VIRY.CZ

Ahoj prosím o kontrolu logu ,v období asi tak týden výrazně zpomalilo načítání You tube
Vít


Logfile of random's system information tool 1.08 (written by random/random)
Run by xano at 2010-12-17 15:56:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 176 GB (58%) free of 305 GB
Total RAM: 2038 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:57:00, on 17.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\xano\Plocha\RSIT.exe
C:\Program Files\trend micro\xano.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com/?o=15709&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15561&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B88A959-E40A-47A2-9B89-7DA28E413DB0}: NameServer = 93.188.163.200,93.188.160.120
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AF1B599-BE22-4997-9FFF-0DF04541283A}: NameServer = 93.188.163.200,93.188.160.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.200,93.188.160.120
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B88A959-E40A-47A2-9B89-7DA28E413DB0}: NameServer = 93.188.163.200,93.188.160.120
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.200,93.188.160.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B88A959-E40A-47A2-9B89-7DA28E413DB0}: NameServer = 93.188.163.200,93.188.160.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.200,93.188.160.120
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6875 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\03371f71.job
C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\Norton Security Scan for xano.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-12-14 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2007-05-16 269632]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-12-14 2048352]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-24 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-24 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-24 137752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-12-14 2048352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-07-09 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak]
C:\Documents and Settings\xano\Local Settings\Data aplikací\Seznam.cz\postak.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
C:\Program Files\Seznam\Postak\Postak.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-12-14 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-20 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\L2phx_3.2.0\l2phx.exe"="C:\L2phx_3.2.0\l2phx.exe:*:Enabled:l2phx"
"C:\HALPEX\L2phx_3.2.0\l2phx.exe"="C:\HALPEX\L2phx_3.2.0\l2phx.exe:*:Enabled:l2phx"
"C:\Download\hlapex2\l2phx320\l2phx.exe"="C:\Download\hlapex2\l2phx320\l2phx.exe:*:Enabled:l2phx"
"C:\Download\hlapex2\l2phx319\l2phx.exe"="C:\Download\hlapex2\l2phx319\l2phx.exe:*:Enabled:l2phx"
"C:\Kopie - Hlapex\hlapex\hLaPEx.exe"="C:\Kopie - Hlapex\hlapex\hLaPEx.exe:*:Enabled:hLaPEx"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-17 15:56:57 ----D---- C:\rsit
2010-12-17 12:17:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lttwn10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltthk10w.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\LTSCR10N.DLL
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltkrn10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltimg10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltfil10N.DLL
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltefx10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\LTDIS10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfwpg10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfwmf10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\Lftif10w.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lftif10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lftga10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfras10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfpsd10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfpng10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfpcx10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfpct10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfgif10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lffax10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\LFCMP10N.DLL
2010-12-17 12:17:08 ----A---- C:\WINDOWS\system32\lfbmp10N.dll
2010-12-17 12:17:07 ----D---- C:\Program Files\NeoPaint
2010-12-17 09:22:03 ----D---- C:\WINDOWS\system32\x64
2010-12-17 09:22:00 ----RA---- C:\WINDOWS\system32\SET16B.tmp
2010-12-17 09:21:59 ----RA---- C:\WINDOWS\system32\SET13B.tmp
2010-12-17 09:21:56 ----RA---- C:\WINDOWS\system32\SET139.tmp
2010-12-17 09:21:55 ----RA---- C:\WINDOWS\system32\SET137.tmp
2010-12-17 09:21:54 ----RA---- C:\WINDOWS\system32\SET133.tmp
2010-12-17 09:21:52 ----RA---- C:\WINDOWS\system32\SET12F.tmp
2010-12-17 09:21:51 ----RA---- C:\WINDOWS\system32\SET127.tmp
2010-12-17 09:21:50 ----RA---- C:\WINDOWS\system32\SET125.tmp
2010-12-17 09:21:49 ----RA---- C:\WINDOWS\system32\SET123.tmp
2010-12-17 09:21:47 ----RA---- C:\WINDOWS\system32\SET11D.tmp
2010-12-17 09:21:46 ----RA---- C:\WINDOWS\system32\SET11B.tmp
2010-12-17 09:21:45 ----RA---- C:\WINDOWS\system32\SET119.tmp
2010-12-17 09:21:43 ----RA---- C:\WINDOWS\system32\SET117.tmp
2010-12-17 09:18:31 ----D---- C:\Program Files\Intel
2010-12-16 08:41:35 ----D---- C:\Documents and Settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 08:41:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 08:37:17 ----D---- C:\Documents and Settings\xano\Data aplikací\SuperHideIP
2010-12-16 08:37:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\SuperHideIP
2010-12-16 08:37:10 ----D---- C:\Program Files\SuperHideIP
2010-12-16 08:35:28 ----D---- C:\Documents and Settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 08:35:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 08:31:47 ----D---- C:\HIDE IP
2010-12-14 14:00:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-14 14:00:23 ----A---- C:\WINDOWS\system32\igfxCoIn_v5218.dll
2010-12-14 12:38:24 ----A---- C:\WINDOWS\system32\drivers\AsIO.sys
2010-12-14 12:38:24 ----A---- C:\WINDOWS\system32\AsIO.dll
2010-12-14 12:38:22 ----D---- C:\Program Files\ASUS
2010-12-14 12:36:44 ----D---- C:\Ibmtools
2010-12-14 12:30:41 ----D---- C:\Program Files\Ask.com
2010-12-14 12:30:34 ----D---- C:\Documents and Settings\xano\Data aplikací\Blitware
2010-12-14 12:30:33 ----D---- C:\Program Files\Driver Robot
2010-12-14 12:12:31 ----D---- C:\Program Files\TopCD
2010-12-14 09:17:45 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-12-14 09:17:45 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-12-14 09:17:41 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-12-14 09:17:40 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-12-14 09:17:37 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-12-11 16:53:22 ----D---- C:\Program Files\Common Files\Adobe
2010-12-11 11:44:54 ----A---- C:\Sernum ZIACIK.txt
2010-12-11 11:41:50 ----D---- C:\Program Files\Ziacik v2.52
2010-12-06 19:31:25 ----D---- C:\VYPALENO
2010-12-06 17:32:30 ----A---- C:\HESLO SPOJKA.txt
2010-12-05 08:27:30 ----D---- C:\graciasystem zaloha
2010-12-05 07:17:17 ----D---- C:\Lineage II Freya instal
2010-12-05 07:17:17 ----D---- C:\Hry
2010-12-02 07:31:24 ----AD---- C:\system innt zaloha
2010-11-25 14:23:01 ----D---- C:\Program Files\Adobe
2010-11-25 13:23:15 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth.txt
2010-11-25 13:22:41 ----A---- C:\WINDOWS\system32\drivers\bthmodem.sys
2010-11-25 07:17:54 ----D---- C:\Program Files\Microsoft Office
2010-11-25 07:09:08 ----D---- C:\Program Files\MSECache

======List of files/folders modified in the last 1 months======

2010-12-17 15:56:59 ----D---- C:\Program Files\trend micro
2010-12-17 15:52:10 ----A---- C:\WINDOWS\WINCMD.INI
2010-12-17 15:44:21 ----D---- C:\WINDOWS\Prefetch
2010-12-17 12:30:45 ----D---- C:\WINDOWS\Temp
2010-12-17 12:17:09 ----D---- C:\WINDOWS\system32
2010-12-17 12:17:07 ----D---- C:\Program Files
2010-12-17 12:16:25 ----D---- C:\Download
2010-12-17 12:01:35 ----HD---- C:\$AVG8.VAULT$
2010-12-17 11:34:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-17 11:25:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-17 09:23:25 ----D---- C:\WINDOWS
2010-12-17 09:21:43 ----D---- C:\WINDOWS\system32\drivers
2010-12-17 09:21:42 ----HD---- C:\WINDOWS\inf
2010-12-17 09:18:34 ----DC---- C:\WINDOWS\system32\dllcache
2010-12-17 09:18:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-17 09:18:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-17 09:17:53 ----D---- C:\Program Files\Common Files\InstallShield
2010-12-17 09:15:46 ----D---- C:\VYP
2010-12-16 08:40:15 ----D---- C:\Documents and Settings\xano\Data aplikací\Mozilla
2010-12-15 19:20:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-14 17:41:54 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-14 14:00:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-14 12:30:49 ----SHD---- C:\WINDOWS\Installer
2010-12-14 12:30:46 ----SD---- C:\WINDOWS\Tasks
2010-12-14 10:43:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-12-14 09:16:51 ----SD---- C:\Documents and Settings\xano\Data aplikací\Microsoft
2010-12-11 16:53:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-12-11 16:53:22 ----D---- C:\Program Files\Common Files
2010-12-10 10:31:16 ----A---- C:\SRDownloader.exe
2010-12-07 20:14:05 ----D---- C:\Program Files\ICQ7.0
2010-12-07 20:13:59 ----D---- C:\Documents and Settings\xano\Data aplikací\ICQ
2010-12-05 07:10:39 ----D---- C:\filmy
2010-12-04 20:19:13 ----D---- C:\Documents and Settings\xano\Data aplikací\vlc
2010-12-02 10:20:53 ----D---- C:\Program Files\Lineage int II
2010-12-01 07:02:41 ----D---- C:\WINDOWS\Debug
2010-11-25 07:17:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-25 07:09:21 ----RSD---- C:\WINDOWS\Fonts
2010-11-25 07:09:21 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-18 691696]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-12-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-12-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-12-14 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-20 5955872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-23 5082624]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-24 141568]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a8w3xdcd;a8w3xdcd; C:\WINDOWS\system32\drivers\a8w3xdcd.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 arswl49n;arswl49n; C:\WINDOWS\system32\drivers\arswl49n.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage int II\system\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\C:\LIne ageII\system C\npkycryp.sys []
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2010-12-14 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-12-14 297752]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-10-11 3369044]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ahoj ,
to AVG máš placené?

odinstaluj Asktoolbar

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Avg je Free

Tady je log MBAM:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

17.12.2010 16:57:01
mbam-log-2010-12-17 (16-56-52).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 164401
Uplynulý čas: 12 minut, 30 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 4
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.200,93.188.160.120) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1B88A959-E40A-47A2-9B89-7DA28E413DB0}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.200,93.188.160.120) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4AF1B599-BE22-4997-9FFF-0DF04541283A}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.200,93.188.160.120) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4AF1B599-BE22-4997-9FFF-0DF04541283A}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.163.200,93.188.160.120) Good: () -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\system32\bpk.dat (Keylogger) -> No action taken.
c:\WINDOWS\system32\inst.dat (Keylogger) -> No action taken.
c:\WINDOWS\system32\pk.bin (Keylogger) -> No action taken.

Paráda , v mbamu vše smaž. Ty sis do počítače instaloval nějaký keylloger?

Prosím tě, AVG odinstaluj tímto http://download.avg.com/filedir/util/su ... 1_1165.exe, combofix se s ním nemá rád.
A můžu Ti dát přátelskou radu? . Hoď si tam pak raději Avast nebo Aviru


Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Vse uděláno,i když byly trochu problémy s odinst. AVG ale už v poho.Keyloger tu kdysi býval.

Log Comba:

ComboFix 10-12-16.05 - xano 17.12.2010 19:51:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2038.1690 [GMT 1:00]
Spuštěný z: c:\documents and settings\xano\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\Thumbs.db
c:\windows\system32\web.dat
C:\WOOW.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-17 do 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 15:37 . 2010-12-17 15:37 -------- d-----w- c:\documents and settings\xano\Data aplikací\Malwarebytes
2010-12-17 15:35 . 2010-12-17 15:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-17 15:35 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 15:35 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 15:35 . 2010-12-17 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 14:56 . 2010-12-17 14:57 -------- d-----w- C:\rsit
2010-12-17 08:22 . 2010-12-17 08:22 -------- d-----w- c:\windows\system32\x64
2010-12-17 08:22 . 2008-03-20 00:08 176128 ----a-r- c:\windows\system32\SET16B.tmp
2010-12-17 08:21 . 2008-03-24 03:34 137752 ----a-r- c:\windows\system32\SET13B.tmp
2010-12-17 08:21 . 2008-03-20 00:04 3293184 ----a-r- c:\windows\system32\SET139.tmp
2010-12-17 08:21 . 2008-03-24 03:34 166424 ----a-r- c:\windows\system32\SET137.tmp
2010-12-17 08:21 . 2008-03-24 03:34 141848 ----a-r- c:\windows\system32\SET133.tmp
2010-12-17 08:21 . 2008-03-20 00:04 208896 ----a-r- c:\windows\system32\SET12F.tmp
2010-12-17 08:21 . 2008-03-24 03:34 256536 ----a-r- c:\windows\system32\SET127.tmp
2010-12-17 08:21 . 2008-03-20 00:04 48128 ----a-r- c:\windows\system32\SET125.tmp
2010-12-17 08:21 . 2008-03-20 00:04 106496 ----a-r- c:\windows\system32\SET123.tmp
2010-12-17 08:21 . 2008-03-20 00:45 3174912 ----a-r- c:\windows\system32\SET11D.tmp
2010-12-17 08:21 . 2008-03-20 00:46 2207168 ----a-r- c:\windows\system32\SET11B.tmp
2010-12-17 08:21 . 2008-03-20 00:45 151552 ----a-r- c:\windows\system32\SET119.tmp
2010-12-17 08:21 . 2008-03-20 00:45 57344 ----a-r- c:\windows\system32\SET117.tmp
2010-12-17 08:18 . 2010-12-17 08:18 -------- d-----w- c:\program files\Intel
2010-12-17 08:17 . 2001-04-11 17:25 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-17 08:17 . 2001-04-11 17:25 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2010-12-17 08:17 . 2001-04-11 17:21 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-17 08:17 . 2001-04-11 17:20 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-17 08:17 . 2001-04-11 17:29 602244 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-12-16 07:41 . 2010-12-16 07:41 -------- d-----w- c:\documents and settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 07:41 . 2010-12-16 07:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 07:37 . 2010-12-16 07:37 -------- d-----w- c:\documents and settings\xano\Data aplikací\SuperHideIP
2010-12-16 07:37 . 2010-12-16 07:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SuperHideIP
2010-12-16 07:37 . 2010-12-16 07:44 -------- d-----w- c:\program files\SuperHideIP
2010-12-16 07:35 . 2010-12-16 07:35 -------- d-----w- c:\documents and settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 07:35 . 2010-12-16 07:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 07:31 . 2010-12-16 07:31 -------- d-----w- C:\HIDE IP
2010-12-15 19:31 . 2010-12-15 19:31 -------- d-----w- c:\documents and settings\xano\Local Settings\Data aplikací\Mozilla
2010-12-14 13:00 . 2010-01-13 11:28 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2010-12-14 11:38 . 2007-12-17 16:14 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2010-12-14 11:38 . 2006-01-10 15:50 24576 ----a-w- c:\windows\system32\AsIO.dll
2010-12-14 11:38 . 2010-12-14 11:38 -------- d-----w- c:\program files\ASUS
2010-12-14 11:36 . 2010-12-14 11:36 -------- d-----w- C:\Ibmtools
2010-12-14 11:30 . 2010-12-14 11:30 -------- d-----w- c:\documents and settings\xano\Data aplikací\Blitware
2010-12-14 11:30 . 2010-12-14 11:30 -------- d-----w- c:\program files\Driver Robot
2010-12-14 11:12 . 2010-12-14 11:12 -------- d-----w- c:\program files\TopCD
2010-12-14 08:17 . 2010-12-14 08:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-12-14 08:17 . 2010-12-14 08:17 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-12-14 08:17 . 2010-12-14 08:17 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-12-14 08:17 . 2010-12-14 08:17 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-12-14 08:17 . 2010-12-17 17:24 -------- d-----w- c:\windows\system32\drivers\Avg
2010-12-11 15:53 . 2010-12-11 15:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-11 10:41 . 2010-12-12 12:09 -------- d-----w- c:\program files\Ziacik v2.52
2010-12-06 18:31 . 2010-12-17 15:17 -------- d-----w- C:\VYPALENO
2010-12-05 07:27 . 2010-12-05 07:27 -------- d-----w- C:\graciasystem zaloha
2010-12-05 06:17 . 2010-12-17 10:36 -------- d-----w- C:\Hry
2010-12-05 06:17 . 2010-12-06 07:13 -------- d-----w- C:\Lineage II Freya instal
2010-12-02 06:31 . 2010-12-04 18:12 -------- d---a-w- C:\system innt zaloha
2010-11-25 12:22 . 2008-04-13 23:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-11-25 06:09 . 2010-11-25 06:09 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 09:31 . 2010-07-27 04:13 975360 ----a-w- C:\SRDownloader.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-12-14 08:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.2.2010 13:14 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.2.2010 10:41 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\line ageii\system C\npkycryp.sys --> c:\line ageii\system C\npkycryp.sys [?]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [23.4.2010 2:20 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [23.4.2010 2:20 53312]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-14 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2010-12-14 11:30]

2010-12-17 c:\windows\Tasks\Norton Security Scan for xano.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 22:04]

2010-12-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]

2010-03-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15561&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Download All using 4shared Desktop
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Seznam Postak - c:\documents and settings\xano\Local Settings\Data aplikací\Seznam.cz\postak.exe
MSConfigStartUp-SMail - c:\program files\Seznam\Postak\Postak.exe
AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 19:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Celkový čas: 2010-12-17 19:53:18
ComboFix-quarantined-files.txt 2010-12-17 18:53

Před spuštěním: Volných bajtů: 184 298 475 520
Po spuštění: Volných bajtů: 184 359 108 608

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A4290E1FB78616588532B81F14B24A2E

Co ty cracky?

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem



Mbam něco našel?

Ahojky,mometalně jsem na druhém kompu ,Cracky jsem mněl na nějaké prg. mbam podruhé už nenašel nic.jak se dostanu na můj komp provedu ten skript a pošlu log z RSIT že?Zatim moc dík

Ano, a napiš pak co počítač

Jova!, naprostá paráda,You tube maká opět bezva.Máš prostě perfekt znalosti.
Takže log OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET117.tmp moved successfully.
C:\WINDOWS\system32\SET119.tmp moved successfully.
C:\WINDOWS\system32\SET11B.tmp moved successfully.
C:\WINDOWS\system32\SET11D.tmp moved successfully.
C:\WINDOWS\system32\SET123.tmp moved successfully.
C:\WINDOWS\system32\SET125.tmp moved successfully.
C:\WINDOWS\system32\SET127.tmp moved successfully.
C:\WINDOWS\system32\SET12F.tmp moved successfully.
C:\WINDOWS\system32\SET133.tmp moved successfully.
C:\WINDOWS\system32\SET137.tmp moved successfully.
C:\WINDOWS\system32\SET139.tmp moved successfully.
C:\WINDOWS\system32\SET13B.tmp moved successfully.
C:\WINDOWS\system32\SET16B.tmp moved successfully.
C:\WINDOWS\SET18.tmp moved successfully.
C:\WINDOWS\SET1B.tmp moved successfully.
C:\WINDOWS\SET27.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP167.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP18D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP296.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP59.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAC.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
c:\documents and settings\xano\Data aplikací\SuperHideIP folder moved successfully.
c:\documents and settings\All Users\Data aplikací\SuperHideIP folder moved successfully.
c:\program files\SuperHideIP\skins folder moved successfully.
c:\program files\SuperHideIP\res\images folder moved successfully.
c:\program files\SuperHideIP\res\flag_short folder moved successfully.
c:\program files\SuperHideIP\res folder moved successfully.
c:\program files\SuperHideIP\lang folder moved successfully.
c:\program files\SuperHideIP folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: xano
->Temp folder emptied: 642862 bytes
->Temporary Internet Files folder emptied: 175325 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7216109 bytes
->Opera cache emptied: 66149476 bytes
->Flash cache emptied: 2917 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 71,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12182010_121748

Files moved on Reboot...

Registry entries deleted on Reboot...



A ještě log RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by xano at 2010-12-18 12:33:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 176 GB (58%) free of 305 GB
Total RAM: 2038 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:33:57, on 18.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\xano\Plocha\RSIT.exe
C:\Program Files\trend micro\xano.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15561&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5282 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\Norton Security Scan for xano.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2007-05-16 269632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-24 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-24 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-24 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-07-09 570664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-12-14 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-20 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-18 12:20:16 ----A---- C:\OTM VYSLEDEK.txt
2010-12-18 12:18:31 ----SHD---- C:\RECYCLER
2010-12-18 12:17:48 ----D---- C:\_OTM
2010-12-17 22:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-17 22:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-17 22:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-17 22:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-17 22:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-17 22:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-17 22:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2416400$
2010-12-17 22:35:24 ----A---- C:\WINDOWS\imsins.BAK
2010-12-17 22:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-17 19:53:19 ----D---- C:\WINDOWS\temp
2010-12-17 19:53:18 ----A---- C:\ComboFix.txt
2010-12-17 19:50:41 ----A---- C:\Boot.bak
2010-12-17 19:50:38 ----RASHD---- C:\cmdcons
2010-12-17 19:49:15 ----A---- C:\WINDOWS\zip.exe
2010-12-17 19:49:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-17 19:49:15 ----A---- C:\WINDOWS\SWSC.exe
2010-12-17 19:49:15 ----A---- C:\WINDOWS\SWREG.exe
2010-12-17 19:49:15 ----A---- C:\WINDOWS\sed.exe
2010-12-17 19:49:15 ----A---- C:\WINDOWS\PEV.exe
2010-12-17 19:49:15 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-17 19:49:15 ----A---- C:\WINDOWS\MBR.exe
2010-12-17 19:49:15 ----A---- C:\WINDOWS\grep.exe
2010-12-17 19:49:11 ----D---- C:\WINDOWS\ERDNT
2010-12-17 19:38:04 ----D---- C:\Qoobox
2010-12-17 16:57:01 ----A---- C:\mbam-log-2010-12-17 (16-56-52).txt
2010-12-17 16:37:06 ----D---- C:\Documents and Settings\xano\Data aplikací\Malwarebytes
2010-12-17 16:35:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-17 16:35:44 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-17 16:35:42 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-17 16:35:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-17 15:56:57 ----D---- C:\rsit
2010-12-17 12:17:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lttwn10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltthk10w.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\LTSCR10N.DLL
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltkrn10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltimg10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltfil10N.DLL
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\ltefx10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\LTDIS10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfwpg10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfwmf10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\Lftif10w.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lftif10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lftga10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfras10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfpsd10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfpng10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfpcx10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfpct10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lfgif10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\lffax10N.dll
2010-12-17 12:17:09 ----A---- C:\WINDOWS\system32\LFCMP10N.DLL
2010-12-17 12:17:08 ----A---- C:\WINDOWS\system32\lfbmp10N.dll
2010-12-17 12:17:07 ----D---- C:\Program Files\NeoPaint
2010-12-17 09:22:03 ----D---- C:\WINDOWS\system32\x64
2010-12-17 09:18:31 ----D---- C:\Program Files\Intel
2010-12-16 08:41:35 ----D---- C:\Documents and Settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 08:41:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 08:35:28 ----D---- C:\Documents and Settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 08:35:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 08:31:47 ----D---- C:\HIDE IP
2010-12-14 14:00:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-14 14:00:23 ----A---- C:\WINDOWS\system32\igfxCoIn_v5218.dll
2010-12-14 12:38:24 ----A---- C:\WINDOWS\system32\drivers\AsIO.sys
2010-12-14 12:38:24 ----A---- C:\WINDOWS\system32\AsIO.dll
2010-12-14 12:38:22 ----D---- C:\Program Files\ASUS
2010-12-14 12:36:44 ----D---- C:\Ibmtools
2010-12-14 12:30:34 ----D---- C:\Documents and Settings\xano\Data aplikací\Blitware
2010-12-14 12:30:33 ----D---- C:\Program Files\Driver Robot
2010-12-14 12:12:31 ----D---- C:\Program Files\TopCD
2010-12-14 09:17:45 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-12-14 09:17:45 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-12-14 09:17:41 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-12-14 09:17:40 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-12-14 09:17:37 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-12-11 16:53:22 ----D---- C:\Program Files\Common Files\Adobe
2010-12-11 11:44:54 ----A---- C:\Sernum ZIACIK.txt
2010-12-11 11:41:50 ----D---- C:\Program Files\Ziacik v2.52
2010-12-06 19:31:25 ----D---- C:\VYPALENO
2010-12-06 17:32:30 ----A---- C:\HESLO SPOJKA.txt
2010-12-05 08:27:30 ----D---- C:\graciasystem zaloha
2010-12-05 07:17:17 ----D---- C:\Lineage II Freya instal
2010-12-05 07:17:17 ----D---- C:\Hry
2010-12-02 07:31:24 ----AD---- C:\system innt zaloha
2010-11-25 14:23:01 ----D---- C:\Program Files\Adobe
2010-11-25 13:23:15 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth.txt
2010-11-25 13:22:41 ----A---- C:\WINDOWS\system32\drivers\bthmodem.sys
2010-11-25 07:17:54 ----D---- C:\Program Files\Microsoft Office
2010-11-25 07:09:08 ----D---- C:\Program Files\MSECache

======List of files/folders modified in the last 1 months======

2010-12-18 12:33:55 ----D---- C:\Program Files\trend micro
2010-12-18 12:33:44 ----A---- C:\WINDOWS\WINCMD.INI
2010-12-18 12:23:34 ----D---- C:\WINDOWS\system32
2010-12-18 12:23:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-18 12:18:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-18 12:17:58 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-18 12:17:58 ----D---- C:\Program Files
2010-12-18 12:17:50 ----D---- C:\WINDOWS
2010-12-18 12:17:45 ----D---- C:\WINDOWS\Prefetch
2010-12-17 22:37:03 ----HD---- C:\WINDOWS\inf
2010-12-17 22:37:03 ----DC---- C:\WINDOWS\system32\dllcache
2010-12-17 22:36:57 ----D---- C:\WINDOWS\system32\drivers
2010-12-17 22:36:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-17 22:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-17 22:35:23 ----D---- C:\Program Files\Outlook Express
2010-12-17 21:30:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-17 21:29:54 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-17 19:53:02 ----SD---- C:\WINDOWS\Tasks
2010-12-17 19:52:41 ----A---- C:\WINDOWS\system.ini
2010-12-17 19:51:48 ----D---- C:\WINDOWS\AppPatch
2010-12-17 19:51:44 ----D---- C:\Program Files\Common Files
2010-12-17 19:50:41 ----RASH---- C:\boot.ini
2010-12-17 19:43:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-12-17 19:42:43 ----SD---- C:\Documents and Settings\xano\Data aplikací\Microsoft
2010-12-17 19:41:00 ----D---- C:\Download
2010-12-17 19:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-12-17 18:30:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-17 16:36:39 ----SHD---- C:\WINDOWS\Installer
2010-12-17 16:17:11 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-17 12:01:35 ----D---- C:\$AVG8.VAULT$
2010-12-17 09:18:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-17 09:17:53 ----D---- C:\Program Files\Common Files\InstallShield
2010-12-17 09:15:46 ----D---- C:\VYP
2010-12-16 08:40:15 ----D---- C:\Documents and Settings\xano\Data aplikací\Mozilla
2010-12-14 14:00:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-11 16:53:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-12-10 10:31:16 ----A---- C:\SRDownloader.exe
2010-12-07 20:14:05 ----D---- C:\Program Files\ICQ7.0
2010-12-07 20:13:59 ----D---- C:\Documents and Settings\xano\Data aplikací\ICQ
2010-12-05 07:10:39 ----D---- C:\filmy
2010-12-04 20:19:13 ----D---- C:\Documents and Settings\xano\Data aplikací\vlc
2010-12-02 10:20:53 ----D---- C:\Program Files\Lineage int II
2010-12-01 07:02:41 ----D---- C:\WINDOWS\Debug
2010-11-25 07:17:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-25 07:09:21 ----RSD---- C:\WINDOWS\Fonts
2010-11-25 07:09:21 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-18 691696]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-12-14 27784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-20 5955872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-23 5082624]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-24 141568]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ah5n1d5y;ah5n1d5y; C:\WINDOWS\system32\drivers\ah5n1d5y.sys []
S3 alubsnay;alubsnay; C:\WINDOWS\system32\drivers\alubsnay.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 catchme;catchme; \??\C:\DOCUME~1\xano\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage int II\system\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\C:\LIne ageII\system C\npkycryp.sys []
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-10-11 3369044]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ještě dotaz Myslíš tedy ze AVG není ktověčo
Vykopu ho tedy i naší mladé z kompu má ho u nás v mé péči.
Jinak co dobrého vaříš vím že jsi skvělá kuchařka,já dnes mamině udělám brambory a obalovaný salám.

To si taky nesmíš tahat do pc cracky a keygeny , to jsou nejčastější nositelé virů.

To AVG Ti opravdu nedoporučuji, raději třeba Avast nebo Aviru. Domažu Ti po něm nějaké složky

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci



Já dnes nevařím, máme tu malou marodku, tak není na jídlo chuť

Tak uděláno. Hide IP jsem mněl kvůli bezlimitovému megavideu,ale stejně to nefungovalo.Pak jsem přišel na jiný způsob jak kokat bez omezení Ať se ti to doma rychle uzdraví,naše malá taky pořád kašle

Tady je log Comba:
ComboFix 10-12-16.05 - xano 19.12.2010 8:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2038.1652 [GMT 1:00]
Spuštěný z: c:\documents and settings\xano\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xano\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\documents and settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe"
"c:\documents and settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe c:\documents and settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe"
"c:\documents and settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe"
"c:\windows\system32\avgrsstx.dll"
"c:\windows\system32\drivers\avgldx86.sys"
"c:\windows\system32\drivers\avgmfx86.sys"
"c:\windows\system32\drivers\avgtdix.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG8.VAULT$
c:\$avg8.vault$\V_00000001.fil
c:\$avg8.vault$\V_00000002.fil
c:\$avg8.vault$\V_00000003.fil
c:\$avg8.vault$\V_00000004.fil
c:\$avg8.vault$\V_00000005.fil
c:\$avg8.vault$\V_00000006.fil
c:\$avg8.vault$\V_00000007.fil
c:\$avg8.vault$\V_00000008.fil
c:\$avg8.vault$\V_00000009.fil
c:\$avg8.vault$\V_00000010.fil
c:\$avg8.vault$\V_00000011.fil
c:\$avg8.vault$\V_00000012.fil
c:\$avg8.vault$\V_00000013.fil
c:\$avg8.vault$\V_00000014.fil
c:\$avg8.vault$\V_00000015.fil
c:\$avg8.vault$\V_00000016.fil
c:\$avg8.vault$\V_00000017.fil
c:\$avg8.vault$\V_00000018.fil
c:\$avg8.vault$\V_00000019.fil
c:\$avg8.vault$\V_00000020.fil
c:\$avg8.vault$\V_00000021.fil
c:\$avg8.vault$\V_00000022.fil
c:\$avg8.vault$\V_00000023.fil
c:\$avg8.vault$\V_00000024.fil
c:\$avg8.vault$\V_00000025.fil
c:\$avg8.vault$\V_00000026.fil
c:\$avg8.vault$\V_00000027.fil
c:\$avg8.vault$\V_00000028.fil
c:\$avg8.vault$\V_00000029.fil
c:\$avg8.vault$\V_00000030.fil
c:\$avg8.vault$\V_00000031.fil
c:\$avg8.vault$\V_00000032.fil
c:\$avg8.vault$\V_00000033.fil
c:\$avg8.vault$\V_00000034.fil
c:\$avg8.vault$\V_00000035.fil
c:\$avg8.vault$\V_00000036.fil
c:\$avg8.vault$\V_00000037.fil
c:\$avg8.vault$\V_00000038.fil
c:\$avg8.vault$\V_00000039.fil
c:\$avg8.vault$\V_00000040.fil
c:\$avg8.vault$\V_00000041.fil
c:\$avg8.vault$\V_00000042.fil
c:\$avg8.vault$\V_00000043.fil
c:\$avg8.vault$\V_00000044.fil
c:\$avg8.vault$\V_00000045.fil
c:\$avg8.vault$\V_00000046.fil
c:\$avg8.vault$\V_00000047.fil
c:\$avg8.vault$\V_00000048.fil
c:\$avg8.vault$\V_00000049.fil
c:\$avg8.vault$\V_00000050.fil
c:\$avg8.vault$\V_00000051.fil
c:\$avg8.vault$\V_00000052.fil
c:\$avg8.vault$\V_00000053.fil
c:\$avg8.vault$\V_00000054.fil
c:\$avg8.vault$\V_00000055.fil
c:\$avg8.vault$\V_00000056.fil
c:\$avg8.vault$\V_00000057.fil
c:\$avg8.vault$\V_00000058.fil
c:\$avg8.vault$\V_00000059.fil
c:\$avg8.vault$\V_00000060.fil
c:\$avg8.vault$\V_00000061.fil
c:\$avg8.vault$\V_00000062.fil
c:\$avg8.vault$\V_00000063.fil
c:\$avg8.vault$\V_00000064.fil
c:\$avg8.vault$\V_00000065.fil
c:\$avg8.vault$\V_00000066.fil
c:\$avg8.vault$\V_00000067.fil
c:\$avg8.vault$\V_00000068.fil
c:\$avg8.vault$\V_00000069.fil
c:\$avg8.vault$\V_00000070.fil
c:\$avg8.vault$\V_00000071.fil
c:\$avg8.vault$\V_00000072.fil
c:\$avg8.vault$\V_00000073.fil
c:\$avg8.vault$\V_00000074.fil
c:\$avg8.vault$\V_00000075.fil
c:\$avg8.vault$\V_00000076.fil
c:\$avg8.vault$\vvfolder.idx
c:\documents and settings\All Users\Data aplikací\avg8
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\erd.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\malrep.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\setup.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\updatecomps.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Data aplikací\avg8\CfgAll\changecfgreg.cfg
c:\documents and settings\All Users\Data aplikací\avg8\CfgAll\srmall.cfg
c:\documents and settings\All Users\Data aplikací\avg8\CfgAll\updateall.cfg
c:\documents and settings\All Users\Data aplikací\avg8\CfgAll\userall.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Dumps\avgnsx.exe_129104512014531250.exh
c:\documents and settings\All Users\Data aplikací\avg8\Dumps\avgnsx.exe_129104512014531250_F.dmp
c:\documents and settings\All Users\Data aplikací\avg8\Dumps\avgnsx.exe_129104512014531250_M.dmp
c:\documents and settings\All Users\Data aplikací\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.5
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.6
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfrw.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgfrw.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgscan.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avguilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgupd.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.1
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.2
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.3
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.4
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\cfgexlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\cfglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\corelog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Data aplikací\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Data aplikací\avg8\Log\history.xml
c:\documents and settings\All Users\Data aplikací\avg8\Log\ldrlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\lnglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\nslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\privlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\publog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\rslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\scanlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\schedlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\srmlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\updlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\vaultlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\wdlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\Log\wdsvclog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000001.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000007.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000008.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\I_00000009.log
c:\documents and settings\All Users\Data aplikací\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Data aplikací\avg8\Temp\21ae0b1b-e15b-4c9d-9cad-c06352b2fb13-ba4-oopp.tmp
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8cz.lng
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avg8us.lng
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgabout.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcfgex.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcfgx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcmgr.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcorex.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgcrlpx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgdumpx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfree_cz.mht
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfree_us.mht
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgfrw.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avginet.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgiproxy.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avglngx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avglogx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmail.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmvflx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmwdef_cz.mht
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgmwdef_us.mht
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgpp.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgresf.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgscanx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgscanx.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgse.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsched.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsrmax.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgsrmx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgssie.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgtray.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgui.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguiadv.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguilog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avguires.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgupd.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgupd.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgvvx.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwd.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwdsvc.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgwdwsc.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\avgxpl.dll
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cf.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cfgexlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\cfglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\corelog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\dfncfg.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\ldrlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\lnglog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\ph.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\privlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\publog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\rslog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb.dat.xcd
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sb2.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\sc.dat.xcd
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\scanlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setup.dat
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setup.exe
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setupcz.lns
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\setupus.lns
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\schedlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\srmlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\updlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\vaultlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\wdlog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\backup\wdsvclog.cfg
c:\documents and settings\All Users\Data aplikací\avg8\update\download\avginfoavi.ctf
c:\documents and settings\All Users\Data aplikací\avg8\update\download\avginfowin.ctf
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8bnr411rc.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8core440rf.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8fc312ss.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8krnl445rf.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8lngcz449rc.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8lngus449re.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8ls444rg.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8lsiex427rg.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8setupfree420rg.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8ui448rh.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\f8upd449rh.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u7avi1856u13237.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi3314nb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi3316u3314fj.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi3317u3316ch.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi3318u3317qb.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi3319u3318er.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi3320u3319fp.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\u9iavi3321u3320nq.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplcf_9nw.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplph_12gj.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_278w3.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_279d2785.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_280d27946.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb_281d28087.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb2_149gj.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsb2_15046.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_427w3.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_428d4275.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_429d42846.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\download\x8xplsc_430d42987.bin
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Data aplikací\avg8\update\prepare\sc.dat.prepare
C:\HIDE IP
c:\hide ip\Crack\SuperHideIP.exe
c:\hide ip\SuperHideIP-3.0.5.6.Setup.exe
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\Avg
c:\windows\system32\drivers\Avg\avi7.avg
c:\windows\system32\drivers\Avg\incavi.avm
c:\windows\system32\drivers\Avg\microavi.avg
c:\windows\system32\drivers\Avg\miniavi.avg
c:\windows\system32\drivers\avgldx86.sys
c:\windows\system32\drivers\avgmfx86.sys
c:\windows\system32\drivers\avgtdix.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-19 do 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-18 11:17 . 2010-12-18 11:17 -------- d-----w- C:\_OTM
2010-12-17 20:30 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-17 20:30 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 15:37 . 2010-12-17 15:37 -------- d-----w- c:\documents and settings\xano\Data aplikací\Malwarebytes
2010-12-17 15:35 . 2010-12-17 15:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-17 15:35 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 15:35 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 15:35 . 2010-12-17 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 14:56 . 2010-12-17 14:57 -------- d-----w- C:\rsit
2010-12-17 08:22 . 2010-12-17 08:22 -------- d-----w- c:\windows\system32\x64
2010-12-17 08:18 . 2010-12-17 08:18 -------- d-----w- c:\program files\Intel
2010-12-17 08:17 . 2001-04-11 17:25 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-17 08:17 . 2001-04-11 17:25 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2010-12-17 08:17 . 2001-04-11 17:21 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-17 08:17 . 2001-04-11 17:20 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-17 08:17 . 2001-04-11 17:29 602244 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-12-16 07:41 . 2010-12-16 07:41 -------- d-----w- c:\documents and settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 07:41 . 2010-12-16 07:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 07:35 . 2010-12-16 07:35 -------- d-----w- c:\documents and settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 07:35 . 2010-12-16 07:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-15 19:31 . 2010-12-15 19:31 -------- d-----w- c:\documents and settings\xano\Local Settings\Data aplikací\Mozilla
2010-12-14 13:00 . 2010-01-13 11:28 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2010-12-14 11:38 . 2007-12-17 16:14 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2010-12-14 11:38 . 2006-01-10 15:50 24576 ----a-w- c:\windows\system32\AsIO.dll
2010-12-14 11:38 . 2010-12-14 11:38 -------- d-----w- c:\program files\ASUS
2010-12-14 11:36 . 2010-12-14 11:36 -------- d-----w- C:\Ibmtools
2010-12-14 11:30 . 2010-12-14 11:30 -------- d-----w- c:\documents and settings\xano\Data aplikací\Blitware
2010-12-14 11:30 . 2010-12-14 11:30 -------- d-----w- c:\program files\Driver Robot
2010-12-14 11:12 . 2010-12-14 11:12 -------- d-----w- c:\program files\TopCD
2010-12-11 15:53 . 2010-12-11 15:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-11 10:41 . 2010-12-12 12:09 -------- d-----w- c:\program files\Ziacik v2.52
2010-12-06 18:31 . 2010-12-17 15:17 -------- d-----w- C:\VYPALENO
2010-12-05 07:27 . 2010-12-05 07:27 -------- d-----w- C:\graciasystem zaloha
2010-12-05 06:17 . 2010-12-17 19:03 -------- d-----w- C:\Hry
2010-12-05 06:17 . 2010-12-06 07:13 -------- d-----w- C:\Lineage II Freya instal
2010-12-02 06:31 . 2010-12-04 18:12 -------- d---a-w- C:\system innt zaloha
2010-11-25 12:22 . 2008-04-13 23:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-11-25 06:09 . 2010-11-25 06:09 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 09:31 . 2010-07-27 04:13 975360 ----a-w- C:\SRDownloader.exe
2010-11-18 18:15 . 2010-02-12 09:10 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:02 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-05 05:02 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 04:59 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-04-14 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-17_18.52.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-02-12 10:12 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2010-02-12 10:12 . 2010-02-22 14:20 18296 c:\windows\system32\spmsg.dll
- 2008-04-14 12:00 . 2010-12-17 18:28 67448 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-12-19 07:37 67448 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 78052 c:\windows\system32\perfc005.dat
+ 2008-04-14 12:00 . 2010-12-19 07:37 78052 c:\windows\system32\perfc005.dat
+ 2010-11-18 18:15 . 2010-11-18 18:15 81920 c:\windows\system32\dllcache\isign32.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 627200 c:\windows\system32\urlmon.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 627200 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-12-19 07:37 432492 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 432492 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 429024 c:\windows\system32\perfh005.dat
+ 2008-04-14 12:00 . 2010-12-19 07:37 429024 c:\windows\system32\perfh005.dat
- 2008-04-14 12:00 . 2008-04-14 12:00 532480 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 532480 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 449024 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 449024 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 251904 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 251904 c:\windows\system32\iepeers.dll
+ 2010-02-11 22:31 . 2010-12-18 06:08 117360 c:\windows\system32\FNTCACHE.DAT
- 2010-02-11 22:31 . 2010-11-25 06:13 117360 c:\windows\system32\FNTCACHE.DAT
+ 2010-11-05 05:02 . 2010-11-05 05:02 668160 c:\windows\system32\dllcache\wininet.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-10-28 13:09 . 2010-10-28 13:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 1510912 c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 1510912 c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 3097088 c:\windows\system32\mshtml.dll
+ 2010-10-26 13:58 . 2010-10-26 13:58 1853312 c:\windows\system32\dllcache\win32k.sys
+ 2010-11-05 05:02 . 2010-11-05 05:02 1510912 c:\windows\system32\dllcache\shdocvw.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 3097088 c:\windows\system32\dllcache\mshtml.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 1025024 c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 1025024 c:\windows\system32\browseui.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 1025024 c:\windows\system32\browseui.dll
+ 2010-02-17 09:34 . 2010-12-17 21:35 37366216 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.2.2010 13:14 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.2.2010 10:41 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\line ageii\system C\npkycryp.sys --> c:\line ageii\system C\npkycryp.sys [?]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [23.4.2010 2:20 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [23.4.2010 2:20 53312]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-14 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2010-12-14 11:30]

2010-12-17 c:\windows\Tasks\Norton Security Scan for xano.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 22:04]

2010-12-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]

2010-03-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15561&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Download All using 4shared Desktop
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-avgrsstarter - avgrsstx.dll
AddRemove-SuperHideIP - c:\program files\SuperHideIP\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 08:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-12-19 08:44:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-19 07:44
ComboFix2.txt 2010-12-17 18:53

Před spuštěním: Volných bajtů: 184 366 592 000
Po spuštění: Volných bajtů: 184 310 018 048

- - End Of File - - BD0455167CEDCAD3ABC6234B721185CB

Ale ten program není zrovna legální,ne?
Promin, ještě jeden skript, jsem nějaká slepá

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Tak jsem se sem konečně taky dostal
Jestli myslíš ten prg na Megavideo tak ten je legální-jen zkopíruješ url videa a vložíš na stránky http://www.tv.wrzuc.to/

Tak tady je log Comba ještě nainstaluju Aviru

ComboFix 10-12-16.05 - xano 20.12.2010 7:34.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2038.1673 [GMT 1:00]
Spuštěný z: c:\documents and settings\xano\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xano\Plocha\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe"
"c:\documents and settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe"
"c:\documents and settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe"
"c:\documents and settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-20 do 2010-12-20 )))))))))))))))))))))))))))))))
.

2010-12-18 11:17 . 2010-12-18 11:17 -------- d-----w- C:\_OTM
2010-12-17 20:30 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-17 20:30 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 15:37 . 2010-12-17 15:37 -------- d-----w- c:\documents and settings\xano\Data aplikací\Malwarebytes
2010-12-17 15:35 . 2010-12-17 15:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-17 15:35 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 15:35 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 15:35 . 2010-12-17 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 14:56 . 2010-12-17 14:57 -------- d-----w- C:\rsit
2010-12-17 08:22 . 2010-12-17 08:22 -------- d-----w- c:\windows\system32\x64
2010-12-17 08:18 . 2010-12-17 08:18 -------- d-----w- c:\program files\Intel
2010-12-17 08:17 . 2001-04-11 17:25 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-17 08:17 . 2001-04-11 17:25 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2010-12-17 08:17 . 2001-04-11 17:21 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-17 08:17 . 2001-04-11 17:20 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-17 08:17 . 2001-04-11 17:29 602244 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-12-16 07:41 . 2010-12-16 07:41 -------- d-----w- c:\documents and settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 07:41 . 2010-12-16 07:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 07:35 . 2010-12-16 07:35 -------- d-----w- c:\documents and settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 07:35 . 2010-12-16 07:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-15 19:31 . 2010-12-15 19:31 -------- d-----w- c:\documents and settings\xano\Local Settings\Data aplikací\Mozilla
2010-12-14 13:00 . 2010-01-13 11:28 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2010-12-14 11:38 . 2007-12-17 16:14 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2010-12-14 11:38 . 2006-01-10 15:50 24576 ----a-w- c:\windows\system32\AsIO.dll
2010-12-14 11:38 . 2010-12-14 11:38 -------- d-----w- c:\program files\ASUS
2010-12-14 11:36 . 2010-12-14 11:36 -------- d-----w- C:\Ibmtools
2010-12-14 11:30 . 2010-12-14 11:30 -------- d-----w- c:\documents and settings\xano\Data aplikací\Blitware
2010-12-14 11:30 . 2010-12-14 11:30 -------- d-----w- c:\program files\Driver Robot
2010-12-14 11:12 . 2010-12-14 11:12 -------- d-----w- c:\program files\TopCD
2010-12-11 15:53 . 2010-12-11 15:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-11 10:41 . 2010-12-12 12:09 -------- d-----w- c:\program files\Ziacik v2.52
2010-12-06 18:31 . 2010-12-17 15:17 -------- d-----w- C:\VYPALENO
2010-12-05 07:27 . 2010-12-05 07:27 -------- d-----w- C:\graciasystem zaloha
2010-12-05 06:17 . 2010-12-19 15:24 -------- d-----w- C:\Hry
2010-12-05 06:17 . 2010-12-06 07:13 -------- d-----w- C:\Lineage II Freya instal
2010-12-02 06:31 . 2010-12-04 18:12 -------- d---a-w- C:\system innt zaloha
2010-11-25 12:22 . 2008-04-13 23:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-11-25 06:09 . 2010-11-25 06:09 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 09:31 . 2010-07-27 04:13 975360 ----a-w- C:\SRDownloader.exe
2010-11-18 18:15 . 2010-02-12 09:10 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:02 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-05 05:02 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 04:59 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-04-14 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-17_18.52.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-02-12 10:12 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2010-02-12 10:12 . 2010-02-22 14:20 18296 c:\windows\system32\spmsg.dll
- 2008-04-14 12:00 . 2010-12-17 18:28 67448 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-12-20 06:25 67448 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 78052 c:\windows\system32\perfc005.dat
+ 2008-04-14 12:00 . 2010-12-20 06:25 78052 c:\windows\system32\perfc005.dat
+ 2010-11-18 18:15 . 2010-11-18 18:15 81920 c:\windows\system32\dllcache\isign32.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 627200 c:\windows\system32\urlmon.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 627200 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-12-20 06:25 432492 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 432492 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 429024 c:\windows\system32\perfh005.dat
+ 2008-04-14 12:00 . 2010-12-20 06:25 429024 c:\windows\system32\perfh005.dat
- 2008-04-14 12:00 . 2008-04-14 12:00 532480 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 532480 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 449024 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 449024 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 251904 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 251904 c:\windows\system32\iepeers.dll
+ 2010-02-11 22:31 . 2010-12-18 06:08 117360 c:\windows\system32\FNTCACHE.DAT
- 2010-02-11 22:31 . 2010-11-25 06:13 117360 c:\windows\system32\FNTCACHE.DAT
+ 2010-11-05 05:02 . 2010-11-05 05:02 668160 c:\windows\system32\dllcache\wininet.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-10-28 13:09 . 2010-10-28 13:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 1510912 c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 1510912 c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 3097088 c:\windows\system32\mshtml.dll
+ 2010-10-26 13:58 . 2010-10-26 13:58 1853312 c:\windows\system32\dllcache\win32k.sys
+ 2010-11-05 05:02 . 2010-11-05 05:02 1510912 c:\windows\system32\dllcache\shdocvw.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 3097088 c:\windows\system32\dllcache\mshtml.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 1025024 c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 1025024 c:\windows\system32\browseui.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 1025024 c:\windows\system32\browseui.dll
+ 2010-02-17 09:34 . 2010-12-17 21:35 37366216 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.2.2010 13:14 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.2.2010 10:41 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\line ageii\system C\npkycryp.sys --> c:\line ageii\system C\npkycryp.sys [?]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [23.4.2010 2:20 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [23.4.2010 2:20 53312]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-14 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2010-12-14 11:30]

2010-12-17 c:\windows\Tasks\Norton Security Scan for xano.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 22:04]

2010-12-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]

2010-03-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Download All using 4shared Desktop
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 07:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Celkový čas: 2010-12-20 07:37:07
ComboFix-quarantined-files.txt 2010-12-20 06:37
ComboFix2.txt 2010-12-19 07:44
ComboFix3.txt 2010-12-17 18:53

Před spuštěním: Volných bajtů: 184 350 060 544
Po spuštění: Volných bajtů: 184 341 110 784

- - End Of File - - D7E557158751AFA1E9FEE395491A163F

Tak jsem se sem konečně taky dostal
Jestli myslíš ten prg na Megavideo tak ten je legální-jen zkopíruješ url videa a vložíš na stránky http://www.tv.wrzuc.to/

Tak tady je log Comba ještě nainstaluju Aviru

ComboFix 10-12-16.05 - xano 20.12.2010 7:34.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2038.1673 [GMT 1:00]
Spuštěný z: c:\documents and settings\xano\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xano\Plocha\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe"
"c:\documents and settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe"
"c:\documents and settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe"
"c:\documents and settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-20 do 2010-12-20 )))))))))))))))))))))))))))))))
.

2010-12-18 11:17 . 2010-12-18 11:17 -------- d-----w- C:\_OTM
2010-12-17 20:30 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-17 20:30 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 15:37 . 2010-12-17 15:37 -------- d-----w- c:\documents and settings\xano\Data aplikací\Malwarebytes
2010-12-17 15:35 . 2010-12-17 15:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-17 15:35 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 15:35 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 15:35 . 2010-12-17 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 14:56 . 2010-12-17 14:57 -------- d-----w- C:\rsit
2010-12-17 08:22 . 2010-12-17 08:22 -------- d-----w- c:\windows\system32\x64
2010-12-17 08:18 . 2010-12-17 08:18 -------- d-----w- c:\program files\Intel
2010-12-17 08:17 . 2001-04-11 17:25 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-17 08:17 . 2001-04-11 17:25 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2010-12-17 08:17 . 2001-04-11 17:21 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-17 08:17 . 2001-04-11 17:20 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-17 08:17 . 2001-04-11 17:29 602244 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-12-16 07:41 . 2010-12-16 07:41 -------- d-----w- c:\documents and settings\xano\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 07:41 . 2010-12-16 07:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\c__Program Files_SuperHideIP_Crack_SuperHideIP.exe
2010-12-16 07:35 . 2010-12-16 07:35 -------- d-----w- c:\documents and settings\xano\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-16 07:35 . 2010-12-16 07:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\c__HIDE IP_Crack_SuperHideIP.exe
2010-12-15 19:31 . 2010-12-15 19:31 -------- d-----w- c:\documents and settings\xano\Local Settings\Data aplikací\Mozilla
2010-12-14 13:00 . 2010-01-13 11:28 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2010-12-14 11:38 . 2007-12-17 16:14 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2010-12-14 11:38 . 2006-01-10 15:50 24576 ----a-w- c:\windows\system32\AsIO.dll
2010-12-14 11:38 . 2010-12-14 11:38 -------- d-----w- c:\program files\ASUS
2010-12-14 11:36 . 2010-12-14 11:36 -------- d-----w- C:\Ibmtools
2010-12-14 11:30 . 2010-12-14 11:30 -------- d-----w- c:\documents and settings\xano\Data aplikací\Blitware
2010-12-14 11:30 . 2010-12-14 11:30 -------- d-----w- c:\program files\Driver Robot
2010-12-14 11:12 . 2010-12-14 11:12 -------- d-----w- c:\program files\TopCD
2010-12-11 15:53 . 2010-12-11 15:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-11 10:41 . 2010-12-12 12:09 -------- d-----w- c:\program files\Ziacik v2.52
2010-12-06 18:31 . 2010-12-17 15:17 -------- d-----w- C:\VYPALENO
2010-12-05 07:27 . 2010-12-05 07:27 -------- d-----w- C:\graciasystem zaloha
2010-12-05 06:17 . 2010-12-19 15:24 -------- d-----w- C:\Hry
2010-12-05 06:17 . 2010-12-06 07:13 -------- d-----w- C:\Lineage II Freya instal
2010-12-02 06:31 . 2010-12-04 18:12 -------- d---a-w- C:\system innt zaloha
2010-11-25 12:22 . 2008-04-13 23:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-11-25 06:09 . 2010-11-25 06:09 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 09:31 . 2010-07-27 04:13 975360 ----a-w- C:\SRDownloader.exe
2010-11-18 18:15 . 2010-02-12 09:10 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:02 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-05 05:02 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 04:59 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-04-14 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-17_18.52.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-02-12 10:12 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2010-02-12 10:12 . 2010-02-22 14:20 18296 c:\windows\system32\spmsg.dll
- 2008-04-14 12:00 . 2010-12-17 18:28 67448 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-12-20 06:25 67448 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 78052 c:\windows\system32\perfc005.dat
+ 2008-04-14 12:00 . 2010-12-20 06:25 78052 c:\windows\system32\perfc005.dat
+ 2010-11-18 18:15 . 2010-11-18 18:15 81920 c:\windows\system32\dllcache\isign32.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 627200 c:\windows\system32\urlmon.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 627200 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-12-20 06:25 432492 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 432492 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-12-17 18:28 429024 c:\windows\system32\perfh005.dat
+ 2008-04-14 12:00 . 2010-12-20 06:25 429024 c:\windows\system32\perfh005.dat
- 2008-04-14 12:00 . 2008-04-14 12:00 532480 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 532480 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 449024 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 449024 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 251904 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 251904 c:\windows\system32\iepeers.dll
+ 2010-02-11 22:31 . 2010-12-18 06:08 117360 c:\windows\system32\FNTCACHE.DAT
- 2010-02-11 22:31 . 2010-11-25 06:13 117360 c:\windows\system32\FNTCACHE.DAT
+ 2010-11-05 05:02 . 2010-11-05 05:02 668160 c:\windows\system32\dllcache\wininet.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-10-28 13:09 . 2010-10-28 13:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 1510912 c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 1510912 c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 3097088 c:\windows\system32\mshtml.dll
+ 2010-10-26 13:58 . 2010-10-26 13:58 1853312 c:\windows\system32\dllcache\win32k.sys
+ 2010-11-05 05:02 . 2010-11-05 05:02 1510912 c:\windows\system32\dllcache\shdocvw.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 3097088 c:\windows\system32\dllcache\mshtml.dll
+ 2010-11-05 05:02 . 2010-11-05 05:02 1025024 c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 12:00 . 2010-09-09 14:23 1025024 c:\windows\system32\browseui.dll
+ 2008-04-14 12:00 . 2010-11-05 05:02 1025024 c:\windows\system32\browseui.dll
+ 2010-02-17 09:34 . 2010-12-17 21:35 37366216 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.2.2010 13:14 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.2.2010 10:41 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\line ageii\system C\npkycryp.sys --> c:\line ageii\system C\npkycryp.sys [?]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [23.4.2010 2:20 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [23.4.2010 2:20 53312]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-14 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2010-12-14 11:30]

2010-12-17 c:\windows\Tasks\Norton Security Scan for xano.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 22:04]

2010-12-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]

2010-03-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Download All using 4shared Desktop
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 07:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Celkový čas: 2010-12-20 07:37:07
ComboFix-quarantined-files.txt 2010-12-20 06:37
ComboFix2.txt 2010-12-19 07:44
ComboFix3.txt 2010-12-17 18:53

Před spuštěním: Volných bajtů: 184 350 060 544
Po spuštění: Volných bajtů: 184 341 110 784

- - End Of File - - D7E557158751AFA1E9FEE395491A163F