KMSEmulator.exe
2011-05-05 16:56:29 ----A---- C:\WINDOWS\AutoKMS.tmp
2011-05-05 16:09:51 ----D---- C:\Program Files\The Godfather The Game
2011-04-24 18:42:40 ----A---- C:\WINDOWS\AutoKMS.ini
2011-04-24 18:42:40 ----A---- C:\WINDOWS\AutoKMS.exe
2011-04-24 18:29:36 ----D---- C:\Program Files\Microsoft Synchronization Services
2011-04-24 18:29:34 ----D---- C:\Program Files\Common Files\DESIGNER
2011-04-24 18:28:57 ----D---- C:\Program Files\Microsoft Sync Framework
2011-04-24 18:28:57 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-04-24 18:27:07 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-04-24 18:26:17 ----D---- C:\WINDOWS\SHELLNEW
2011-04-24 18:26:15 ----D---- C:\Program Files\Microsoft Analysis Services
2011-04-24 10:48:24 ----D---- C:\Themes
2011-04-23 18:28:10 ----D---- C:\Documents and Settings\All Users\Application Data\SRS Labs
2011-04-23 18:28:02 ----RA---- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2011-04-22 19:51:04 ----HDC---- C:\Documents and Settings\All Users\Application Data\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-04-22 19:51:02 ----D---- C:\Program Files\CursorFX
2011-04-21 19:52:14 ----D---- C:\Documents and Settings\All Users\Application Data\Cached Installations
2011-04-17 10:45:41 ----D---- C:\Program Files\CursorXP
2011-04-16 18:33:07 ----SHD---- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-15 17:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras
2011-04-15 17:58:22 ----D---- C:\Program Files\Common Files\Skype
2011-04-15 17:58:20 ----RD---- C:\Program Files\Skype
2011-04-14 15:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-14 15:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-14 15:13:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-14 15:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-14 15:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-14 15:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-14 15:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-14 15:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-14 15:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-14 14:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-12 19:48:36 ----D---- C:\Program Files\Rockstar Games
2011-04-06 15:23:59 ----A---- C:\WINDOWS\unvise32.exe

======List of files/folders modified in the last 1 months======

2011-05-05 18:40:21 ----D---- C:\WINDOWS\Temp
2011-05-05 18:40:21 ----D---- C:\Program Files
2011-05-05 18:40:19 ----D---- C:\Documents and Settings\Simon\Application Data\BitTorrent
2011-05-05 18:26:42 ----D---- C:\Program Files\CustoPackTools
2011-05-05 18:22:11 ----SHD---- C:\WINDOWS\Installer
2011-05-05 18:19:00 ----D---- C:\Program Files\Common Files
2011-05-05 18:18:52 ----SD---- C:\WINDOWS\Tasks
2011-05-05 18:17:13 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-05 18:17:13 ----D---- C:\WINDOWS
2011-05-05 18:17:13 ----A---- C:\WINDOWS\GKLauncherInfo.ini
2011-05-05 18:15:24 ----D---- C:\Program Files\Microsoft Office
2011-05-05 18:15:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-05-05 18:14:15 ----D---- C:\Program Files\Image-Line
2011-05-05 18:12:10 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-05 17:59:38 ----D---- C:\WINDOWS\Prefetch
2011-05-05 16:09:23 ----RSD---- C:\WINDOWS\assembly
2011-05-05 16:09:10 ----HD---- C:\WINDOWS\inf
2011-05-05 16:08:25 ----D---- C:\WINDOWS\system32\DirectX
2011-05-05 13:35:28 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-05-02 19:07:55 ----D---- C:\Documents and Settings\Simon\Application Data\Skype
2011-05-02 19:07:34 ----D---- C:\Documents and Settings\Simon\Application Data\skypePM
2011-05-01 11:28:34 ----D---- C:\Program Files\Google
2011-05-01 09:59:19 ----D---- C:\Program Files\BitTorrent
2011-04-29 20:41:04 ----D---- C:\Program Files\Mozilla Firefox
2011-04-28 16:33:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-04-27 15:07:25 ----D---- C:\WINDOWS\Debug
2011-04-25 08:31:51 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-24 19:17:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-04-24 18:30:47 ----D---- C:\WINDOWS\system32
2011-04-24 18:30:45 ----RSD---- C:\WINDOWS\Fonts
2011-04-24 18:30:18 ----D---- C:\Program Files\MSBuild
2011-04-24 18:26:45 ----A---- C:\WINDOWS\win.ini
2011-04-24 18:26:40 ----D---- C:\Program Files\Common Files\System
2011-04-24 18:24:46 ----D---- C:\WINDOWS\system32\CatRoot
2011-04-23 18:28:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-23 18:28:02 ----D---- C:\WINDOWS\system32\drivers
2011-04-21 16:13:50 ----SD---- C:\Documents and Settings\Simon\Application Data\Microsoft
2011-04-19 18:36:22 ----D---- C:\Program Files\NVIDIA Corporation
2011-04-18 15:50:44 ----D---- C:\Program Files\Fraps
2011-04-18 15:46:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-17 15:30:07 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2011-04-17 15:22:52 ----D---- C:\Program Files\FL Studio 9
2011-04-17 10:20:33 ----D---- C:\Documents and Settings\Simon\Application Data\TuneUp Software
2011-04-15 18:21:04 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2011-04-15 18:10:57 ----D---- C:\WINDOWS\Help
2011-04-15 18:02:06 ----HD---- C:\WINDOWS\msdownld.tmp
2011-04-15 17:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-04-15 17:55:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-04-15 14:32:42 ----D---- C:\divx
2011-04-14 15:46:13 ----D---- C:\Documents and Settings\Simon\Application Data\2K Sports
2011-04-14 15:17:45 ----D---- C:\WINDOWS\WinSxS
2011-04-14 15:16:00 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-14 15:13:54 ----D---- C:\Program Files\Internet Explorer
2011-04-14 15:13:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-07-06 72896]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-01 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-02-14 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-05-16 19968]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\WINDOWS\System32\drivers\sfsync03.sys [2005-12-06 35328]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-01 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-07-06 79232]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-02-04 51072]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-03-06 281760]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-03-06 25888]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-12-31 25280]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-02-23 9888384]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ATE_PROCMON;ATE_PROCMON; C:\WINDOWS\system32\drivers\ATE_PROCMON.sys []
S3 a45am1fm;a45am1fm; C:\WINDOWS\system32\drivers\a45am1fm.sys []
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EagleNT;EagleNT; C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys []
S3 LLRING0;LLRING0; \??\C:\Program Files\ZhyperMU\zhypermu season 4 3d\MuGuard\llck1.sys []
S3 msgame;Sidewinder HID to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\msgame.sys [2001-08-17 35200]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2009-12-15 268912]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
S2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2006-05-26 86016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-04-27 3506416]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny vecer preji

Mala technicka na uvod: Windows a pripadne produkt Office mate legalni = zakoupena licence

Taktez Vase zabezpeceni v podobe NOD32 neni nejak cracknute

[Meny]

Windows zakúpený, legálny
Balík Office 2010 je odtialto: odkaz na torrenty

NOD32 "fachčí" teraz na jednom zo serialov z netu... (Je to iba pokus, inak som stále na testovacích verziách NOD-u :/ )

[vyosek]

Editnul jsem Vam ten odkaz na torrenty = nelegalni stazeni balicku Office

Neustale instalovani trial licenci ci sehnani si cisla z netu asi moc neni v souladu s licencnimi podminkami (se kterymi jste mimochodem souhlasil pri instalaci) NODu, nemyslite

[Meny]

No myslím ,ale čo mam ja taký človek robiť chápete ma nie ? ale tak niečo s tým určte spravím neskôr

[vyosek]

Neskôr by ste s tym mal niečo urobit, teda pokud chcete dalsi radu...

Existuje mnoho free resenich: jak pro antiviry (Avast, Avira, MSE) tak v kancelarskych balicich (OpenOffice). Takze Vase jednani opravdu nechapu - cracknout si antivir, to je jak zamknout byt ale nechat otevrene okno

Dle pravidel fora (viz zde a a zde bod c.3 ) se nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava , pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora

Obstarejte si proto legalni ochranu Vaseho PC (antivir), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.

Osobne Vam doporucuji Avast, Aviru nebo MSE. Prehled antiviru mate ZDE.

Log z RSITu - viz muj podpis
Stahnete na plochu CKScanner

• Spustte a kliknete na Search for files
• Po dokonceni skenu kliknete na Save List to File a nasledne OK
• Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

[Meny]

RSIT log:


Logfile of random's system information tool 1.08 (written by random/random)
Run by Simon at 2011-05-06 16:28:32
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 95 GB (60%) free of 160 GB
Total RAM: 2301 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:35, on 6.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\CursorFX\CursorFX.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avast\AvastSvc.exe
C:\Program Files\Avast\AvastUI.exe
C:\Documents and Settings\Simon\Desktop\RSIT.exe
C:\Program Files\trend micro\Simon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AutoKMS] C:\WINDOWS\AutoKMS.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Simon\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1082687109
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8619 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B8CEFDA0-2825-49EF-A0D3-FC6730F4C183}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\Snagit 10\SnagitBHO.dll [2010-04-13 63304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Avast\aswWebRepIE.dll [2011-04-18 818280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152]
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Avast\aswWebRepIE.dll [2011-04-18 818280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-10 218032]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"AutoKMS"=C:\WINDOWS\AutoKMS.exe [2011-04-24 615936]
"avast"=C:\Program Files\Avast\avastUI.exe [2011-04-18 3460784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"CursorFX"=C:\Program Files\CursorFX\CursorFX.exe [2010-03-23 417280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.4\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2011-04-01 15145352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoUserNameInStartMenu"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Simon\Desktop\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Simon\Desktop\Bulánci.exe"="C:\Documents and Settings\Simon\Desktop\Bulánci.exe:*:Enabled:Bulánci"
"C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe"="C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe:*:Enabled:Mount and Blade: Warband"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

======List of files/folders created in the last 1 months======

2011-05-06 16:28:32 ----D---- C:\rsit
2011-05-06 16:28:32 ----D---- C:\Program Files\trend micro
2011-05-06 16:25:42 ----D---- C:\WINDOWS\LastGood
2011-05-06 16:24:04 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-05-06 16:24:04 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-05-06 16:24:02 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-05-06 16:24:02 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-05-06 16:24:01 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-05-06 16:24:00 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-05-06 16:24:00 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-05-06 16:24:00 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-05-06 16:22:59 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-05-06 16:22:53 ----D---- C:\Program Files\Avast
2011-05-06 16:22:53 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-05-06 15:17:18 ----N---- C:\WINDOWS\KMSEmulator.exe
2011-05-06 15:16:26 ----A---- C:\WINDOWS\AutoKMS.tmp
2011-05-05 18:21:48 ----D---- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab
2011-05-05 18:02:17 ----D---- C:\Program Files\ICQ6Toolbar
2011-05-05 18:02:00 ----D---- C:\Documents and Settings\Simon\Application Data\ICQ
2011-05-05 18:01:51 ----D---- C:\Program Files\ICQ7.5
2011-05-05 16:09:51 ----D---- C:\Program Files\The Godfather The Game
2011-04-24 18:42:40 ----A---- C:\WINDOWS\AutoKMS.ini
2011-04-24 18:42:40 ----A---- C:\WINDOWS\AutoKMS.exe
2011-04-24 10:48:24 ----D---- C:\Themes
2011-04-23 18:28:10 ----D---- C:\Documents and Settings\All Users\Application Data\SRS Labs
2011-04-23 18:28:02 ----RA---- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2011-04-22 19:51:04 ----HDC---- C:\Documents and Settings\All Users\Application Data\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-04-22 19:51:02 ----D---- C:\Program Files\CursorFX
2011-04-21 19:52:14 ----D---- C:\Documents and Settings\All Users\Application Data\Cached Installations
2011-04-17 10:45:41 ----D---- C:\Program Files\CursorXP
2011-04-16 18:33:07 ----SHD---- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-15 17:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras
2011-04-15 17:58:22 ----D---- C:\Program Files\Common Files\Skype
2011-04-15 17:58:20 ----RD---- C:\Program Files\Skype
2011-04-14 15:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-14 15:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-14 15:13:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-14 15:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-14 15:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-14 15:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-14 15:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-14 15:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-14 15:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-14 14:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-12 19:48:36 ----D---- C:\Program Files\Rockstar Games

======List of files/folders modified in the last 1 months======

2011-05-06 16:28:32 ----D---- C:\Program Files
2011-05-06 16:27:22 ----D---- C:\WINDOWS
2011-05-06 16:27:22 ----D---- C:\Documents and Settings\Simon\Application Data\BitTorrent
2011-05-06 16:26:20 ----D---- C:\WINDOWS\Temp
2011-05-06 16:26:16 ----HD---- C:\WINDOWS\inf
2011-05-06 16:26:15 ----D---- C:\WINDOWS\system32\CatRoot
2011-05-06 16:26:15 ----D---- C:\WINDOWS\system32
2011-05-06 16:25:41 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-06 16:24:04 ----D---- C:\WINDOWS\system32\drivers
2011-05-06 16:23:57 ----SHD---- C:\WINDOWS\Installer
2011-05-06 16:23:56 ----D---- C:\WINDOWS\WinSxS
2011-05-06 16:20:11 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-05-06 16:18:12 ----D---- C:\WINDOWS\Microsoft.NET
2011-05-06 16:17:26 ----RSD---- C:\WINDOWS\assembly
2011-05-06 16:16:33 ----D---- C:\Program Files\Microsoft Office
2011-05-06 16:16:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-05-06 16:15:43 ----RSD---- C:\WINDOWS\Fonts
2011-05-06 16:15:25 ----D---- C:\Program Files\MSBuild
2011-05-06 16:15:21 ----D---- C:\Program Files\Common Files
2011-05-06 16:14:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-05-06 16:12:01 ----D---- C:\Program Files\Common Files\System
2011-05-06 16:12:01 ----A---- C:\WINDOWS\win.ini
2011-05-05 18:26:42 ----D---- C:\Program Files\CustoPackTools
2011-05-05 18:18:52 ----SD---- C:\WINDOWS\Tasks
2011-05-05 18:17:13 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-05 18:17:13 ----A---- C:\WINDOWS\GKLauncherInfo.ini
2011-05-05 18:14:15 ----D---- C:\Program Files\Image-Line
2011-05-05 17:59:38 ----D---- C:\WINDOWS\Prefetch
2011-05-05 16:08:25 ----D---- C:\WINDOWS\system32\DirectX
2011-05-02 19:07:55 ----D---- C:\Documents and Settings\Simon\Application Data\Skype
2011-05-02 19:07:34 ----D---- C:\Documents and Settings\Simon\Application Data\skypePM
2011-05-01 11:28:34 ----D---- C:\Program Files\Google
2011-05-01 09:59:19 ----D---- C:\Program Files\BitTorrent
2011-04-29 20:41:04 ----D---- C:\Program Files\Mozilla Firefox
2011-04-28 16:33:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-04-27 15:07:25 ----D---- C:\WINDOWS\Debug
2011-04-23 18:28:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-21 16:13:50 ----SD---- C:\Documents and Settings\Simon\Application Data\Microsoft
2011-04-19 18:36:22 ----D---- C:\Program Files\NVIDIA Corporation
2011-04-18 15:50:44 ----D---- C:\Program Files\Fraps
2011-04-18 15:46:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-17 15:30:07 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2011-04-17 15:22:52 ----D---- C:\Program Files\FL Studio 9
2011-04-17 10:20:33 ----D---- C:\Documents and Settings\Simon\Application Data\TuneUp Software
2011-04-15 18:21:04 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2011-04-15 18:10:57 ----D---- C:\WINDOWS\Help
2011-04-15 18:02:06 ----HD---- C:\WINDOWS\msdownld.tmp
2011-04-15 17:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-04-15 17:55:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-04-15 14:32:42 ----D---- C:\divx
2011-04-14 15:46:13 ----D---- C:\Documents and Settings\Simon\Application Data\2K Sports
2011-04-14 15:16:00 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-14 15:13:54 ----D---- C:\Program Files\Internet Explorer
2011-04-14 15:13:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-07-06 72896]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-01 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-02-14 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-05-16 19968]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\WINDOWS\System32\drivers\sfsync03.sys [2005-12-06 35328]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-01 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-04-18 30680]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-04-18 25432]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-04-18 307288]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-04-18 49240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-07-06 79232]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-02-04 51072]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-04-18 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-04-18 102488]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-03-06 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-03-06 25888]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-12-31 25280]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-02-23 9888384]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-04-18 441176]
S2 ATE_PROCMON;ATE_PROCMON; C:\WINDOWS\system32\drivers\ATE_PROCMON.sys []
S3 ayknk60g;ayknk60g; C:\WINDOWS\system32\drivers\ayknk60g.sys []
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EagleNT;EagleNT; C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys []
S3 LLRING0;LLRING0; \??\C:\Program Files\ZhyperMU\zhypermu season 4 3d\MuGuard\llck1.sys []
S3 msgame;Sidewinder HID to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\msgame.sys [2001-08-17 35200]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2009-12-15 268912]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [2011-04-18 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
S2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2006-05-26 86016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-04-27 3506416]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Meny]

CK

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\rockstar games\gta san andreas\data\decision\craig\crack1.ped
c:\program files\steam\steamapps\common\mountblade warband\sounds\fire_small_crackle_slick_op.ogg
c:\program files\zhypermu\zhypermu season 4\data\effect\firecracker0001.ozj
c:\program files\zhypermu\zhypermu season 4\data\effect\firecracker0002.ozj
c:\program files\zhypermu\zhypermu season 4\data\effect\firecracker0003.ozj
c:\program files\zhypermu\zhypermu season 4\data\effect\firecracker0004.ozj
c:\program files\zhypermu\zhypermu season 4\data\effect\firecracker0005.ozj
c:\program files\zhypermu\zhypermu season 4\data\effect\firecracker0006.ozj
c:\program files\zhypermu\zhypermu season 4\data\effect\firecracker0007.ozj
c:\program files\zhypermu\zhypermu season 4\data\effect\goblincrack.ozj
c:\program files\zhypermu\zhypermu season 4\data\effect\knight_plancrack_a.bmd
c:\program files\zhypermu\zhypermu season 4\data\effect\knight_plancrack_b.bmd
c:\program files\zhypermu\zhypermu season 4\data\effect\knight_plancrack_grand.bmd
c:\program files\zhypermu\zhypermu season 4\data\effect\npcgagoil_crack01.bmd
c:\program files\zhypermu\zhypermu season 4\data\effect\npcgagoil_crack02.bmd
c:\program files\zhypermu\zhypermu season 4\data\effect\npcgagoil_crack03.bmd
c:\program files\zhypermu\zhypermu season 4\data\item\firecracker.ozj
c:\program files\zhypermu\zhypermu season 4\data\monster\goblincrack.ozj
c:\program files\zhypermu\zhypermu season 4\data\object40\han_mcrack.ozj
scanner sequence 3.IJ.11
----- EOF -----

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Meny]

ComboFix Log


ComboFix 11-05-06.03 - Simon 07.05.2011 9:56.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2301.1705 [GMT 2:00]
Running from: c:\documents and settings\Simon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Simon\WINDOWS
c:\windows\system32\VIRepair
c:\windows\system32\VIRepair\vi.sif
c:\windows\system32\win
c:\windows\system32\win\errorlog.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-06 14:28 . 2011-05-06 14:28 -------- d-----w- C:\rsit
2011-05-06 14:28 . 2011-05-06 14:28 -------- d-----w- c:\program files\trend micro
2011-05-06 14:24 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-06 14:24 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-06 14:24 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-06 14:24 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-06 14:24 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-06 14:24 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-06 14:24 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-06 14:24 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-06 14:23 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-06 14:22 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-06 14:22 . 2011-05-06 14:23 -------- d-----w- c:\program files\Avast
2011-05-06 14:22 . 2011-05-06 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-06 13:17 . 2011-05-06 13:17 77824 ------w- c:\windows\KMSEmulator.exe
2011-05-06 13:16 . 2011-05-07 07:38 311 ----a-w- c:\windows\AutoKMS.tmp
2011-05-05 16:21 . 2011-05-05 16:21 -------- d-----w- c:\documents and settings\Simon\Application Data\SystemRequirementsLab
2011-05-05 16:02 . 2011-05-05 16:15 -------- d-----w- c:\program files\ICQ6Toolbar
2011-05-05 16:02 . 2011-05-07 07:45 -------- d-----w- c:\documents and settings\Simon\Application Data\ICQ
2011-05-05 16:01 . 2011-05-05 16:02 -------- d-----w- c:\program files\ICQ7.5
2011-05-05 14:09 . 2011-05-05 14:30 -------- d-----w- c:\program files\The Godfather The Game
2011-04-24 16:42 . 2011-04-24 16:42 615936 ----a-w- c:\windows\AutoKMS.exe
2011-04-24 08:48 . 2011-04-24 08:48 -------- d-----w- C:\Themes
2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\SRS Labs
2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SRS Labs
2011-04-23 16:28 . 2009-12-15 12:41 268912 ----a-r- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2011-04-22 17:51 . 2011-04-22 17:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-04-22 17:51 . 2011-04-22 17:51 -------- d-----w- c:\program files\CursorFX
2011-04-21 17:52 . 2011-04-21 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2011-04-17 08:45 . 2011-04-17 08:45 -------- d-----w- c:\program files\CursorXP
2011-04-16 16:33 . 2011-04-16 16:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-15 15:58 . 2011-05-01 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-15 15:58 . 2011-04-15 15:58 -------- d-----w- c:\program files\Common Files\Skype
2011-04-15 15:58 . 2011-04-15 15:58 -------- d-----r- c:\program files\Skype
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-12 17:48 . 2011-04-12 17:48 -------- d-----w- c:\program files\Rockstar Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-12-30 06:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 06:27 . 2011-02-23 06:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 06:27 . 2011-02-23 06:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 06:27 . 2010-01-12 11:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:27 . 2010-01-12 11:03 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:27 . 2010-01-12 11:03 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:27 . 2010-01-12 11:03 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 06:27 . 2008-09-17 22:55 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 06:27 . 2008-09-17 22:55 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 06:27 . 2008-09-17 22:55 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:27 . 2008-09-17 22:55 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 06:27 . 2008-09-17 22:55 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-22 23:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-12-30 07:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-29 18:40 . 2011-04-02 16:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2008-04-14 . 36281995F3C0920257A44A79F9EE16F6 . 1027584 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 36281995F3C0920257A44A79F9EE16F6 . 1027584 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 36281995F3C0920257A44A79F9EE16F6 . 1027584 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[7] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 702BE30013B178035BF81F08A1BF5C46 . 224256 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"CursorFX"="c:\program files\CursorFX\CursorFX.exe" [2010-03-23 417280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"AutoKMS"="c:\windows\AutoKMS.exe" [2011-04-24 615936]
"avast"="c:\program files\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,6c,\
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ utocheck turegopt
.
[HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-01 16:17 15145352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\Updreg.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mountblade warband\\mb_warband.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.1.2010 19:31 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.5.2011 16:24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.5.2011 16:24 307288]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [4.2.2010 17:13 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.5.2011 16:24 19544]
S2 ATE_PROCMON;ATE_PROCMON; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.12.2009 11:00 135664]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.5.2011 18:02 247608]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.12.2009 11:00 135664]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 LLRING0;LLRING0;\??\c:\program files\ZhyperMU\zhypermu season 4 3d\MuGuard\llck1.sys --> c:\program files\ZhyperMU\zhypermu season 4 3d\MuGuard\llck1.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 09:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 09:00]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 09:00]
.
2011-05-07 c:\windows\Tasks\User_Feed_Synchronization-{B8CEFDA0-2825-49EF-A0D3-FC6730F4C183}.job
- c:\windows\system32\msfeedssync.exe [2009-12-30 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Simon\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: google.sk\www
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\t3mbl37d.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-B2C_AGENT - c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 10:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Gaz 24 Mod]
"Install Dir"="c:\\Program Files\\Need for Speed Most Wanted"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\cscui.dll
.
Completion time: 2011-05-07 10:14:19
ComboFix-quarantined-files.txt 2011-05-07 08:14
.
Pre-Run: 99 669 663 744 bytes free
Post-Run: 12 adresárov, 99 724 660 736 voľných bajtov
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=FQG1TD
.
- - End Of File - - 7387133EEBCCFF4B5DD719AC592928ED

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
  C:\WINDOWS\tasks\ParetoLogic Registration.job
  C:\WINDOWS\tasks\User_Feed_Synchronization-{B8CEFDA0-2825-49EF-A0D3-FC6730F4C183}.job
  C:\Documents and Settings\Simon\Desktop\P17535732.JPG-www.facebook.exe
  C:\WINDOWS\KMSEmulator.exe
  C:\WINDOWS\AutoKMS.ini
  C:\WINDOWS\AutoKMS.exe
  
  Folder::
  C:\Program Files\ICQ6Toolbar
  
  Driver::
  ICQ Service
  gupdate
  gupdatem
  
  Registry::
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Documents and Settings\Simon\Desktop\P17535732.JPG-www.facebook.exe"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  "DivXUpdate"=-
  "Adobe Reader Speed Launcher"=-
  "AutoKMS"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
  "UIHost"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  
  DDS::
  uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\t3mbl37d.default\
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Gaz 24 Mod]
  
  Restore::
  c:\windows\system32\wuauclt.exe
  c:\windows\explorer.exe
  c:\windows\regedit.exe
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Meny]

ComboFix 11-05-06.05 - Simon 07.05.2011 20:31:32.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2301.1684 [GMT 2:00]
Running from: c:\documents and settings\Simon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Simon\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Simon\Desktop\P17535732.JPG-www.facebook.exe"
"c:\windows\AutoKMS.exe"
"c:\windows\AutoKMS.ini"
"c:\windows\KMSEmulator.exe"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\ParetoLogic Registration.job"
"c:\windows\tasks\User_Feed_Synchronization-{B8CEFDA0-2825-49EF-A0D3-FC6730F4C183}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AutoKMS.exe
c:\windows\AutoKMS.ini
c:\windows\KMSEmulator.exe
c:\windows\system32\scrnrdr.exe
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\User_Feed_Synchronization-{B8CEFDA0-2825-49EF-A0D3-FC6730F4C183}.job
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\explorer.exe
.
Infected copy of c:\windows\regedit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\regedit.exe
.
c:\windows\system32\wuauclt.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 15:08 . 2011-05-07 15:28 2829 ----a-w- c:\windows\War3Unin.pif
2011-05-07 15:08 . 2011-05-07 15:28 139264 ----a-w- c:\windows\War3Unin.exe
2011-05-07 15:05 . 2011-05-07 15:31 -------- d-----w- c:\program files\Warcraft III
2011-05-07 11:49 . 2011-05-07 12:45 -------- d-----w- c:\program files\NHL 09 + Instalované Addony 2010-2011
2011-05-07 10:08 . 2011-05-07 10:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-06 14:28 . 2011-05-06 14:28 -------- d-----w- C:\rsit
2011-05-06 14:28 . 2011-05-06 14:28 -------- d-----w- c:\program files\trend micro
2011-05-06 14:24 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-06 14:24 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-06 14:24 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-06 14:24 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-06 14:24 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-06 14:24 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-06 14:24 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-06 14:24 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-06 14:23 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-06 14:22 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-06 14:22 . 2011-05-06 14:23 -------- d-----w- c:\program files\Avast
2011-05-06 14:22 . 2011-05-06 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-06 13:16 . 2011-05-07 16:07 623 ----a-w- c:\windows\AutoKMS.tmp
2011-05-05 16:21 . 2011-05-05 16:21 -------- d-----w- c:\documents and settings\Simon\Application Data\SystemRequirementsLab
2011-05-05 16:02 . 2011-05-07 18:22 -------- d-----w- c:\documents and settings\Simon\Application Data\ICQ
2011-05-05 16:01 . 2011-05-05 16:02 -------- d-----w- c:\program files\ICQ7.5
2011-05-05 14:09 . 2011-05-05 14:30 -------- d-----w- c:\program files\The Godfather The Game
2011-04-24 08:48 . 2011-04-24 08:48 -------- d-----w- C:\Themes
2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\SRS Labs
2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SRS Labs
2011-04-23 16:28 . 2009-12-15 12:41 268912 ----a-r- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2011-04-22 17:51 . 2011-04-22 17:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-04-22 17:51 . 2011-04-22 17:51 -------- d-----w- c:\program files\CursorFX
2011-04-21 17:52 . 2011-04-21 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2011-04-17 08:45 . 2011-04-17 08:45 -------- d-----w- c:\program files\CursorXP
2011-04-16 16:33 . 2011-04-16 16:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-15 15:58 . 2011-05-01 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-15 15:58 . 2011-04-15 15:58 -------- d-----w- c:\program files\Common Files\Skype
2011-04-15 15:58 . 2011-04-15 15:58 -------- d-----r- c:\program files\Skype
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-12 17:48 . 2011-04-12 17:48 -------- d-----w- c:\program files\Rockstar Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-12-30 06:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 06:27 . 2011-02-23 06:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 06:27 . 2011-02-23 06:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 06:27 . 2010-01-12 11:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:27 . 2010-01-12 11:03 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:27 . 2010-01-12 11:03 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:27 . 2010-01-12 11:03 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 06:27 . 2008-09-17 22:55 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 06:27 . 2008-09-17 22:55 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 06:27 . 2008-09-17 22:55 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:27 . 2008-09-17 22:55 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 06:27 . 2008-09-17 22:55 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-22 23:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-12-30 07:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-29 18:40 . 2011-04-02 16:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-05-07_08.08.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-07 15:08 . 2011-05-07 15:31 78511 c:\windows\War3Unin.dat
+ 2011-05-07 18:45 . 2011-05-07 18:45 16384 c:\windows\temp\Perflib_Perfdata_310.dat
+ 2006-02-28 12:00 . 2006-02-28 12:00 146432 c:\windows\regedit.exe
+ 2006-02-28 12:00 . 2006-02-28 12:00 1032192 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"CursorFX"="c:\program files\CursorFX\CursorFX.exe" [2010-03-23 417280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"avast"="c:\program files\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ utocheck turegopt
.
[HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\Updreg.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mountblade warband\\mb_warband.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.1.2010 19:31 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.5.2011 16:24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.5.2011 16:24 307288]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [4.2.2010 17:13 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.5.2011 16:24 19544]
S2 ATE_PROCMON;ATE_PROCMON; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 LLRING0;LLRING0;\??\c:\program files\ZhyperMU\zhypermu season 4 3d\MuGuard\llck1.sys --> c:\program files\ZhyperMU\zhypermu season 4 3d\MuGuard\llck1.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 09:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Simon\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: google.sk\www
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\t3mbl37d.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 20:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Gaz 24 Mod]
"Install Dir"="c:\\Program Files\\Need for Speed Most Wanted"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-07 20:51:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-07 18:51
ComboFix2.txt 2011-05-07 08:14
.
Pre-Run: 96 926 167 040 bytes free
Post-Run: 12 adresárov, 96 795 680 768 voľných bajtov
.
- - End Of File - - 6C83771F6827EBAD628CA5C11BABA0E9

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\windows\system32\wuauclt.exe
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Send File
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

Mate instalacni CD od windows

[Meny]

http://www.virustotal.com/file-scan/rep ... 1304841662

Inštalačné CD , myslím že ano, určite ho nájdem

[vyosek]

Zatim jej nehledejte

Jak se chova PC