Zde je log z ComboFixu:
ComboFix 11-02-09.05 - Admin 11.02.2011 7:24.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1555 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\directory\CyberGate
c:\documents and settings\Adam\Data aplikací\Dealio
c:\documents and settings\Adam\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\Adam\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Admin\Data aplikací\Dealio
c:\documents and settings\Admin\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\Admin\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Admin\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Admin\Data aplikací\PriceGong
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Admin\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\All Users\Data aplikací\Zwunzi
c:\documents and settings\All Users\Data aplikací\Zwunzi\zwunzi141.exe
c:\documents and settings\Matous\Data aplikací\Dealio
c:\documents and settings\Matous\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\Matous\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Matous\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Matous\Data aplikací\PriceGong
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Matous\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\Vera\Data aplikací\Dealio
c:\documents and settings\Vera\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\Vera\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\install.exe
c:\program files\Zwunzi
c:\program files\Zwunzi\uninstall.exe
c:\program files\Zwunzi\zwunzi.exe
C:\start
c:\windows\AutoRun.ini
c:\windows\system32\midas.dll
c:\windows\system32\Script.vbs
c:\windows\system32\WIN32GI
F:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ZWUNZI_SERVICE
-------\Service_Zwunzi Service
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-11 do 2011-02-11 )))))))))))))))))))))))))))))))
.
2011-02-10 18:53 . 2011-02-10 19:37 -------- d-----w- c:\program files\trend micro
2011-02-10 18:53 . 2011-02-10 18:53 -------- dc----w- C:\rsit
2011-02-10 14:46 . 2011-02-10 14:46 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Activision
2011-02-07 15:11 . 2011-02-07 15:11 -------- dc----w- C:\PHP
2011-02-07 14:55 . 2011-02-07 14:55 -------- dc----w- C:\dev
2011-02-02 17:02 . 2011-02-02 17:02 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Ubisoft
2011-02-02 15:44 . 2011-02-02 15:44 -------- d-----w- c:\documents and settings\Admin\Data aplikací\LolClient
2011-02-02 15:27 . 2011-02-02 15:27 -------- dc----w- C:\Riot Games
2011-02-02 14:08 . 2011-02-04 15:02 -------- d-----w- c:\program files\League of legends
2011-02-02 14:08 . 2011-02-02 17:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2011-02-02 14:07 . 2011-02-02 14:07 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-02-02 14:07 . 2011-02-02 14:07 -------- d-----w- c:\program files\Pando Networks
2011-01-30 13:09 . 2011-01-30 13:09 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\AliensVsPredator
2011-01-30 13:00 . 2007-06-29 13:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-01-30 13:00 . 2011-01-30 13:00 -------- d-----w- c:\program files\AMD
2011-01-30 12:58 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-01-30 12:58 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-01-30 12:58 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-01-30 12:58 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-01-30 12:58 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-01-30 12:58 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-01-30 12:58 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-01-30 12:58 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-01-30 12:03 . 2011-02-07 16:45 -------- d-----w- c:\program files\Aliens vs Predator 2010
2011-01-28 14:43 . 2010-11-29 06:56 545 ----a-w- c:\windows\UC.PIF
2011-01-28 14:43 . 2010-11-29 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-01-28 14:43 . 2010-11-29 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-01-28 14:43 . 2010-11-29 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-01-28 14:43 . 2010-11-29 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-01-28 14:43 . 2010-11-29 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-01-28 14:43 . 2010-11-29 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-01-28 14:43 . 2011-01-28 14:44 -------- dc----w- C:\totalcmd
2011-01-28 14:43 . 2011-01-28 14:43 -------- d-----w- c:\documents and settings\Admin\Data aplikací\GHISLER
2011-01-27 15:35 . 2011-01-27 15:35 -------- d-----w- c:\documents and settings\Adam\Data aplikací\Skype
2011-01-27 15:32 . 2011-01-27 15:32 -------- d-----w- c:\documents and settings\Adam\Data aplikací\Canon
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-18 16:47 . 2011-01-18 16:47 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PunkBuster
2011-01-18 13:44 . 2011-01-18 13:44 -------- d-----w- c:\documents and settings\Adam\Local Settings\Data aplikací\Ubisoft
2011-01-16 17:02 . 2011-01-18 15:57 -------- d-----w- c:\program files\Electronic Arts
2011-01-16 09:47 . 2011-01-16 09:47 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Ubisoft
2011-01-16 09:08 . 2007-04-27 09:12 78784 ----a-w- c:\windows\system32\ISUSPM.cpl
2011-01-16 09:08 . 2006-09-10 20:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-01-16 09:08 . 2007-04-27 09:12 29640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 17:15 . 2009-03-30 15:06 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-10 17:11 . 2009-03-30 15:06 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-10 14:44 . 2010-12-17 21:31 22328 ----a-w- c:\documents and settings\Admin\Data aplikací\PnkBstrK.sys
2011-02-10 14:43 . 2010-03-05 14:10 682280 ----a-w- c:\windows\system32\pbsvc.exe
2011-01-26 17:56 . 2009-08-29 16:25 214864 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-21 14:44 . 2004-08-18 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-18 16:48 . 2009-03-30 15:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-18 16:35 . 2010-04-28 07:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-13 08:47 . 2010-02-17 06:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-02-17 06:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-02-17 06:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-02-17 06:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-02-17 06:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-02-17 06:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-02-17 06:59 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-02-17 06:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06 . 2009-11-30 11:05 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 14:04 . 2004-08-18 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-18 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-14 19:03 . 2010-12-14 19:03 375808 ----a-w- c:\documents and settings\Admin\Local Settings\Data aplikací\0335924941.exe
2010-12-09 15:15 . 2004-08-18 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-18 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-07 17:05 . 2010-12-07 17:05 27792 ----a-w- c:\windows\system32\drivers\point32.sys
2010-11-18 18:15 . 2007-07-16 17:33 81920 ----a-w- c:\windows\system32\isign32.dll
2000-08-30 14:46 . 2000-08-30 14:46 1807072 ------w- c:\program files\vcredist.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-25 3911776]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-27 20:06 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a089bcd-c7f1-4064-8702-f58d8bd5d61f}]
2007-12-10 12:46 1510424 ----a-w- c:\program files\Sigma_Team\tbSig0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 10:18 451808 ----a-w- c:\program files\RadioBar\toolbar.ni.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2011-01-27 20:06 3911776 ----a-w- c:\program files\TorrentMan\tbTor1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-25 18:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\Media_Star\tbMedi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5a089bcd-c7f1-4064-8702-f58d8bd5d61f}"= "c:\program files\Sigma_Team\tbSig0.dll" [2007-12-10 1510424]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2011-01-27 3911776]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-25 3911776]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-27 3911776]
[HKEY_CLASSES_ROOT\clsid\{5a089bcd-c7f1-4064-8702-f58d8bd5d61f}]
[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]
[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bandwidth Meter.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bandwidth Meter.lnk
backup=c:\windows\pss\Bandwidth Meter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Monitor Apache Servers.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-07-25 10:01 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 16:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 14:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SamSs"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Microsoft SharePoint Workspace Audit Service"=3 (0x3)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"ICQ Service"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"Apache2.2"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Fanda\\Plocha\\Skype.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Resonation\\Resonation.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Netdevil\\Warmonger\\Binaries\\WMGame.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Valve\\Half-Life 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Half-Life 2 Episode One\\hl2.exe"=
"c:\\Program Files\\Valve\\Half-Life 2 Episode Two\\hl2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"c:\\Documents and Settings\\Matous\\Plocha\\Killing Floor\\System\\KillingFloor.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Documents and Settings\\Matous\\Plocha\\Multiwina\\multiwinia.exe"=
"c:\\Documents and Settings\\Matous\\Plocha\\KillingFloor_v1011_NoSteam\\Killing Floor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Matous\\Plocha\\Mystiq.org Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik4\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik4\\team fortress 2 meet the scout\\smp.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik4\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the ball demo\\Binaries\\Win32\\TheBall.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik6\\garrysmod\\hl2.exe"=
"c:\\Program Files\\TorrentBitch\\TorrentBitch.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik4\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik6\\synergy\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\Documents and Settings\\Vera\\Plocha\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\matousik\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58034:TCP"= 58034:TCP:Pando Media Booster
"58034:UDP"= 58034:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.11.2009 16:51 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.2.2010 7:59 294608]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2.8.2007 19:39 33824]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [10.8.2007 19:42 1984]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 10:51 19200]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22.10.2010 16:38 386560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.2.2010 7:59 17744]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 8:13 34064]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3.12.2009 13:09 58600]
S2 ATE_PROCMON;ATE_PROCMON; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 adxapie;adxapie; [x]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Matous\LOCALS~1\Temp\FFN15B.tmp --> c:\docume~1\Matous\LOCALS~1\Temp\FFN15B.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [8.12.2010 16:18 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [8.12.2010 16:18 100736]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 Apache2.2;Apache2.2;c:\dev\prog\bin\httpd.exe [18.10.2010 1:32 20549]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; [x]
S4 ICQ Service;ICQ Service; [x]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21.1.2010 17:51 30963576]
.
Obsah adresáře 'Naplánované úlohy'
2011-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2011-02-11 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-03-09 12:18]
2011-02-11 c:\windows\Tasks\User_Feed_Synchronization-{127575F9-27B8-448F-A31B-9E5890722031}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2626277
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{A6E4A4EB-D169-4E99-8988-250FCBAFE767} - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-crss - (no file)
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Anti Trojan Elite_is1 - c:\program files\Anti Trojan Elite\unins000.exe
AddRemove-Audacity 1.3 Beta (Unicode)_is1 - c:\program files\Audacity 1.3 Beta (Unicode)\unins000.exe
AddRemove-Free Mp3 Wma Ogg Converter_is1 - c:\program files\Free Mp3 Wma Ogg Converter\unins000.exe
AddRemove-Free Video Converter_is1 - c:\program files\Free Video Converter\unins000.exe
AddRemove-HLSW_is1 - c:\program files\HLSW\unins000.exe
AddRemove-LANGMaster Škola DNES_is1 - c:\program files\LANGMaster Škola DNES\unins000.exe
AddRemove-Machine World_is1 - c:\program files\FreeGamePick.com\Machine World\unins000.exe
AddRemove-Rayman M_is1 - c:\program files\Ubi Soft\RaymanM\unins000.exe
AddRemove-RCDEMO - c:\sierra\RCRacersDemo\Uninst.isu
AddRemove-RegClean Pro_is1 - c:\program files\RegClean Pro\unins000.exe
AddRemove-Registry Easy_is1 - c:\program files\Registry Easy\unins000.exe
AddRemove-RegistryFix_is1 - c:\program files\RegistryFix\unins000.exe
AddRemove-Ultimate Tank_is1 - c:\program files\FreeGamePick.com\Ultimate Tank\unins000.exe
AddRemove-Zwunzi - c:\program files\Zwunzi\uninstall.exe
AddRemove-{10ACC836-F47B-4236-96A5-DF52076EE70A}_is1 - c:\program files\NoVirusThanks\NoVirusThanks Malware Remover\unins000.exe
AddRemove-{BC2C6B8D-73A6-4540-8212-906527D43553}_is1 - c:\program files\City Life Super Deluxe\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-02-11 07:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Matous\LOCALS~1\Temp\FFN15B.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1757981266-1715567821-725345543-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1757981266-1715567821-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *a*n*d* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Podpora]
"Order"=hex:08,00,00,00,02,00,00,00,8a,02,00,00,01,00,00,00,04,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\
[HKEY_USERS\S-1-5-21-1757981266-1715567821-725345543-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:e3,14,f8,e1,50,8e,31,f2,c3,34,cb,77,1d,6a,0c,17,5a,f7,4f,58,ff,60,b7,
a6,86,2d,1f,b2,92,6a,c8,4d,bf,6d,24,b9,8d,41,37,35,27,1f,ba,98,23,3a,93,88,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
[HKEY_USERS\S-1-5-21-1757981266-1715567821-725345543-1007\Software\SecuROM\License information*]
"datasecu"=hex:05,67,9c,f0,1f,a8,ed,eb,84,58,5d,69,02,37,f9,09,37,cb,ff,ec,f5,
8c,e2,e0,7d,d0,86,9b,c9,df,15,a1,05,5e,aa,52,d4,02,9a,bb,ee,72,d1,d0,7d,52,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(2488)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchIndexer.exe
.
**************************************************************************
.
Celkový čas: 2011-02-11 07:42:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-11 06:42
Před spuštěním: 8 063 090 688
Po spuštění: Volných bajtů: 13 505 204 224
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 79973B203B73A9DA87104D3C08466718
