VIRY.CZ

Logfile of random's system information tool 1.06 (written by random/random)
Run by AMD at 2010-11-17 14:06:42
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 26 GB (32%) free of 80 GB
Total RAM: 511 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07, on 17. 11. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\lsass.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\DOCUME~1\AMD\LOCALS~1\Temp\vv2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AMD\Plocha\programy\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\AMD.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag0.dll
R3 - URLSearchHook: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMov0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag0.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMov0.dll
O2 - BHO: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag0.dll
O3 - Toolbar: Movier-media Toolbar - {ce10bf86-da68-441e-91fa-38336363e3cd} - C:\Program Files\Movier-media\tbMov0.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\AMD\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\AMD\LOCALS~1\Temp\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať pomocou FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Prevziať video pomocou FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Prevziať vybrané pomocou FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Prevziať všetko pomocou FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D54FEE0-CE46-11D4-8288-0050BA6A5ABF} (WebPie2 Class) - file://C:\Program Files\NewSoft\Presto! Mr.Photo 3\CardExpr\iepiev20.cab
O16 - DPF: {8B0C8CF4-17F3-42D5-8D62-95F2E8339C26} (ftc_dm1 Control) - http://symantec.softmall.com.tw/ftcdm/ftcdm.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C14DDFA-0C1A-49B7-B680-3FF8FC9E8231}: NameServer = 10.1.1.2,192.168.202.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C14DDFA-0C1A-49B7-B680-3FF8FC9E8231}: NameServer = 10.1.1.2,192.168.202.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C14DDFA-0C1A-49B7-B680-3FF8FC9E8231}: NameServer = 10.1.1.2,192.168.202.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{3C14DDFA-0C1A-49B7-B680-3FF8FC9E8231}: NameServer = 10.1.1.2,192.168.202.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: bersk.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate1ca2e612c1446a) (gupdate1ca2e612c1446a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Zwunzi Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Zwunzi\zwunzi145.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/AMD/LOCALS~1/Temp/msohtml1/17/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/AMD/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Component 2: (no name) - http://www.nss.sk/tapety/tapeta_nss_200 ... 00_sm1.jpg

--
End of file - 12779 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-362288127-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-362288127-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-06-14 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
PageRage Toolbar - C:\Program Files\PageRage\tbPag0.dll [2010-09-26 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-01-08 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
Movier-media Toolbar - C:\Program Files\Movier-media\tbMov0.dll [2010-09-26 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
Shareware.Pro-EN Toolbar - C:\Program Files\Peer2Peer-EN\tbPee1.dll [2010-09-26 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
{da21bd13-ca22-42e3-a071-98f08f1ca1e7} - Shareware.Pro-EN Toolbar - C:\Program Files\Peer2Peer-EN\tbPee1.dll [2010-09-26 2735200]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{9565115d-c7d6-46d3-bd63-b67b481a4368} - PageRage Toolbar - C:\Program Files\PageRage\tbPag0.dll [2010-09-26 2735200]
{ce10bf86-da68-441e-91fa-38336363e3cd} - Movier-media Toolbar - C:\Program Files\Movier-media\tbMov0.dll [2010-09-26 2735200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-10-12 949376]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-14 202256]
"NortonOnlineBackupReminder"=C:\Program Files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [2009-11-03 3272552]
"Windows Firewall"=C:\DOCUME~1\AMD\LOCALS~1\Temp\lsass.exe [2010-11-13 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Windows Firewall"=C:\DOCUME~1\AMD\LOCALS~1\Temp\lsass.exe [2010-11-13 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="bersk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-06-07 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\Documents and Settings\AMD\Plocha\Battlefield 2\BF2.exe"="C:\Documents and Settings\AMD\Plocha\Battlefield 2\BF2.exe:*:Disabled:BF2"
"C:\Documents and Settings\AMD\Plocha\Battlefield 2\Bf2_w32ded.exe"="C:\Documents and Settings\AMD\Plocha\Battlefield 2\Bf2_w32ded.exe:*:Disabled:Bf2_w32ded"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Disabled:Free Download Manager"
"E:\Counter Strike 1,6\hl.exe"="E:\Counter Strike 1,6\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\cs\hl.exe"="C:\Program Files\cs\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\ICQ619_56_29\ICQ.exe"="C:\Program Files\ICQ619_56_29\ICQ.exe:*:Disabled:ICQ Library"
"C:\Program Files\ICQ615_08_18\ICQ.exe"="C:\Program Files\ICQ615_08_18\ICQ.exe:*:Disabled:ICQ Library"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Graffiti Studio 2.0\Graffiti Studio.exe"="C:\Program Files\Graffiti Studio 2.0\Graffiti Studio.exe:*:Disabled:Macromedia Projector"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Disabled:PnkBstrB"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\Program Files\IpSharkk\IpSharkk.exe"="C:\Program Files\IpSharkk\IpSharkk.exe:*:Enabled:IpSharkk"
"C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe"="C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:*:Disabled:JustVoip"
"C:\Program Files\Counter-Strike\hl.exe"="C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Counter-Strike\hltv.exe"="C:\Program Files\Counter-Strike\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Counter-Strike\cstrike.exe"="C:\Program Files\Counter-Strike\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\cstrike\hltv.exe"="C:\Program Files\Valve\cstrike\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Counter-Strike 1.6\hltv.exe"="C:\Program Files\Counter-Strike 1.6\hltv.exe:*:Disabled:HLTV Launcher"
"C:\Program Files\Steam\asd\Steam.exe"="C:\Program Files\Steam\asd\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"F:\Valve\hl.exe"="F:\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\AMD\Plocha\Valve\hl.exe"="C:\Documents and Settings\AMD\Plocha\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Counter strike 16\Valve\hl.exe"="C:\Program Files\Counter strike 16\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\AMD\Plocha\P1876832.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34bff7a8-c6e5-11de-b792-00115ba4693a}]
shell\autorun\command - F:\hjvjte.exe
shell\open\command - F:\hjvjte.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b72dc8-f467-11de-b821-00115ba4693a}]
shell\AutoRun\command - F:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7f5dd26-5c44-11df-b98e-00115ba4693a}]
shell\AutoRun\command - hjvjte.exe
shell\open\command - hjvjte.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2e62cfa-2601-11df-b8da-00115ba4693a}]
shell\AutoRun\command - F:\bycfht.exe
shell\open\command - F:\bycfht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d155d1e1-8047-11df-ba0b-00115ba4693a}]
shell\AutoRun\command - F:\setup.exe


======List of files/folders created in the last 1 months======

2010-11-17 13:40:23 ----D---- C:\32788R22FWJFW
2010-11-14 10:59:07 ----D---- C:\Documents and Settings\AMD\Data aplikací\GanymedeNet
2010-11-14 10:57:24 ----D---- C:\Program Files\Ganymede
2010-11-06 19:57:20 ----D---- C:\Program Files\Governor of Poker
2010-11-06 19:49:37 ----D---- C:\Program Files\bfgclient
2010-11-06 19:43:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache
2010-11-05 15:10:39 ----D---- C:\Program Files\Valve
2010-11-02 20:47:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\hps
2010-11-02 20:25:29 ----D---- C:\Program Files\Fotolab
2010-10-30 12:05:02 ----A---- C:\WINDOWS\system32\Kopie - atioglxx.dll
2010-10-25 19:24:47 ----D---- C:\Documents and Settings\AMD\Data aplikací\PlayFirst
2010-10-25 19:23:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\PlayFirst

======List of files/folders modified in the last 1 months======

2010-11-17 14:06:48 ----D---- C:\WINDOWS\temp
2010-11-17 13:34:40 ----D---- C:\Program Files\Mozilla Firefox
2010-11-17 13:00:00 ----SD---- C:\WINDOWS\Tasks
2010-11-17 07:44:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-17 07:41:59 ----D---- C:\WINDOWS\system32\drivers
2010-11-17 07:41:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-16 13:56:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-14 19:04:38 ----D---- C:\Program Files
2010-11-14 19:04:09 ----D---- C:\WINDOWS\Prefetch
2010-11-14 15:19:49 ----D---- C:\Documents and Settings\AMD\Data aplikací\dvdcss
2010-11-14 14:56:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-10 19:51:41 ----D---- C:\WINDOWS
2010-11-09 17:17:30 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-11-06 19:37:01 ----D---- C:\WINDOWS\system32
2010-11-03 13:23:26 ----SHD---- C:\WINDOWS\Installer
2010-11-03 13:22:20 ----D---- C:\Config.Msi
2010-10-31 09:43:27 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-25 15:35:43 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 anf0100.sys;anf0100.sys; \??\C:\WINDOWS\system32\drivers\anf0100.sys []
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-10-12 15424]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-10-12 512096]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-08 56816]
R2 AvgTdi;AVG Network redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2005-08-10 4704]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 rttfsfilt;R-TT FS Filter; C:\WINDOWS\system32\DRIVERS\rttfsfilt.sys [2004-11-19 27936]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-01-09 42496]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 bc2b183;bc2b183; C:\WINDOWS\System32\drivers\bc2b183.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2009-05-06 223128]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-05 25280]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-06-03 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-06-03 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-06-03 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-06-03 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-06-03 79488]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 npf;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2007-11-15 34064]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-18 47360]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SE402RefCameraStill;miniSHOT (WDM); C:\WINDOWS\system32\DRIVERS\aox402sc.sys [2002-01-03 67332]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 IOLO_SRV;iolo System Guard; C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe [2007-04-12 244736]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-10-12 552064]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-16 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-06-07 520192]
S2 gupdate1ca2e612c1446a;Služba Google Update (gupdate1ca2e612c1446a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-08 194032]
S2 Zwunzi Service;Zwunzi Service; C:\Documents and Settings\All Users\Data aplikací\Zwunzi\zwunzi145.exe C:\Program Files\Zwunzi\zwunzi.dll kjzibeew []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim a pekny den preji

Vy jste se dal na chov konicku trojskych

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  motji píše: Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

Mate tam dva AV - NOD a Aviru - jeden odinstalujte jinak bude dochazet ke kolizi

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Dobrý den prajem tiež
vdaka za kontrolu môjho logu

použil som rkill ako ste napísali a vyhodilo mi tento log neviem čo s tým a teraz sa chystám urobiť ten combofix

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as AMD on . 11. 2010 at 14:24:23.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\DOCUME~1\AMD\LOCALS~1\Temp\lsass.exe
C:\Documents and Settings\AMD\Plocha\rkill.com


Rkill completed on . 11. 2010 at 14:24:29.

Log nebyl z RKillu treba, ale nevadi...ted se vrhnete na CF, ted bude teprve mazat...

tak tu je ten combofix

ComboFix 10-11-16.05 - AMD . 11. 2010 14:45:58.13.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.246 [GMT 1:00]
Running from: c:\documents and settings\AMD\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.
The following files were disabled during the run:
c:\program files\iolo\Common\Lib\sguard.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\AMD\LOCALS~1\Temp\lsass.exe
c:\documents and settings\All Users\Data aplikací\Zwunzi
c:\documents and settings\AMD\Data aplikací\Desktopicon
c:\documents and settings\AMD\Data aplikací\Desktopicon\config.ini
c:\documents and settings\AMD\Data aplikací\PriceGong
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\AMD\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\AMD\Local Settings\Data aplikací\DoubleD
c:\documents and settings\AMD\PVSAVSAVDA.exe
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome\zwunzi.jar
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\zwunzi141.xml
c:\program files\Mozilla Firefox\searchplugins\zwunzi143.xml
c:\program files\Mozilla Firefox\searchplugins\zwunzi145.xml
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\program files\Zwunzi
c:\program files\Zwunzi\uninstall.exe
c:\windows\7Loader.TAG
c:\windows\ST6UNST.000
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_npf
-------\Legacy_ZWUNZI_SERVICE
-------\Service_npf
-------\Service_Zwunzi Service


((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-14 09:59 . 2010-11-14 09:59 -------- d-----w- c:\documents and settings\AMD\Data aplikací\GanymedeNet
2010-11-14 09:58 . 2010-09-21 15:30 120296 ----a-w- c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
2010-11-14 09:57 . 2010-11-14 09:58 -------- d-----w- c:\program files\Ganymede
2010-11-06 18:57 . 2010-11-06 18:57 -------- d-----w- c:\program files\Governor of Poker
2010-11-06 18:49 . 2010-11-06 18:49 -------- d-----w- c:\program files\bfgclient
2010-11-06 18:43 . 2010-11-06 18:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-11-05 14:10 . 2010-11-14 14:56 -------- d-----w- c:\program files\Valve
2010-11-02 19:47 . 2010-11-02 19:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\hps
2010-11-02 19:25 . 2010-11-02 19:25 -------- d-----w- c:\program files\Fotolab
2010-10-30 11:05 . 2006-06-07 20:43 5050368 ----a-w- c:\windows\system32\Kopie - atioglxx.dll
2010-10-25 18:24 . 2010-10-25 18:24 -------- d-----w- c:\documents and settings\AMD\Data aplikací\PlayFirst
2010-10-25 18:23 . 2010-10-25 18:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PlayFirst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-09-26 2735200]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag0.dll" [2010-09-26 2735200]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files\Movier-media\tbMov0.dll" [2010-09-26 2735200]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2010-09-26 17:56 2735200 ----a-w- c:\program files\PageRage\tbPag0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
2010-09-26 17:56 2735200 ----a-w- c:\program files\Movier-media\tbMov0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-09-26 17:56 2735200 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-09-26 2735200]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag0.dll" [2010-09-26 2735200]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files\Movier-media\tbMov0.dll" [2010-09-26 2735200]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-09-26 2735200]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\tbPag0.dll" [2010-09-26 2735200]
"{CE10BF86-DA68-441E-91FA-38336363E3CD}"= "c:\program files\Movier-media\tbMov0.dll" [2010-09-26 2735200]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-12 949376]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-10-27 139264]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-14 202256]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-11-03 3272552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Monitor"=c:\windows\PixArt\PAC7311\Monitor.exe
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ619_56_29\\ICQ.exe"=
"c:\\Program Files\\ICQ615_08_18\\ICQ.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [17. 8. 2007 8:31 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [17. 8. 2007 8:31 5248]
R0 rttmntr;R-TT Backup Archive Explorer;c:\windows\system32\drivers\rttmntr.sys [19. 11. 2004 15:11 200512]
R0 snaprtt;R-TT Snapshots Manager;c:\windows\system32\drivers\snaprtt.sys [19. 11. 2004 15:11 78624]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30. 6. 2007 11:14 685816]
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [8. 12. 2009 14:19 9728]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [12. 10. 2007 19:01 15424]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29. 9. 2009 15:18 222968]
R2 rttfsfilt;R-TT FS Filter;c:\windows\system32\drivers\rttfsfilt.sys [19. 11. 2004 15:11 27936]
S1 bc2b183;bc2b183;c:\windows\system32\drivers\bc2b183.sys --> c:\windows\system32\drivers\bc2b183.sys [?]
S2 gupdate1ca2e612c1446a;Služba Google Update (gupdate1ca2e612c1446a);c:\program files\Google\Update\GoogleUpdate.exe [5. 9. 2009 20:42 133104]
S3 SE402RefCameraStill;miniSHOT (WDM);c:\windows\system32\drivers\aox402sc.sys [1. 9. 2007 15:02 67332]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]

2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-11-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-08 19:09]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 19:42]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 19:42]

2010-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-362288127-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-362288127-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
LSP: c:\windows\system32\imon.dll
TCP: {3C14DDFA-0C1A-49B7-B680-3FF8FC9E8231} = 10.1.1.2,192.168.202.1
DPF: {3D54FEE0-CE46-11D4-8288-0050BA6A5ABF} - file://c:\program files\NewSoft\Presto! Mr.Photo 3\CardExpr\iepiev20.cab
DPF: {8B0C8CF4-17F3-42D5-8D62-95F2E8339C26} - hxxp://symantec.softmall.com.tw/ftcdm/ftcdm.cab
FF - ProfilePath - c:\documents and settings\AMD\Data aplikací\Mozilla\Firefox\Profiles\aedj9z2a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\AMD\Data aplikací\Mozilla\Firefox\Profiles\aedj9z2a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\AMD\Data aplikací\Mozilla\Firefox\Profiles\aedj9z2a.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
AddRemove-Zwunzi - c:\program files\Zwunzi\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 14:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-362288127-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\program files\iolo\Common\Lib\sguard.dll

- - - - - - - > 'lsass.exe'(900)
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3336)
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(816)
c:\program files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\f49885d21d44f7cdbdd317c7ba76656e\update\update.exe
.
**************************************************************************
.
Completion time: 2010-11-17 15:09:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-17 14:09

Pre-Run: Volných bajtů: 27 223 097 344
Post-Run: Volných bajtů: 27 902 459 904

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=1WRI65 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /noexecute=optin /fastdetect /TUTag=1WRI65-BAK

- - End Of File - - AC2F742460CEDD5CA958DEED28290435

Nez napisu opravny skript, jeste overime jeden soubor

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\program files\iolo\Common\Lib\sguard.dll
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Send File
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

tak tu vkladám výsledky

File name: sguard.dll
Submission date: 2010-11-17 14:18:32 (UTC)
Current status: queued (#13) queued (#8) analysing finished


Result: 2/ 43 (4.7%)
VT Community

not reviewed
Safety score: -

Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.17.01 2010.11.17 -
AntiVir 7.10.14.31 2010.11.17 -
Antiy-AVL 2.0.3.7 2010.11.17 -
Avast 4.8.1351.0 2010.11.17 -
Avast5 5.0.594.0 2010.11.17 -
AVG 9.0.0.851 2010.11.17 -
BitDefender 7.2 2010.11.17 -
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.17 PUA.Packed.ASPack
Command 5.2.11.5 2010.11.17 -
Comodo 6746 2010.11.16 -
DrWeb 5.0.2.03300 2010.11.17 -
Emsisoft 5.0.0.50 2010.11.17 -
eSafe 7.0.17.0 2010.11.16 -
eTrust-Vet 36.1.7982 2010.11.17 -
F-Prot 4.6.2.117 2010.11.17 -
F-Secure 9.0.16160.0 2010.11.17 -
Fortinet 4.2.254.0 2010.11.17 -
GData 21 2010.11.17 -
Ikarus T3.1.1.90.0 2010.11.17 -
Jiangmin 13.0.900 2010.11.17 -
K7AntiVirus 9.68.3011 2010.11.17 -
Kaspersky 7.0.0.125 2010.11.17 -
McAfee 5.400.0.1158 2010.11.17 -
McAfee-GW-Edition 2010.1C 2010.11.17 -
Microsoft 1.6402 2010.11.17 -
NOD32 5626 2010.11.17 -
Norman 6.06.10 2010.11.17 -
nProtect 2010-11-17.01 2010.11.17 -
Panda 10.0.2.7 2010.11.16 -
PCTools 7.0.3.5 2010.11.17 -
Prevx 3.0 2010.11.17 -
Rising 22.74.02.03 2010.11.17 -
Sophos 4.59.0 2010.11.17 Sus/Madcode-A
SUPERAntiSpyware 4.40.0.1006 2010.11.17 -
Symantec 20101.2.0.161 2010.11.17 -
TheHacker 6.7.0.1.086 2010.11.17 -
TrendMicro 9.120.0.1004 2010.11.17 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.17 -
VBA32 3.12.14.2 2010.11.17 -
VIPRE 7331 2010.11.17 -
ViRobot 2010.11.17.4153 2010.11.17 -
VirusBuster 12.76.3.0 2010.11.16 -
Additional informationShow all
MD5 : 23828526d77986bf102fdc802d8f486d
SHA1 : bf7824dab52b5fb0a7588e6cdc36aac23d6910f9
SHA256: 50e4f1bb5d47123052cd8a12dd3148c66eabfb1c1f10fcf2b73971d31d227c67
ssdeep: 6144:FOYz9atB/WzqxmOEGieCcHjd+uO2Kfk7xr7WNAxxg:FO29at1WlUdDdLOFkNr7WKxxg
File size : 283648 bytes
First seen: 2010-11-17 14:18:32
Last seen : 2010-11-17 14:18:32
TrID:
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: ASPack v2.12
packers (F-Prot): Aspack
packers (Kaspersky): ASPack
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xB4001
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)

[[ 9 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x78000, 0x31600, 8.00, 9367be9c422d41e2a4cb659dda2ae472
DATA, 0x79000, 0x5000, 0x2400, 7.96, 3b55b1057d83f311cda7cd9a7f519306
BSS, 0x7E000, 0x3000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x81000, 0x3000, 0x1000, 7.66, af07270361c57c63ff437cdc5aebe597
.edata, 0x84000, 0x1000, 0x200, 0.95, ed7e5dc1230e3becd953a4b97e546898
.reloc, 0x85000, 0x9000, 0x4E00, 7.96, 39db4288deb23ffd092a4a695427538b
.rsrc, 0x8E000, 0x26000, 0x9E00, 7.78, 2c624b3754ded6ac0fa62f92f022ee78
.aspack, 0xB4000, 0x2000, 0x1800, 5.54, 2d299aa7c129485a5b2de8603de75799
.adata, 0xB6000, 0x1000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

[[ 17 import(s) ]]
kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
user32.dll: GetKeyboardType
advapi32.dll: RegQueryValueExA
oleaut32.dll: SysFreeString
advapi32.dll: SetSecurityDescriptorDacl
version.dll: VerQueryValueA
gdi32.dll: UnrealizeObject
user32.dll: CreateWindowExA
advapi32.dll: GetKernelObjectSecurity
oleaut32.dll: SafeArrayPtrOfIndex
ole32.dll: CoUninitialize
oleaut32.dll: GetErrorInfo
comctl32.dll: ImageList_SetIconSize
shell32.dll: ShellExecuteA
shell32.dll: SHGetSpecialFolderPathA
user32.dll: GetTabbedTextExtentA
winmm.dll: timeGetTime

[[ 1 export(s) ]]
SetCommonStartupFolder

ExifTool:
file metadata
CharacterSet: ASCII
CodeSize: 488448
CompanyName: iolo technologies, LLC
EntryPoint: 0xb4001
FileDescription:
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 277 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.0.20.0
FileVersionNumber: 6.0.20.0
ImageVersion: 0.0
InitializedDataSize: 217600
InternalName:
LanguageCode: English (U.S.)
LegalCopyright: Copyright 1998-2006 iolo technologies, LLC
LegalTrademarks: System Mechanic is a trademark of iolo technologies, LLC
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename:
PEType: PE32
ProductName:
ProductVersion: 6.0.20.0
ProductVersionNumber: 6.0.20.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight


VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

Pardon zle som to skopírovl

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Folder::
  c:\program files\SweetIM
  c:\program files\ICQ6Toolbar
  
  Driver::
  ICQ Service
  mchInjDrv
  bc2b183
  
  Collect::
  c:\windows\system32\drivers\bc2b183.sys
  
  File::
  c:\windows\Tasks\AppleSoftwareUpdate.job
  c:\windows\Tasks\Google Software Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-362288127-725345543-1003.job
  c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-362288127-725345543-1003.job
  
  FCopy::
  c:\windows\system32\dllcache\atapi.sys | c:\windows\system32\drivers\atapi.sys
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Malwarebytes Anti-Malware (reboot)"=-
  "TkBellExe"=-
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  "MSMSGS"=-
  "Sony Ericsson PC Suite"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "SunJavaUpdateSched"=-
  "HP Software Update"=-
  "Sony Ericsson PC Suite"=-
  "SweetIM"=-
  "Malwarebytes Anti-Malware (reboot)"=-
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\AMD\Data aplikací\Mozilla\Firefox\Profiles\aedj9z2a.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1606980848-362288127-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

tak som to urobil no reštartlo mi PC a ako sa zapínal znova sa sám reštartol a zapol sa normálne potom už ale nevyhodilo mi log ani v PC ho neviem nájsť

Mel by log byt c:\combofix2.txt

Pripadne to provedte znovu v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

vdaka idem to skúsiť cez ten núdzový režim

počkať niečo som našiel neviem či je to ono

ComboFix 10-11-16.05 - AMD . 11. 2010 15:39:32.14.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.205 [GMT 1:00]
Running from: C:\Documents and Settings\AMD\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\AMD\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-362288127-725345543-1003.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-362288127-725345543-1003.job"
.
The following files were disabled during the run:
C:\Program Files\iolo\Common\Lib\sguard.dll

Noo je ale jen kousek, zrejme to neprobehlo cele...

Vlezte tedy do nouzoveho rezimu, vypnete rezidentni stit ESETu a probehte krok se skriptem pro CF znovu...

tak tu vkladám teraz už všetko....urobilo to celé aj log je celý

ComboFix 10-11-16.05 - AMD . 11. 2010 14:32:21.15.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.270 [GMT 1:00]
Running from: c:\documents and settings\AMD\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\AMD\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-362288127-725345543-1003.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-362288127-725345543-1003.job"
.
The following files were disabled during the run:
c:\program files\iolo\Common\Lib\sguard.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-362288127-725345543-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-362288127-725345543-1003.job
.
---- Previous Run -------
.
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-362288127-725345543-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-362288127-725345543-1003.job

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_MCHINJDRV
-------\Service_bc2b183
-------\Service_ICQ Service
-------\Legacy_MCHINJDRV


((((((((((((((((((((((((( Files Created from 2010-10-18 to 2010-11-18 )))))))))))))))))))))))))))))))
.

2010-11-17 14:23 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-17 14:11 . 2010-11-17 14:53 -------- d-----w- c:\documents and settings\AMD\Local Settings\Data aplikací\ConduitEngine
2010-11-17 14:11 . 2010-11-17 14:11 -------- d-----w- c:\program files\ConduitEngine
2010-11-17 14:11 . 2010-11-17 14:11 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-14 09:59 . 2010-11-14 09:59 -------- d-----w- c:\documents and settings\AMD\Data aplikací\GanymedeNet
2010-11-14 09:58 . 2010-09-21 15:30 120296 ----a-w- c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
2010-11-14 09:57 . 2010-11-14 09:58 -------- d-----w- c:\program files\Ganymede
2010-11-06 18:57 . 2010-11-06 18:57 -------- d-----w- c:\program files\Governor of Poker
2010-11-06 18:49 . 2010-11-06 18:49 -------- d-----w- c:\program files\bfgclient
2010-11-06 18:43 . 2010-11-06 18:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2010-11-05 14:10 . 2010-11-14 14:56 -------- d-----w- c:\program files\Valve
2010-11-02 19:47 . 2010-11-02 19:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\hps
2010-11-02 19:25 . 2010-11-02 19:25 -------- d-----w- c:\program files\Fotolab
2010-10-30 11:05 . 2006-06-07 20:43 5050368 ----a-w- c:\windows\system32\Kopie - atioglxx.dll
2010-10-25 18:24 . 2010-10-25 18:24 -------- d-----w- c:\documents and settings\AMD\Data aplikací\PlayFirst
2010-10-25 18:23 . 2010-10-25 18:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PlayFirst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee2.dll" [2010-10-18 3908192]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag2.dll" [2010-10-18 3908192]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files\Movier-media\tbMov0.dll" [2010-09-26 2735200]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\PageRage\tbPag2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
2010-09-26 17:56 2735200 ----a-w- c:\program files\Movier-media\tbMov0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Peer2Peer-EN\tbPee2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee2.dll" [2010-10-18 3908192]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag2.dll" [2010-10-18 3908192]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files\Movier-media\tbMov0.dll" [2010-09-26 2735200]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee2.dll" [2010-10-18 3908192]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\tbPag2.dll" [2010-10-18 3908192]
"{CE10BF86-DA68-441E-91FA-38336363E3CD}"= "c:\program files\Movier-media\tbMov0.dll" [2010-09-26 2735200]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-12 949376]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-10-27 139264]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-11-03 3272552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Monitor"=c:\windows\PixArt\PAC7311\Monitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ619_56_29\\ICQ.exe"=
"c:\\Program Files\\ICQ615_08_18\\ICQ.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [17. 8. 2007 8:31 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [17. 8. 2007 8:31 5248]
R0 rttmntr;R-TT Backup Archive Explorer;c:\windows\system32\drivers\rttmntr.sys [19. 11. 2004 15:11 200512]
R0 snaprtt;R-TT Snapshots Manager;c:\windows\system32\drivers\snaprtt.sys [19. 11. 2004 15:11 78624]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30. 6. 2007 11:14 685816]
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [8. 12. 2009 14:19 9728]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [12. 10. 2007 19:01 15424]
R2 rttfsfilt;R-TT FS Filter;c:\windows\system32\drivers\rttfsfilt.sys [19. 11. 2004 15:11 27936]
S2 gupdate1ca2e612c1446a;Služba Google Update (gupdate1ca2e612c1446a);c:\program files\Google\Update\GoogleUpdate.exe [5. 9. 2009 20:42 133104]
S3 SE402RefCameraStill;miniSHOT (WDM);c:\windows\system32\drivers\aox402sc.sys [1. 9. 2007 15:02 67332]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
LSP: c:\windows\system32\imon.dll
TCP: {3C14DDFA-0C1A-49B7-B680-3FF8FC9E8231} = 10.1.1.2,192.168.202.1
DPF: {3D54FEE0-CE46-11D4-8288-0050BA6A5ABF} - file://c:\program files\NewSoft\Presto! Mr.Photo 3\CardExpr\iepiev20.cab
DPF: {8B0C8CF4-17F3-42D5-8D62-95F2E8339C26} - hxxp://symantec.softmall.com.tw/ftcdm/ftcdm.cab
FF - ProfilePath - c:\documents and settings\AMD\Data aplikací\Mozilla\Firefox\Profiles\aedj9z2a.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\AMD\Data aplikací\Mozilla\Firefox\Profiles\aedj9z2a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\AMD\Data aplikací\Mozilla\Firefox\Profiles\aedj9z2a.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-18 14:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-362288127-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\program files\iolo\Common\Lib\sguard.dll

- - - - - - - > 'lsass.exe'(888)
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2996)
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(804)
c:\program files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-18 14:50:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-18 13:50
ComboFix2.txt 2010-11-17 14:09

Pre-Run: Volných bajtů: 26 604 077 056
Post-Run: Volných bajtů: 26 626 367 488

- - End Of File - - B2090D201E4668C48381F5585CB26E26