VIRY.CZ

Dobrý den, NOD mi hlásí přítomnost rootkitu. Prosím o pomoc.
-----------------------------------------------------------------------------------------------
ComboFix 10-03-07.04 - Hoodie Tonez 08.03.2010 9:35.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.532 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hoodie Tonez\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\ajadumapum.vbs
c:\documents and settings\Hoodie Tonez\Data aplikacˇ\egyl.reg
c:\documents and settings\Hoodie Tonez\Dokumenty\cc_20100307_202120.reg
c:\documents and settings\Hoodie Tonez\Local Settings\Data aplikacˇ\qineq.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-08 do 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-06 18:09 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-06 18:09 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-06 18:09 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-06 18:09 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-06 18:09 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-03-06 09:09 . 2010-03-06 09:09 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-06 07:44 . 2010-03-06 07:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-17 15:05 . 2010-02-17 15:05 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-17 15:03 . 2010-02-17 15:07 -------- d-----w- c:\program files\ICQ6.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 08:34 . 2004-08-18 12:00 90056 ----a-w- c:\windows\system32\perfc005.dat
2010-03-08 08:34 . 2004-08-18 12:00 455388 ----a-w- c:\windows\system32\perfh005.dat
2010-03-08 08:14 . 2009-03-16 10:00 -------- d-----w- c:\program files\Common Files\Motive
2010-03-07 19:19 . 2009-11-10 12:20 -------- d-----w- c:\program files\CCleaner
2010-03-06 07:39 . 2006-09-16 12:08 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-04 12:14 . 2006-11-12 13:20 -------- d-----w- c:\program files\Nová složka
2010-02-26 09:23 . 2007-01-06 16:52 16 -c--a-w- c:\windows\msocreg32.dat
2010-02-17 15:04 . 2008-02-29 07:32 -------- d-----w- c:\program files\ICQ6
2010-02-03 11:39 . 2010-02-03 11:39 -------- d-----w- c:\program files\Bethesda Softworks
2010-02-03 11:39 . 2006-01-26 15:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 08:27 . 2010-01-21 08:27 -------- d-----w- c:\program files\CAPCOM
2010-01-15 06:24 . 2008-03-05 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 08:20 . 2010-01-11 12:49 -------- d-----w- c:\program files\Codemasters
2010-01-11 13:25 . 2010-01-11 13:25 -------- d-----w- c:\program files\BRS
2010-01-11 13:25 . 2010-01-11 13:24 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-11 13:23 . 2010-01-11 13:23 -------- d-----w- c:\program files\OpenAL
2010-01-11 13:23 . 2006-09-13 14:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-11 13:23 . 2006-09-13 14:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-11 12:47 . 2010-01-11 12:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-11 12:47 . 2010-01-11 12:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-11 12:47 . 2006-09-18 19:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\program files\uTorrent
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 07:55 . 2009-12-30 07:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-22 05:09 . 2004-08-18 12:00 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2006-01-26 15:20 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:15 . 2005-10-14 09:56 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-31 15:38 . 2008-05-29 14:32 1222 ----a-w- c:\program files\Nový objekt - Textový dokument (5).txt
2007-04-18 20:54 . 2008-02-11 12:58 16083128 ----a-w- c:\program files\Dreamweaver2.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-03-07_19.11.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-18 12:00 . 2010-03-07 19:00 78744 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2010-03-08 08:34 78744 c:\windows\system32\perfc009.dat
+ 2008-01-22 14:30 . 2008-04-13 18:46 19200 c:\windows\system32\dllcache\wstcodec.sys
+ 2006-01-26 15:49 . 2008-04-13 18:45 26368 c:\windows\system32\dllcache\usbstor.sys
+ 2008-04-28 14:57 . 2008-04-13 18:45 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2006-12-16 19:03 . 2008-04-13 18:45 32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2006-12-16 19:03 . 2008-04-13 18:45 60032 c:\windows\system32\dllcache\usbaudio.sys
+ 2006-01-26 15:20 . 2008-04-14 03:23 21896 c:\windows\system32\dllcache\tdtcp.sys
+ 2006-01-26 15:20 . 2008-04-14 03:23 12040 c:\windows\system32\dllcache\tdpipe.sys
+ 2006-01-26 15:43 . 2008-04-13 18:45 56576 c:\windows\system32\dllcache\swmidi.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 11136 c:\windows\system32\dllcache\slip.sys
+ 2004-08-18 12:00 . 2008-04-13 18:40 11392 c:\windows\system32\dllcache\sfloppy.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2004-08-17 15:43 . 2008-04-14 02:06 30080 c:\windows\system32\dllcache\modem.sys
+ 2006-01-26 16:17 . 2008-04-13 18:54 11264 c:\windows\system32\dllcache\irenum.sys
+ 2004-08-18 12:00 . 2008-04-13 18:57 20864 c:\windows\system32\dllcache\ipinip.sys
+ 2004-08-18 12:00 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\ip6fw.sys
+ 2004-08-18 12:00 . 2008-04-13 18:40 20480 c:\windows\system32\dllcache\flpydisk.sys
+ 2004-08-18 12:00 . 2008-04-13 18:40 27392 c:\windows\system32\dllcache\fdc.sys
+ 2006-01-26 15:43 . 2008-04-13 18:45 52864 c:\windows\system32\dllcache\dmusic.sys
+ 2001-08-17 21:52 . 2004-08-18 12:00 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2004-08-18 12:00 . 2008-04-13 18:51 59904 c:\windows\system32\dllcache\atmarpc.sys
+ 2004-08-18 12:00 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\asyncmac.sys
+ 2006-01-26 15:28 . 2010-03-08 08:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-01-26 15:28 . 2010-03-06 18:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-01-26 15:28 . 2010-03-08 08:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-01-26 15:28 . 2010-03-06 18:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-08 08:12 . 2010-03-08 08:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-03-06 18:08 . 2010-03-06 18:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-01-26 15:43 . 2008-04-13 18:45 6272 c:\windows\system32\dllcache\splitter.sys
+ 2008-01-22 14:30 . 2008-04-13 18:39 5504 c:\windows\system32\dllcache\mstee.sys
+ 2006-01-26 15:42 . 2008-04-13 18:39 4992 c:\windows\system32\dllcache\mspqm.sys
+ 2006-01-26 15:42 . 2008-04-13 18:39 5376 c:\windows\system32\dllcache\mspclock.sys
+ 2006-01-26 15:42 . 2008-04-13 18:39 7552 c:\windows\system32\dllcache\mskssrv.sys
+ 2006-01-26 15:43 . 2008-04-13 18:45 2944 c:\windows\system32\dllcache\drmkaud.sys
- 2004-08-18 12:00 . 2010-03-07 19:00 458954 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2010-03-08 08:34 458954 c:\windows\system32\perfh009.dat
+ 2006-01-26 15:20 . 2008-04-14 03:23 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2004-08-18 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2006-01-26 15:43 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 18944]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-09-15 917504]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"SxgTkBar"="SxgTkBar.exe" [2001-07-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-06 524632]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Hoodie Tonez\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winesm32.exe [2008-4-14 49664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [26.1.2006 16:44 25067]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.6.2009 14:16 64160]
R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [11.6.2007 12:11 64880]
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [11.6.2007 12:10 55160]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [20.12.2006 10:11 11264]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.2.2010 16:05 222968]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17.12.2006 0:52 33792]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [7.1.2007 16:26 966784]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2006 20:29 691696]
S2 ODBC service;ODBC service; [x]
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc --> c:\windows\system32\pr2ah4nb.exe svc [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 20:06 1029456]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [18.9.2006 20:34 223128]
.
Obsah adresáře 'Naplánované úlohy'

2009-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:58]

2010-03-08 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 11:19]

2008-09-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 11:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = hxxp://www.quick.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Hoodie Tonez\Data aplikací\Mozilla\Firefox\Profiles\xd04mr5c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 09:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\imon.dll
.
Celkový čas: 2010-03-08 09:51:43
ComboFix-quarantined-files.txt 2010-03-08 08:51
ComboFix2.txt 2010-03-07 19:12
ComboFix3.txt 2009-11-13 09:01
ComboFix4.txt 2009-11-10 10:56

Před spuštěním: 1 729 523 712
Po spuštění: 1 692 905 472

- - End Of File - - 6392C6FF177FC60B529E2BB187FF2A4A

Neznalost neomlouva, ale v mem pripade za to mohla neznalost.
--------------------------------------------------------------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hoodie Tonez at 2010-03-08 11:13:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (1%) free of 238 GB
Total RAM: 1023 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:54, on 8.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Hoodie Tonez\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Hoodie Tonez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.quick.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10949 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-08-07 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2005-08-07 18944]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"CTDVDDET"=C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"RCSystem"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-07-11 122880]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2006-09-15 917504]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-03-02 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2006-03-02 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-03-02 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-03-02 455168]
"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-09 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-03-09 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-09 15691264]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-12-18 307200]
"SxgTkBar"=C:\WINDOWS\system32\SxgTkBar.exe [2001-07-11 53248]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2006-06-19 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-05-12 831488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-06 524632]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2009-01-16 1473536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\Hoodie Tonez\Nabídka Start\Programy\Po spuštění
winesm32.exe

C:\Documents and Settings\Hoodie Tonez\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe"="C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-08 11:13:37 ----D---- C:\Program Files\trend micro
2010-03-08 11:13:36 ----D---- C:\rsit
2010-03-08 09:51:46 ----D---- C:\WINDOWS\temp
2010-03-08 09:51:44 ----A---- C:\ComboFix.txt
2010-03-06 10:09:44 ----D---- C:\Program Files\SystemRequirementsLab
2010-03-06 08:46:41 ----D---- C:\Documents and Settings\Hoodie Tonez\Data aplikací\Media Player Classic
2010-03-06 08:44:36 ----D---- C:\Program Files\K-Lite Codec Pack
2010-02-24 13:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-17 16:05:37 ----D---- C:\Program Files\ICQ6Toolbar
2010-02-17 16:05:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-02-17 16:03:26 ----D---- C:\Program Files\ICQ6.5
2010-02-10 10:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 10:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 10:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 10:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 10:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 10:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 09:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 09:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 09:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-08 11:13:37 ----D---- C:\Program Files
2010-03-08 10:37:25 ----D---- C:\Program Files\Mozilla Firefox
2010-03-08 09:51:46 ----D---- C:\WINDOWS
2010-03-08 09:51:40 ----D---- C:\Qoobox
2010-03-08 09:47:37 ----A---- C:\WINDOWS\system.ini
2010-03-08 09:41:08 ----D---- C:\WINDOWS\system32\drivers
2010-03-08 09:41:08 ----D---- C:\WINDOWS\system32
2010-03-08 09:41:08 ----D---- C:\WINDOWS\AppPatch
2010-03-08 09:41:03 ----D---- C:\Program Files\Common Files
2010-03-08 09:38:59 ----D---- C:\WINDOWS\system32\Lang
2010-03-08 09:35:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-08 09:34:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-08 09:34:06 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-08 09:33:27 ----D---- C:\Documents and Settings\Hoodie Tonez\Data aplikací\Skype
2010-03-08 09:25:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-08 09:14:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-08 09:14:11 ----D---- C:\Program Files\Common Files\Motive
2010-03-07 20:20:16 ----D---- C:\WINDOWS\Debug
2010-03-07 20:19:17 ----D---- C:\Program Files\CCleaner
2010-03-07 19:51:06 ----D---- C:\WINDOWS\Prefetch
2010-03-06 21:16:41 ----D---- C:\Documents and Settings\Hoodie Tonez\Data aplikací\Adobe
2010-03-06 14:53:39 ----D---- C:\Documents and Settings\Hoodie Tonez\Data aplikací\uTorrent
2010-03-06 13:18:17 ----A---- C:\WINDOWS\BlendSettings.ini
2010-03-06 08:39:38 ----D---- C:\Program Files\Codec Pack - All In 1
2010-03-04 13:14:44 ----D---- C:\Program Files\Nová složka
2010-02-26 10:38:59 ----A---- C:\WINDOWS\BBW_INFO.INI
2010-02-25 17:18:56 ----D---- C:\bb
2010-02-24 13:08:47 ----HD---- C:\WINDOWS\inf
2010-02-17 16:04:22 ----D---- C:\Program Files\ICQ6
2010-02-16 12:36:58 ----A---- C:\WINDOWS\wk2000.ini
2010-02-16 12:36:58 ----A---- C:\WINDOWS\winklav.ini
2010-02-16 12:36:58 ----A---- C:\WINDOWS\wg2000.ini
2010-02-10 16:01:24 ----D---- C:\Documents and Settings\Hoodie Tonez\Data aplikací\skypePM
2010-02-10 10:03:33 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-09-14 82380]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]
R3 catchme;catchme; \??\C:\DOCUME~1\HOODIE~1\LOCALS~1\Temp\catchme.sys []
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-08-07 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-08-07 439424]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-08-07 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-08-07 142848]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-08-07 77824]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 1093632]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-10 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-09 3650368]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-08-07 114688]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer; C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2001-10-05 966784]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
S3 mbr;mbr; \??\C:\DOCUME~1\HOODIE~1\LOCALS~1\Temp\mbr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2006-06-27 10148480]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-11-01 223128]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-06 1029456]
R2 MA_CMIDI_InstallerService;M-Audio CMIDI Installer; C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe [2005-09-28 94208]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2006-09-15 507904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-09 143436]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
S2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb); C:\WINDOWS\system32\pr2ah4nb.exe [2007-06-11 407152]
S2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2007-10-19 181312]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Soubor jsem zabalil a posilam ho v priloze.

Popremyslim odkud jsem ho mohl ziskat. Posledni vec, co me napada, tak jsem si stahoval k-lite kodeky do media playeru.
Jinak jsem spoustel aplikaci Microsoft Diagnostic and Recovery Toolset a nenasel zadne poskozene systemove soubory. V citaci ve Vasem prispevku stoji, ze mam nakonec spustit Combo Fix, ale minule jste me od toho zrazoval. Co mam tedy delat dal? Diky,
Franta

C:\WINDOWS\system32\_scui.VVcpl - a variant of Win32/Kryptik.AYI trojan

Tak tohle mi nasel NOD. Nepresouval jsem to do karanteny podle instrukci.

PC zatím nevykazuje žádné další známky infekce, za což Vám moc děkuji. Ještě zabalím ten infikovaný soubor, kdyby něco, tak se ozvu. Jinak ještě jednou díky.
Franta
-----------------------------------------------------------------------------------
ComboFix 10-03-08.01 - Hoodie Tonez 09.03.2010 8:58.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.458 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hoodie Tonez\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\ajadumapum.vbs
c:\documents and settings\Hoodie Tonez\Data aplikacˇ\egyl.reg
c:\documents and settings\Hoodie Tonez\Local Settings\Data aplikacˇ\qineq.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-09 do 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-08 12:20 . 2010-03-08 12:20 -------- d-----w- C:\~ErdUserProfile.$$$
2010-03-08 10:13 . 2010-03-08 10:13 -------- d-----w- c:\program files\trend micro
2010-03-08 10:13 . 2010-03-08 10:13 -------- d-----w- C:\rsit
2010-03-06 18:09 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-06 18:09 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-06 18:09 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-06 18:09 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-06 18:09 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-03-06 09:09 . 2010-03-06 09:09 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-06 07:44 . 2010-03-06 07:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-17 15:05 . 2010-02-17 15:05 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-17 15:03 . 2010-02-17 15:07 -------- d-----w- c:\program files\ICQ6.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 07:57 . 2004-08-18 12:00 90056 ----a-w- c:\windows\system32\perfc005.dat
2010-03-09 07:57 . 2004-08-18 12:00 455388 ----a-w- c:\windows\system32\perfh005.dat
2010-03-08 08:14 . 2009-03-16 10:00 -------- d-----w- c:\program files\Common Files\Motive
2010-03-07 19:19 . 2009-11-10 12:20 -------- d-----w- c:\program files\CCleaner
2010-03-06 07:39 . 2006-09-16 12:08 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-04 12:14 . 2006-11-12 13:20 -------- d-----w- c:\program files\Nová složka
2010-02-26 09:23 . 2007-01-06 16:52 16 -c--a-w- c:\windows\msocreg32.dat
2010-02-17 15:04 . 2008-02-29 07:32 -------- d-----w- c:\program files\ICQ6
2010-02-03 11:39 . 2010-02-03 11:39 -------- d-----w- c:\program files\Bethesda Softworks
2010-02-03 11:39 . 2006-01-26 15:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 08:27 . 2010-01-21 08:27 -------- d-----w- c:\program files\CAPCOM
2010-01-15 06:24 . 2008-03-05 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 08:20 . 2010-01-11 12:49 -------- d-----w- c:\program files\Codemasters
2010-01-11 13:25 . 2010-01-11 13:25 -------- d-----w- c:\program files\BRS
2010-01-11 13:25 . 2010-01-11 13:24 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-11 13:23 . 2010-01-11 13:23 -------- d-----w- c:\program files\OpenAL
2010-01-11 13:23 . 2006-09-13 14:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-11 13:23 . 2006-09-13 14:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-11 12:47 . 2010-01-11 12:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-11 12:47 . 2010-01-11 12:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-11 12:47 . 2006-09-18 19:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\program files\uTorrent
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 07:55 . 2009-12-30 07:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-22 05:09 . 2004-08-18 12:00 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2006-01-26 15:20 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:15 . 2005-10-14 09:56 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-31 15:38 . 2008-05-29 14:32 1222 ----a-w- c:\program files\Nový objekt - Textový dokument (5).txt
2007-04-18 20:54 . 2008-02-11 12:58 16083128 ----a-w- c:\program files\Dreamweaver2.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-03-07_19.11.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-18 12:00 . 2010-03-07 19:00 78744 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2010-03-09 07:57 78744 c:\windows\system32\perfc009.dat
+ 2008-01-22 14:30 . 2008-04-13 18:46 19200 c:\windows\system32\dllcache\wstcodec.sys
+ 2006-01-26 15:49 . 2008-04-13 18:45 26368 c:\windows\system32\dllcache\usbstor.sys
+ 2008-04-28 14:57 . 2008-04-13 18:45 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2006-12-16 19:03 . 2008-04-13 18:45 32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2006-12-16 19:03 . 2008-04-13 18:45 60032 c:\windows\system32\dllcache\usbaudio.sys
+ 2006-01-26 15:20 . 2008-04-14 03:23 21896 c:\windows\system32\dllcache\tdtcp.sys
+ 2006-01-26 15:20 . 2008-04-14 03:23 12040 c:\windows\system32\dllcache\tdpipe.sys
+ 2006-01-26 15:43 . 2008-04-13 18:45 56576 c:\windows\system32\dllcache\swmidi.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 11136 c:\windows\system32\dllcache\slip.sys
+ 2004-08-18 12:00 . 2008-04-13 18:40 11392 c:\windows\system32\dllcache\sfloppy.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2004-08-17 15:43 . 2008-04-14 02:06 30080 c:\windows\system32\dllcache\modem.sys
+ 2006-01-26 16:17 . 2008-04-13 18:54 11264 c:\windows\system32\dllcache\irenum.sys
+ 2004-08-18 12:00 . 2008-04-13 18:57 20864 c:\windows\system32\dllcache\ipinip.sys
+ 2004-08-18 12:00 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\ip6fw.sys
+ 2004-08-18 12:00 . 2008-04-13 18:40 20480 c:\windows\system32\dllcache\flpydisk.sys
+ 2004-08-18 12:00 . 2008-04-13 18:40 27392 c:\windows\system32\dllcache\fdc.sys
+ 2006-01-26 15:43 . 2008-04-13 18:45 52864 c:\windows\system32\dllcache\dmusic.sys
+ 2001-08-17 21:52 . 2004-08-18 12:00 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2008-01-22 14:30 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2004-08-18 12:00 . 2008-04-13 18:51 59904 c:\windows\system32\dllcache\atmarpc.sys
+ 2004-08-18 12:00 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\asyncmac.sys
+ 2006-01-26 15:28 . 2010-03-08 08:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-01-26 15:28 . 2010-03-06 18:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-01-26 15:28 . 2010-03-06 18:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-01-26 15:28 . 2010-03-08 08:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-01-26 15:43 . 2008-04-13 18:45 6272 c:\windows\system32\dllcache\splitter.sys
+ 2008-01-22 14:30 . 2008-04-13 18:39 5504 c:\windows\system32\dllcache\mstee.sys
+ 2006-01-26 15:42 . 2008-04-13 18:39 4992 c:\windows\system32\dllcache\mspqm.sys
+ 2006-01-26 15:42 . 2008-04-13 18:39 5376 c:\windows\system32\dllcache\mspclock.sys
+ 2006-01-26 15:42 . 2008-04-13 18:39 7552 c:\windows\system32\dllcache\mskssrv.sys
+ 2006-01-26 15:43 . 2008-04-13 18:45 2944 c:\windows\system32\dllcache\drmkaud.sys
- 2004-08-18 12:00 . 2010-03-07 19:00 458954 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2010-03-09 07:57 458954 c:\windows\system32\perfh009.dat
+ 2006-01-26 15:20 . 2008-04-14 03:23 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2004-08-18 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2006-01-26 15:43 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 18944]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-09-15 917504]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"SxgTkBar"="SxgTkBar.exe" [2001-07-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-06 524632]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [26.1.2006 16:44 25067]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.6.2009 14:16 64160]
R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [11.6.2007 12:11 64880]
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [11.6.2007 12:10 55160]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [20.12.2006 10:11 11264]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.2.2010 16:05 222968]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17.12.2006 0:52 33792]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [7.1.2007 16:26 966784]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2006 20:29 691696]
S2 ODBC service;ODBC service; [x]
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc --> c:\windows\system32\pr2ah4nb.exe svc [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 20:06 1029456]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [18.9.2006 20:34 223128]
.
Obsah adresáře 'Naplánované úlohy'

2009-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:58]

2010-03-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 11:19]

2008-09-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 11:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = hxxp://www.quick.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Hoodie Tonez\Data aplikací\Mozilla\Firefox\Profiles\xd04mr5c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 09:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\imon.dll
.
Celkový čas: 2010-03-09 09:16:25
ComboFix-quarantined-files.txt 2010-03-09 08:16
ComboFix2.txt 2010-03-08 08:51
ComboFix3.txt 2010-03-07 19:12
ComboFix4.txt 2009-11-13 09:01
ComboFix5.txt 2010-03-09 07:57

Před spuštěním: 1 231 540 224
Po spuštění: 1 195 474 944

- - End Of File - - C066C609CC64E2776C35A496B9A0D524

Vse vycisteno. Jeste jednou diky moc.

VIRY.CZ

ROOTKIT

ROOTKIT

Re: ROOTKIT

Re: ROOTKIT

Re: ROOTKIT

Re: ROOTKIT

Re: ROOTKIT