Pomalý net

[Titon]

Ahoj, mám poslední dobou problémy s internetem. A také jsem poslední dobou dost stahoval ,takže si myslím ,že v tom mám vira.

log z RSIT:


Logfile of random's system information tool 1.08 (written by random/random)
Run by Lynx at 2010-07-11 14:42:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 122 GB (40%) free of 305 GB
Total RAM: 3071 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:42:42, on 11.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\Lynx\Plocha\RSIT.exe
C:\Program Files\trend micro\Lynx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3175154187
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9971 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-23 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-23 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-08 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-23 278192]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-09 18063872]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-18 98304]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-03-24 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2010-01-31 2356088]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-20 39408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Lotus Organizer EasyClip.lnk - C:\lotus\organize\easyclip6.exe

C:\Documents and Settings\Lynx\Nabídka Start\Programy\Po spuštění
CurseClientStartup.ccip
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Documents and Settings\Lynx\Plocha\offlineserver-v0.31\server.exe"="C:\Documents and Settings\Lynx\Plocha\offlineserver-v0.31\server.exe:*:Enabled:server"
"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction"
"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe"="C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction Update"
"C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\Prince of Persia.exe"="C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\Prince of Persia.exe:*:Enabled:Prince of Persia Zapomenuté písky"
"C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\GameSettings.exe"="C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\GameSettings.exe:*:Enabled:Prince of Persia Zapomenuté písky Settings"
"C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\gu.exe"="C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\gu.exe:*:Enabled:Prince of Persia Zapomenuté písky Update"
"C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Prince of Persia Zapomenuté písky\UPlayBrowser.exe:*:Enabled:Prince of Persia Zapomenuté písky UPlay"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Documents and Settings\Lynx\Local Settings\Apps\2.0\MPNEAC71.OP5\R5RRMZ7X.HG4\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe"="C:\Documents and Settings\Lynx\Local Settings\Apps\2.0\MPNEAC71.OP5\R5RRMZ7X.HG4\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe:*:Enabled:Curse Client 4.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-11 14:42:27 ----D---- C:\rsit
2010-07-11 14:42:27 ----D---- C:\Program Files\trend micro
2010-07-03 18:59:00 ----D---- C:\Program Files\NVIDIA Corporation
2010-06-30 19:34:02 ----D---- C:\Program Files\Common Files\Sony Shared
2010-06-30 19:33:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Corporation
2010-06-30 17:12:17 ----D---- C:\Program Files\Sony
2010-06-30 17:11:31 ----D---- C:\Program Files\Apple Software Update
2010-06-30 17:11:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-06-30 17:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-06-30 17:09:16 ----D---- C:\Documents and Settings\Lynx\Data aplikací\Sony
2010-06-24 13:58:34 ----A---- C:\WINDOWS\treeskp.sys
2010-06-24 13:58:31 ----D---- C:\Program Files\vghd
2010-06-24 13:58:30 ----D---- C:\Documents and Settings\Lynx\Data aplikací\vghd
2010-06-20 16:50:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-06-20 13:35:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2010-06-20 13:35:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-06-20 13:35:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-06-14 16:12:31 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-06-14 16:12:31 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-06-14 16:12:30 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-06-14 16:12:30 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-06-14 15:58:55 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-06-12 10:42:05 ----D---- C:\Program Files\Psygnosis
2010-06-12 10:36:13 ----D---- C:\Program Files\directx

======List of files/folders modified in the last 1 months======

2010-07-11 14:42:34 ----D---- C:\WINDOWS\Prefetch
2010-07-11 14:42:27 ----D---- C:\Program Files
2010-07-11 14:32:09 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-11 14:21:39 ----D---- C:\WINDOWS\Temp
2010-07-11 00:36:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-10 02:23:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-09 20:06:02 ----D---- C:\Program Files\Mozilla Firefox
2010-07-06 23:35:37 ----D---- C:\Program Files\Wotlk
2010-07-06 22:44:53 ----D---- C:\Documents and Settings\Lynx\Data aplikací\ICQ
2010-07-06 20:18:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2010-07-06 12:19:23 ----D---- C:\WINDOWS
2010-07-05 13:52:07 ----D---- C:\WINDOWS\Minidump
2010-07-05 13:52:07 ----D---- C:\WINDOWS\Debug
2010-07-03 23:03:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-03 18:59:48 ----HD---- C:\WINDOWS\inf
2010-07-03 18:59:31 ----RSD---- C:\WINDOWS\assembly
2010-07-03 18:59:07 ----D---- C:\WINDOWS\system32\DirectX
2010-07-03 18:59:06 ----SHD---- C:\WINDOWS\Installer
2010-07-03 18:57:56 ----D---- C:\WINDOWS\system32
2010-07-03 18:57:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-03 18:56:55 ----D---- C:\WINDOWS\WinSxS
2010-07-03 18:56:48 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-03 18:49:11 ----D---- C:\Program Files\Activision
2010-06-30 19:34:02 ----D---- C:\Program Files\Common Files
2010-06-30 17:11:48 ----D---- C:\Program Files\QuickTime
2010-06-30 17:11:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-06-30 17:10:44 ----D---- C:\WINDOWS\system32\mui
2010-06-30 17:10:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-26 18:56:51 ----D---- C:\Program Files\Warcraft III
2010-06-26 17:31:15 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-26 17:31:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-06-24 22:12:53 ----D---- C:\Program Files\ICQ6.5
2010-06-24 07:31:27 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 23:45:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-20 17:18:41 ----D---- C:\WINDOWS\system32\drivers
2010-06-20 17:18:41 ----D---- C:\Program Files\Norton Security Scan
2010-06-20 17:18:39 ----SD---- C:\WINDOWS\Tasks
2010-06-20 13:43:28 ----D---- C:\WINDOWS\system32\Macromed
2010-06-20 13:34:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-06-20 13:34:10 ----D---- C:\Program Files\Google
2010-06-20 13:33:58 ----D---- C:\WINDOWS\system32\Adobe
2010-06-14 16:06:32 ----D---- C:\Program Files\Ubisoft
2010-06-14 15:58:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-06-13 18:28:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2006-08-11 59776]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-14 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-08-14 4485632]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-08-19 100368]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2006-06-06 11136]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2006-06-06 46208]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2006-06-06 21632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2006-06-06 6400]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-08-14 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-08 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-31 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-11 219128]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-29 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-20 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[riffman]

zdravim

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[Titon]

ComboFix 10-07-10.02 - Lynx 11.07.2010 15:09:49.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2542 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lynx\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100711-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Install.exe

----- BITS: Možné infikované stránky -----

hxxp://cagcdn.sonycreativesoftware.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-11 do 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 12:42 . 2010-07-11 12:42 -------- d-----w- C:\rsit
2010-07-11 12:42 . 2010-07-11 12:42 -------- d-----w- c:\program files\trend micro
2010-07-03 16:59 . 2010-07-03 16:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-30 17:34 . 2010-06-30 17:34 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-06-30 15:12 . 2010-06-30 17:33 -------- d-----w- c:\program files\Sony
2010-06-30 15:11 . 2010-06-30 15:11 -------- d-----w- c:\program files\Apple Software Update
2010-06-24 11:58 . 2010-06-24 12:02 3 ----a-w- c:\windows\treeskp.sys
2010-06-24 11:58 . 2010-06-24 12:02 3 ----a-w- c:\windows\sbacknt.bin
2010-06-24 11:58 . 2010-06-25 05:20 -------- d-----w- c:\program files\vghd
2010-06-24 11:58 . 2010-06-24 11:58 152904 ----a-w- c:\windows\system32\vghd.scr
2010-06-20 14:50 . 2010-06-20 15:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-14 14:12 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-06-14 14:12 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-06-14 14:12 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-06-14 14:12 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-06-14 13:58 . 2010-07-03 19:56 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-12 08:42 . 2010-06-12 08:42 -------- d-----w- c:\program files\Psygnosis
2010-06-12 08:36 . 2010-06-12 08:36 -------- d-----w- c:\program files\directx
2010-06-12 08:31 . 2010-06-12 08:31 -------- d-----w- c:\documents and settings\Lynx\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 12:32 . 2009-02-06 09:51 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 12:23 . 2009-02-06 09:52 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-06 21:35 . 2009-02-05 11:46 -------- d-----w- c:\program files\Wotlk
2010-07-03 16:57 . 2009-11-14 19:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-03 16:56 . 2009-01-15 12:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 16:49 . 2009-02-06 10:01 -------- d-----w- c:\program files\Activision
2010-06-30 15:11 . 2009-02-04 14:43 -------- d-----w- c:\program files\QuickTime
2010-06-26 16:56 . 2009-02-05 11:44 -------- d-----w- c:\program files\Warcraft III
2010-06-26 15:31 . 2009-02-07 14:01 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-24 20:12 . 2009-02-07 14:00 -------- d-----w- c:\program files\ICQ6.5
2010-06-23 21:45 . 2009-01-15 12:23 82734 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 21:45 . 2009-01-15 12:23 437940 ----a-w- c:\windows\system32\perfh005.dat
2010-06-20 15:18 . 2009-02-25 06:23 -------- d-----w- c:\program files\Norton Security Scan
2010-06-20 11:34 . 2009-02-24 14:11 -------- d-----w- c:\program files\Google
2010-06-14 14:06 . 2009-09-01 09:23 -------- d-----w- c:\program files\Ubisoft
2010-06-14 13:58 . 2009-06-16 20:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-26 17:17 . 2010-05-21 20:43 -------- d-----w- c:\program files\VideoLAN
2010-05-08 08:14 . 2010-05-08 08:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 17:18 . 2009-01-15 12:22 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2009-01-15 12:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2009-01-15 12:22 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2009-01-15 12:22 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2009-01-15 12:22 285696 ----a-w- c:\windows\system32\atmfd.dll
.

------- Sigcheck -------

[7] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 12:00 . AA056BA75BB5F4BBE4949B8A05190EF8 . 4224 . . [------] . . c:\windows\system32\drivers\beep.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-01-31 2356088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-18 98304]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lynx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-7-5 0]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Lynx\\Plocha\\offlineserver-v0.31\\server.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\gu.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.2.2009 16:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.2.2009 16:44 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.2.2009 16:01 246520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.2.2010 21:21 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.9.2009 13:49 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.9.2009 13:49 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2009 22:55 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 19:21]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 19:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\2ijkhx1c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1755576&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1755576&SearchSource=2&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 15:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ACBBB18]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> 0x8acbbb18
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf720ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf721ba21
SendHandler -> NDIS.sys @ 0xf71f987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-07-11 15:16:38
ComboFix-quarantined-files.txt 2010-07-11 13:16

Před spuštěním: Volných bajtů: 128 175 386 624
Po spuštění: Volných bajtů: 128 386 928 640

- - End Of File - - 4B0E8A71F9DB97E0FB59AFF087F6A5EC

[riffman]

stahnete TDSSKiller , rozbalte do slozky C:\WINDOWS\system32\drivers a spustte


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

zobrazi se nasledujici okno:



probehne sken, na jehoz konci se v pripade infekce zobrazi nasledujici okno:



Pokud uvidite na poslednim radku hlasku "Close all programs and choose Y to restart or N to continue", zmacknete klavesu Y a vas stroj bude restartovan

po restartu znovu aplikujte Combofix a vlozte sem log po aplikaci

[Titon]

tohle mi vyhodil Combo Fix:

ComboFix 10-07-10.02 - Lynx 11.07.2010 16:38:00.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2542 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lynx\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100711-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-11 do 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 14:16 . 2010-06-30 15:25 1013584 ----a-w- c:\windows\system32\drivers\TDSSKiller.exe
2010-07-11 12:42 . 2010-07-11 12:42 -------- d-----w- C:\rsit
2010-07-11 12:42 . 2010-07-11 12:42 -------- d-----w- c:\program files\trend micro
2010-07-03 16:59 . 2010-07-03 16:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-30 17:34 . 2010-06-30 17:34 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-06-30 15:12 . 2010-06-30 17:33 -------- d-----w- c:\program files\Sony
2010-06-30 15:11 . 2010-06-30 15:11 -------- d-----w- c:\program files\Apple Software Update
2010-06-24 11:58 . 2010-06-24 12:02 3 ----a-w- c:\windows\treeskp.sys
2010-06-24 11:58 . 2010-06-24 12:02 3 ----a-w- c:\windows\sbacknt.bin
2010-06-24 11:58 . 2010-06-25 05:20 -------- d-----w- c:\program files\vghd
2010-06-24 11:58 . 2010-06-24 11:58 152904 ----a-w- c:\windows\system32\vghd.scr
2010-06-20 14:50 . 2010-06-20 15:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-14 14:12 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-06-14 14:12 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-06-14 14:12 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-06-14 14:12 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-06-14 13:58 . 2010-07-03 19:56 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-12 08:42 . 2010-06-12 08:42 -------- d-----w- c:\program files\Psygnosis
2010-06-12 08:36 . 2010-06-12 08:36 -------- d-----w- c:\program files\directx
2010-06-12 08:31 . 2010-06-12 08:31 -------- d-----w- c:\documents and settings\Lynx\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 12:32 . 2009-02-06 09:51 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 12:23 . 2009-02-06 09:52 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-06 21:35 . 2009-02-05 11:46 -------- d-----w- c:\program files\Wotlk
2010-07-03 16:57 . 2009-11-14 19:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-03 16:56 . 2009-01-15 12:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 16:49 . 2009-02-06 10:01 -------- d-----w- c:\program files\Activision
2010-06-30 15:11 . 2009-02-04 14:43 -------- d-----w- c:\program files\QuickTime
2010-06-26 16:56 . 2009-02-05 11:44 -------- d-----w- c:\program files\Warcraft III
2010-06-26 15:31 . 2009-02-07 14:01 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-24 20:12 . 2009-02-07 14:00 -------- d-----w- c:\program files\ICQ6.5
2010-06-23 21:45 . 2009-01-15 12:23 82734 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 21:45 . 2009-01-15 12:23 437940 ----a-w- c:\windows\system32\perfh005.dat
2010-06-20 15:18 . 2009-02-25 06:23 -------- d-----w- c:\program files\Norton Security Scan
2010-06-20 11:34 . 2009-02-24 14:11 -------- d-----w- c:\program files\Google
2010-06-14 14:06 . 2009-09-01 09:23 -------- d-----w- c:\program files\Ubisoft
2010-06-14 13:58 . 2009-06-16 20:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-26 17:17 . 2010-05-21 20:43 -------- d-----w- c:\program files\VideoLAN
2010-05-17 14:15 . 2010-07-11 14:16 2258 ----a-w- c:\windows\system32\drivers\eula.txt
2010-05-08 08:14 . 2010-05-08 08:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 17:18 . 2009-01-15 12:22 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2009-01-15 12:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2009-01-15 12:22 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2009-01-15 12:22 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2009-01-15 12:22 285696 ----a-w- c:\windows\system32\atmfd.dll
.

------- Sigcheck -------

[7] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 12:00 . AA056BA75BB5F4BBE4949B8A05190EF8 . 4224 . . [------] . . c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-07-11_13.15.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-11 14:37 . 2010-07-11 14:37 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2010-07-11 14:36 . 2010-07-11 14:36 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-01-31 2356088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-18 98304]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lynx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-7-5 0]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Lynx\\Plocha\\offlineserver-v0.31\\server.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\gu.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.2.2009 16:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.2.2009 16:44 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.2.2009 16:01 246520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.2.2010 21:21 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.9.2009 13:49 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.9.2009 13:49 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2009 22:55 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 19:21]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 19:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\2ijkhx1c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1755576&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1755576&SearchSource=2&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 16:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ACBCAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> 0x8acbcac8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf720ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf721ba21
SendHandler -> NDIS.sys @ 0xf71f987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-07-11 16:44:01
ComboFix-quarantined-files.txt 2010-07-11 14:43
ComboFix2.txt 2010-07-11 13:16

Před spuštěním: Volných bajtů: 128 381 362 176
Po spuštění: Volných bajtů: 128 377 438 208

- - End Of File - - DD5FC9C4F80318B94FA059CEA785DAFF

[riffman]

to je sice hezky, ale bordel je tam dal

c:\windows\system32\drivers\beep.sys otestujte na VIRUSTOTALu

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet, najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor, ignorujte pripadne hlasky, ze soubor byl jiz testovan a provedte sken znova; dejte skenerum nejakych deset minut; vysledek sem vlozte at uz zkopirovanim textu, nebo pripadne vlozenim odkazu po ukonceni skenu)

[Titon]

http://www.virustotal.com/cs/analisis/0 ... 1278860787

[riffman]

http://www.esagelab.com/files/bootkit_remover.rar

stahnout, rozbalit na plochu, spustit

po spusteni klik pravym mysidlem do okna, zvolit moznost Vybrat vse, CTRL+C a sem do odpovedi CTRL+V (tim mi sem plesknete log)

[Titon]

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: ee7fe9f24bc949ea3a78cf7064fbe50b

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...

[riffman]

Start/Spustit a do chlivku zkopirujte nasledujici text:

Kód: Vybrat vše

"C:\Documents and Settings\Lynx\Plocha\remover.exe" fix \\.\PhysicalDrive0

potvrdit, restart a novy sken jako v predchozim pripade bootkit removerem

[Titon]

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Press any key to quit...

[riffman]

fajn, poprosim o aktualni log z Combofixu

[Titon]

ComboFix 10-07-10.02 - Lynx 11.07.2010 19:32:16.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2542 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lynx\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100711-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-11 do 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 14:16 . 2010-06-30 15:25 1013584 ----a-w- c:\windows\system32\drivers\TDSSKiller.exe
2010-07-11 12:42 . 2010-07-11 12:42 -------- d-----w- C:\rsit
2010-07-11 12:42 . 2010-07-11 12:42 -------- d-----w- c:\program files\trend micro
2010-07-03 16:59 . 2010-07-03 16:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-30 17:34 . 2010-06-30 17:34 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-06-30 15:12 . 2010-06-30 17:33 -------- d-----w- c:\program files\Sony
2010-06-30 15:11 . 2010-06-30 15:11 -------- d-----w- c:\program files\Apple Software Update
2010-06-24 11:58 . 2010-06-24 12:02 3 ----a-w- c:\windows\treeskp.sys
2010-06-24 11:58 . 2010-06-24 12:02 3 ----a-w- c:\windows\sbacknt.bin
2010-06-24 11:58 . 2010-06-25 05:20 -------- d-----w- c:\program files\vghd
2010-06-24 11:58 . 2010-06-24 11:58 152904 ----a-w- c:\windows\system32\vghd.scr
2010-06-20 14:50 . 2010-06-20 15:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-14 14:12 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-06-14 14:12 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-06-14 14:12 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-06-14 14:12 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-06-14 13:58 . 2010-07-03 19:56 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-12 08:42 . 2010-06-12 08:42 -------- d-----w- c:\program files\Psygnosis
2010-06-12 08:36 . 2010-06-12 08:36 -------- d-----w- c:\program files\directx
2010-06-12 08:31 . 2010-06-12 08:31 -------- d-----w- c:\documents and settings\Lynx\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 12:32 . 2009-02-06 09:51 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 12:23 . 2009-02-06 09:52 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-06 21:35 . 2009-02-05 11:46 -------- d-----w- c:\program files\Wotlk
2010-07-03 16:57 . 2009-11-14 19:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-03 16:56 . 2009-01-15 12:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 16:49 . 2009-02-06 10:01 -------- d-----w- c:\program files\Activision
2010-06-30 15:11 . 2009-02-04 14:43 -------- d-----w- c:\program files\QuickTime
2010-06-26 16:56 . 2009-02-05 11:44 -------- d-----w- c:\program files\Warcraft III
2010-06-26 15:31 . 2009-02-07 14:01 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-24 20:12 . 2009-02-07 14:00 -------- d-----w- c:\program files\ICQ6.5
2010-06-23 21:45 . 2009-01-15 12:23 82734 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 21:45 . 2009-01-15 12:23 437940 ----a-w- c:\windows\system32\perfh005.dat
2010-06-20 15:18 . 2009-02-25 06:23 -------- d-----w- c:\program files\Norton Security Scan
2010-06-20 11:34 . 2009-02-24 14:11 -------- d-----w- c:\program files\Google
2010-06-14 14:06 . 2009-09-01 09:23 -------- d-----w- c:\program files\Ubisoft
2010-06-14 13:58 . 2009-06-16 20:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-26 17:17 . 2010-05-21 20:43 -------- d-----w- c:\program files\VideoLAN
2010-05-17 14:15 . 2010-07-11 14:16 2258 ----a-w- c:\windows\system32\drivers\eula.txt
2010-05-08 08:14 . 2010-05-08 08:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-04 17:18 . 2009-01-15 12:22 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2009-01-15 12:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2009-01-15 12:22 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2009-01-15 12:22 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2009-01-15 12:22 285696 ----a-w- c:\windows\system32\atmfd.dll
.

------- Sigcheck -------

[7] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 12:00 . AA056BA75BB5F4BBE4949B8A05190EF8 . 4224 . . [------] . . c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-07-11_13.15.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-11 17:31 . 2010-07-11 17:31 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat
+ 2010-07-11 17:12 . 2010-07-11 17:12 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-01-31 2356088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-18 98304]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lynx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-7-5 0]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Lynx\\Plocha\\offlineserver-v0.31\\server.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\gu.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.2.2009 16:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.2.2009 16:44 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.2.2009 16:01 246520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.2.2010 21:21 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.9.2009 13:49 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.9.2009 13:49 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2009 22:55 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 19:21]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 19:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\2ijkhx1c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1755576&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1755576&SearchSource=2&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 19:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ACB9BB8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> 0x8acb9bb8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf71fcbb0
PacketIndicateHandler -> NDIS.sys @ 0xf7209a21
SendHandler -> NDIS.sys @ 0xf71e787b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-07-11 19:38:24
ComboFix-quarantined-files.txt 2010-07-11 17:38
ComboFix2.txt 2010-07-11 14:44
ComboFix3.txt 2010-07-11 13:16

Před spuštěním: Volných bajtů: 128 322 105 344
Po spuštění: Volných bajtů: 128 341 811 200

- - End Of File - - CC613D764BFF473CBD8FD4C2F7F12886

[riffman]

mate instalacni CD Windows?

[Titon]

to boužel nemám ...