VIRY.CZ

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5388

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

24.12.2010 15:57:42
mbam-log-2010-12-24 (15-57-29).txt

Typ kontroly: Rychlý test
Testované objekty: 144897
Uplynulý čas: 4 minut, 36 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Dark\nabídka start\Programy\po spuštění\quick office.lnk (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> No action taken.

Tak to doděláme

MBAM spustit znovu - dát Úplná kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované soubory:
c:\WINDOWS\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5388

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

24.12.2010 18:10:21
mbam-log-2010-12-24 (18-10-21).txt

Typ kontroly: Úplný test (C:\|D:\|F:\|G:\|)
Testované objekty: 256558
Uplynulý čas: 1 hodin, 37 minut, 32 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\old_windows\system32\689422ac474f4c98\689422ac474f4c98 (Rootkit.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dokumenty\daemon tools images\petrperak\ds2\asx-ds2_for_v2.2.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Dark\Plocha\Programy\t-cleaner.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

Script OTM dej log z C:\_OTM\MovedFiles\ + nový RSIT

Pls ještě dotaz co, že sem v tom druhým logu neměl tohle? c:\documents and settings\Dark\nabídka start\Programy\po spuštění\quick office.lnk (Trojan.Agent) Trojan je trojan a to byl důkladnější test

v OTMscriptu máš takže mažeme

OTM neodpovídá, naběhne začátek a pak se zasekne, zkusil sem ho nechat hodku a nic zmizeli mi i ikony a musel sem ručně restartovat compa

Restartuj do nouzového režimu s prací v síti.

Stáhni Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkus stáhnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusť a nechej ho pracovat. Sám se ukončí.

- Teď nesmíš restartovat počítač!

Spusť OTM

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 25.12.2010 at 16:11:02.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 25.12.2010 at 16:11:05.

Spustil jsi po Rkill taky OTM podle předchozího návodu?

spustil ale i přezto, že sem byl v nouzovým režimu tak stejnej problem jako předtím nechal sem to schválně bejt celou dobu co sem byl v práci a bez restartu to nešlo i když sem to neměl

Udělej mi nový RSIT ať znám současný stav

ComboFix 10-12-25.02 - Dark 26.12.2010 12:18:28.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1128 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dark\Plocha\Programy\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dark\Data aplikací\PriceGong
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Dark\Data aplikací\PriceGong\Data\z.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-26 do 2010-12-26 )))))))))))))))))))))))))))))))
.

2010-12-25 11:04 . 2010-12-25 11:05 -------- d-----w- c:\documents and settings\Dark\Data aplikací\Xfire
2010-12-25 11:04 . 2010-12-25 11:04 -------- d-s---w- c:\program files\Xfire
2010-12-25 08:40 . 2010-12-25 08:40 -------- d-----w- C:\_OTM
2010-12-24 19:59 . 2010-12-25 11:32 -------- d-----w- c:\documents and settings\Dark\Local Settings\Data aplikací\uTorrentBar
2010-12-24 19:59 . 2010-12-25 11:32 -------- d-----w- c:\documents and settings\Dark\Local Settings\Data aplikací\conduitEngine
2010-12-24 19:59 . 2010-12-24 19:59 -------- d-----w- c:\program files\ConduitEngine
2010-12-24 19:59 . 2010-12-24 19:59 -------- d-----w- c:\program files\uTorrentBar
2010-12-24 19:21 . 2010-12-25 11:30 -------- d-----w- c:\program files\LucasArts
2010-12-24 14:48 . 2010-12-24 14:48 -------- d-----w- c:\documents and settings\Dark\Data aplikací\Malwarebytes
2010-12-24 14:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-24 14:48 . 2010-12-24 14:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-24 14:48 . 2010-12-24 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-24 14:48 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-24 07:16 . 2010-12-24 07:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Xobni
2010-12-23 08:00 . 2010-12-23 08:00 -------- d-----w- c:\documents and settings\Administrator
2010-12-21 23:38 . 2010-12-21 23:38 -------- d-----w- c:\documents and settings\Dark\Local Settings\Data aplikací\FalloutNV
2010-12-15 23:26 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 23:26 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-12 09:09 . 2010-12-12 09:09 -------- d-----w- c:\program files\Common Files\Skype
2010-12-09 05:44 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-12-09 05:44 . 2010-12-09 05:44 -------- d-----w- c:\program files\LogMeIn Hamachi

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-14 21:25 . 2010-04-10 22:35 137960 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-14 21:24 . 2010-04-10 22:35 235248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-14 21:24 . 2009-08-15 08:03 235248 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-18 18:15 . 2009-07-14 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2007-10-29 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:02 . 2007-10-29 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-05 05:02 . 2007-10-29 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 04:59 . 2007-10-29 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-10-29 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-29 13:47 . 2010-04-10 22:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-29 13:47 . 2010-04-28 09:42 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-28 13:09 . 2007-10-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2007-10-29 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[7] 2007-10-29 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 14:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"VFPROguard"="c:\program files\Fighters\VIRUSfighter\VFPROTray.exe" [2010-03-11 684680]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-04-11 557056]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-11-13 320512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Dark\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Home.lnk - [N/A]
Quick Office.lnk - c:\windows\system32\portmap.exe [N/A]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-1-5 3469448]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2009-12-10 14:05 401728 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-14 09:46 2225208 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-02-24 12:53 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\HRY\\NeverwinterNights\\nwmain.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Team17\\Worms Armageddon\\bin\\Worms3D.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Atari\\Act of War - Direct Action\\ACTOFWAR.EXE"=
"c:\\Documents and Settings\\Dark\\Plocha\\Starcraft\\BROOD\\starcraft.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\Age3.exe"=
"c:\\Program Files\\Atari\\Act of War - Direct Action\\AOWEditor.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11.11.2009 13:16 141312]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [10.1.2010 21:55 120320]
R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30.6.2008 20:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30.6.2008 20:38 253952]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [14.7.2009 12:58 246520]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12.10.2009 17:33 46824]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [11.3.2010 12:15 10264]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [13.11.2009 11:53 16896]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [13.11.2009 11:53 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [13.11.2009 11:53 9856]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [11.4.2010 19:07 7936]
S3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 14:44 6640]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9.4.2010 13:41 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9.4.2010 13:41 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.7.2009 9:08 685816]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 18:39]

2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 18:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: Crawler Search - tbr:iemenu
IE: Download all by FlashGet3 - c:\documents and settings\Dark\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Dark\Data aplikací\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: kuaiche.com\software
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Dark\Data aplikací\Mozilla\Firefox\Profiles\60z39p8f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\progra~1\Crawler\firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-26 12:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-1060284298-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:19,8d,d0,a0,02,22,b4,e3,bf,1d,d4,2f,3d,d8,69,07,c3,44,4d,01,14,ae,27,
37,8b,11,12,6a,fb,65,f2,2d,d8,b3,3f,c1,fe,41,50,46,c1,2c,5d,b1,42,e3,32,2e,\
"??"=hex:02,d5,13,e7,ae,c2,c1,c0,bc,14,98,14,78,f8,e1,96

[HKEY_USERS\S-1-5-21-823518204-1060284298-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:21,63,81,57,4c,23,9b,d9,3d,b8,da,d0,e1,35,99,c5,dc,02,03,92,61,
69,8b,63,49,97,70,a9,ea,a6,a8,be,93,64,be,3c,08,f4,b5,4c,c9,c7,ef,ba,be,61,\
"rkeysecu"=hex:ca,07,d4,ce,f4,b7,7e,e6,a3,fe,e6,37,56,36,90,83

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-12-26 12:29:16
ComboFix-quarantined-files.txt 2010-12-26 11:28
ComboFix2.txt 2010-12-24 12:35

Před spuštěním: Volných bajtů: 73 157 312 512
Po spuštění: Volných bajtů: 73 228 034 048

- - End Of File - - 3BC833B8B7D9FBA4EA4B098FBD2DDE43

Logfile of random's system information tool 1.08 (written by random/random)
Run by Dark at 2010-12-26 12:33:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 70 GB (29%) free of 238 GB
Total RAM: 1535 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:33:06, on 26.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Xobni\XobniService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\tsnp2uvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Dark\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Dark.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2786678
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: harder-styles Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea2.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Dark\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: harder-styles Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea2.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: harder-styles Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea2.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VFPROguard] C:\Program Files\Fighters\VIRUSfighter\VFPROTray.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Home.lnk = ?
O4 - Startup: Quick Office.lnk = C:\WINDOWS\system32\portmap.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Dark\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Dark\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{0950F6DC-FD06-4634-BF31-996D0425E809}: NameServer = 85.13.80.80 85.13.80.90
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 11523 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Documents and Settings\Dark\Data aplikací\FlashGetBHO\FlashGetBHO3.dll [2009-12-22 157232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bab31fc4-cb97-46f4-9565-26d65225cc2c}]
harder-styles Toolbar - C:\Program Files\FearFM\tbFea2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]
{bab31fc4-cb97-46f4-9565-26d65225cc2c} - harder-styles Toolbar - C:\Program Files\FearFM\tbFea2.dll [2010-10-18 3908192]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2007-12-17 61440]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016]
"VFPROguard"=C:\Program Files\Fighters\VIRUSfighter\VFPROTray.exe [2010-03-11 684680]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2010-04-11 557056]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2008-08-21 188928]
"snp2uvc"=C:\WINDOWS\vsnp2uvc.exe [2008-08-01 675840]
"tsnp2uvc"=C:\WINDOWS\tsnp2uvc.exe [2009-11-13 320512]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2009-12-10 401728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-14 2225208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-02-24 111928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2
"PnkBstrA"=2

C:\Documents and Settings\Dark\Nabídka Start\Programy\Po spuštění
Home.lnk -
Quick Office.lnk - C:\WINDOWS\system32\portmap.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\HRY\NeverwinterNights\nwmain.exe"="C:\HRY\NeverwinterNights\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe"="C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Team17\Worms Armageddon\bin\Worms3D.exe"="C:\Program Files\Team17\Worms Armageddon\bin\Worms3D.exe:*:Enabled:Worms3D"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Atari\Act of War - Direct Action\ACTOFWAR.EXE"="C:\Program Files\Atari\Act of War - Direct Action\ACTOFWAR.EXE:*:Enabled:ACTOFWAR"
"C:\Documents and Settings\Dark\Plocha\Starcraft\BROOD\starcraft.exe"="C:\Documents and Settings\Dark\Plocha\Starcraft\BROOD\starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\Program Files\Microsoft Games\Age of Empires III\Age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\Age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Atari\Act of War - Direct Action\AOWEditor.exe"="C:\Program Files\Atari\Act of War - Direct Action\AOWEditor.exe:*:Enabled:AOWEditor"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-26 12:33:04 ----D---- C:\rsit
2010-12-26 12:29:17 ----A---- C:\ComboFix.txt
2010-12-26 01:33:06 ----ASH---- C:\hiberfil.sys
2010-12-25 12:04:54 ----D---- C:\Documents and Settings\Dark\Data aplikací\Xfire
2010-12-25 12:04:53 ----SD---- C:\Program Files\Xfire
2010-12-25 09:40:46 ----D---- C:\_OTM
2010-12-24 20:59:15 ----D---- C:\Program Files\ConduitEngine
2010-12-24 20:59:06 ----D---- C:\Program Files\uTorrentBar
2010-12-24 20:21:51 ----D---- C:\Program Files\LucasArts
2010-12-24 15:48:15 ----D---- C:\Documents and Settings\Dark\Data aplikací\Malwarebytes
2010-12-24 15:48:06 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-24 15:48:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-24 15:48:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-24 15:48:02 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-24 13:24:52 ----D---- C:\WINDOWS\temp
2010-12-24 13:15:15 ----A---- C:\WINDOWS\zip.exe
2010-12-24 13:15:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-24 13:15:15 ----A---- C:\WINDOWS\SWSC.exe
2010-12-24 13:15:15 ----A---- C:\WINDOWS\SWREG.exe
2010-12-24 13:15:15 ----A---- C:\WINDOWS\sed.exe
2010-12-24 13:15:15 ----A---- C:\WINDOWS\PEV.exe
2010-12-24 13:15:15 ----A---- C:\WINDOWS\MBR.exe
2010-12-24 13:15:15 ----A---- C:\WINDOWS\grep.exe
2010-12-23 10:56:35 ----A---- C:\SRStatus.txt
2010-12-23 10:15:15 ----A---- C:\Boot.bak
2010-12-23 10:15:10 ----RASHD---- C:\cmdcons
2010-12-23 10:11:34 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-23 09:59:55 ----SHD---- C:\WINDOWS\CSC
2010-12-23 08:59:45 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-16 03:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-16 03:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-16 03:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-16 03:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-16 03:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-16 03:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-16 03:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2416400$
2010-12-16 03:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-12 10:09:35 ----D---- C:\Program Files\Common Files\Skype
2010-12-09 06:44:51 ----AH---- C:\WINDOWS\system32\hamachi.sys
2010-12-09 06:44:40 ----D---- C:\Program Files\LogMeIn Hamachi

======List of files/folders modified in the last 1 months======

2010-12-26 12:33:06 ----D---- C:\Program Files\trend micro
2010-12-26 12:29:19 ----D---- C:\Qoobox
2010-12-26 12:29:18 ----D---- C:\WINDOWS\Prefetch
2010-12-26 12:25:41 ----D---- C:\WINDOWS
2010-12-26 12:25:40 ----A---- C:\WINDOWS\system.ini
2010-12-26 12:25:31 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-26 12:23:18 ----D---- C:\WINDOWS\system32\drivers
2010-12-26 12:23:18 ----D---- C:\WINDOWS\system32
2010-12-26 12:23:18 ----D---- C:\WINDOWS\AppPatch
2010-12-26 12:23:16 ----D---- C:\Program Files\Common Files
2010-12-26 12:15:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-26 12:14:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-26 02:40:17 ----D---- C:\Documents and Settings\Dark\Data aplikací\Skype
2010-12-26 01:37:18 ----D---- C:\Documents and Settings\Dark\Data aplikací\skypePM
2010-12-26 01:37:11 ----A---- C:\WINDOWS\lgfwup.ini
2010-12-26 01:37:08 ----D---- C:\Program Files\lg_fwupdate
2010-12-26 01:33:40 ----D---- C:\WINDOWS\system32\ias
2010-12-25 16:07:38 ----D---- C:\Documents and Settings\Dark\Data aplikací\ICQ
2010-12-25 12:32:40 ----D---- C:\Program Files\FearFM
2010-12-25 12:15:46 ----D---- C:\Documents and Settings\Dark\Data aplikací\uTorrent
2010-12-25 12:09:55 ----D---- C:\Program Files
2010-12-25 12:05:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-25 11:55:43 ----D---- C:\Petrperak
2010-12-25 09:45:52 ----D---- C:\Program Files\uTorrent
2010-12-24 19:55:31 ----D---- C:\WINDOWS\Config
2010-12-24 13:25:08 ----D---- C:\WINDOWS\system32\config
2010-12-24 13:25:00 ----D---- C:\WINDOWS\ERDNT
2010-12-23 10:27:52 ----SD---- C:\WINDOWS\Tasks
2010-12-23 10:18:53 ----D---- C:\Program Files\DivX
2010-12-23 10:15:15 ----RASH---- C:\boot.ini
2010-12-23 10:07:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-12-23 09:15:57 ----SHD---- C:\WINDOWS\Installer
2010-12-23 09:14:23 ----D---- C:\Program Files\Fighters
2010-12-23 09:14:23 ----D---- C:\Config.Msi
2010-12-23 09:00:11 ----D---- C:\Documents and Settings
2010-12-23 02:23:38 ----D---- C:\Documents and Settings\Dark\Data aplikací\vlc
2010-12-22 00:35:38 ----D---- C:\WINDOWS\WinSxS
2010-12-22 00:20:21 ----D---- C:\WINDOWS\system32\DirectX
2010-12-22 00:20:19 ----HD---- C:\WINDOWS\inf
2010-12-22 00:19:26 ----RSD---- C:\WINDOWS\assembly
2010-12-21 23:59:21 ----D---- C:\Program Files\Bethesda Softworks
2010-12-19 00:49:48 ----D---- C:\Program Files\Opera
2010-12-16 22:53:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-12-16 22:52:18 ----D---- C:\Program Files\Google
2010-12-16 03:14:03 ----A---- C:\WINDOWS\imsins.BAK
2010-12-16 03:14:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-16 03:13:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-16 03:00:43 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-16 03:00:35 ----D---- C:\Program Files\Outlook Express
2010-12-14 22:24:29 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-12-12 10:09:35 ----RD---- C:\Program Files\Skype
2010-12-12 10:09:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-12-11 05:13:17 ----D---- C:\Program Files\Mozilla Firefox
2010-12-03 17:06:27 ----D---- C:\Filmy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-03-24 114048]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SSHDRV65;SSHDRV65; \??\C:\WINDOWS\system32\drivers\SSHDRV65.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-10 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-09-29 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 catchme;catchme; \??\C:\DOCUME~1\Dark\LOCALS~1\Temp\catchme.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 AVFSFilter;AVFSFilter; C:\WINDOWS\system32\DRIVERS\avfsfilter.sys [2010-03-11 10264]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
S3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 INIDVD;Initio USB DVD Filter Driver; C:\WINDOWS\system32\DRIVERS\inidvd.sys [2007-11-07 7936]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MouseCap;MouseCapture Driver; C:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 6640]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\mtk.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-06-03 3482112]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-10 685816]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FAH-01;Folding Service #01; C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 FAH-02;Folding Service #02; C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-10-29 75064]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-11 570880]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 XobniService;XobniService; C:\Program Files\Xobni\XobniService.exe [2009-10-12 46824]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

ve složce C:\Documents and Settings\Dark\Nabídka Start\Programy\Po spuštění
najdi a smaž zástupce Home + Quick Office

Otevři Poznámkový blok
(Start -> Spustit... -> napiš notepad -> OK)
Zkopíruj a vlož zelený text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=-
"ISUSScheduler"=-
"VFPROguard"=-
"LGODDFU"=-
"DivXUpdate"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\http://software.kuaiche.com/]

Soubor ulož jako oprava.reg
Při ukládání dej uložit jako typ Všechny soubory (nastavení je uvedeno na obrázku níže)

Zavři notepad a spusť dvojklikem oprava.reg
Dotaz na změnu registru potvrdit
Okno jen problikne a opraví registry - soubor můžeš smazat

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Jsi bez základního zabezpeční PC
Nainstaluj Avast5 - free antivirus http://www.avast.com/cs-cz/free-antivirus-download

Nakonec mi dej současný RSIT log

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština