Kontrola HJT, MBAM a CF - prosím Vyřešeno

[Paulí]

Dobrý den.

Na tomto PC nikdy nebyly provedeny žádné kontroly - prosím o zkontrolování.


HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:49, on 30.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\UIVATE~1\AppData\Local\Temp\Rar$EX00.060\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Uživatel\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.29.148.46:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PC
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\Windows\system32\psrem02.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe

--
End of file - 6008 bytes

--------------------------------------------------------------------------------------

MBAM
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2531
Windows 6.0.6002 Service Pack 2

30.7.2009 22:10:48
mbam-log-2009-07-30 (22-10-42).txt

Typ skenu: Rychlý sken
Objektu skenováno: 83792
Uplynulý cas: 3 minute(s), 43 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\alewinsecure.winsecure (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\alewinsecure.winsecure.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7be6b643-6201-4cf7-b8b1-d79ffae57cba} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a1789eb6-b263-4bd6-8830-d3daaf78949a} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{58696980-c6b3-4ad2-ab53-718f1c3c57ca} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{a93a1ba9-9ee8-469f-a9fe-fd1c26700bda} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-100011000004} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AleWinSecure.exe (Adware.Agent) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Windows\AutoUpdateWin32.exe (Trojan.BHO) -> No action taken.
c:\Windows\AutoUpdateWin33.exe (Adware.Agent) -> No action taken.

--------------------------------------------------------------------------------------

CF
ComboFix 09-07-29.04 - Uživatel 30.07.2009 22:16.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.2162 [GMT 2:00]
Spuštěný z: c:\users\Uživatel\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-795433935-3380769853-2322432176-500

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 20:06 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 20:06 . 2009-07-30 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 20:06 . 2009-07-30 20:06 -------- d-----w- c:\programdata\Malwarebytes
2009-07-30 20:06 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 20:29 . 2009-07-27 20:29 -------- d-----w- C:\downloads
2009-07-25 12:30 . 2009-07-25 12:30 -------- d-----w- c:\program files\GameShadow
2009-07-25 12:21 . 2009-07-25 12:21 -------- d-----w- c:\program files\Eidos
2009-07-22 18:57 . 2009-07-22 19:02 -------- d-----w- c:\windows\$regcmp$
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\ca-ES
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\eu-ES
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\vi-VN
2009-07-22 17:31 . 2009-07-22 17:31 -------- d-----w- c:\windows\system32\EventProviders
2009-07-22 17:29 . 2009-04-11 06:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2009-07-22 17:28 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-22 17:04 . 2009-07-22 17:46 -------- d-----w- c:\programdata\NOS
2009-07-22 17:04 . 2009-07-22 17:46 -------- d-----w- c:\program files\NOS
2009-07-21 18:38 . 2009-07-21 18:38 -------- d-----w- C:\AV_LOGS
2009-07-21 18:36 . 2009-07-27 20:34 -------- d-----w- c:\program files\AV Vcs 7.0
2009-07-21 18:08 . 2009-07-21 18:09 -------- d-----w- c:\programdata\Screaming Bee
2009-07-21 18:08 . 2009-07-21 18:08 -------- d-----w- c:\program files\Screaming Bee
2009-07-15 07:11 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 07:11 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 07:11 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 07:11 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 07:11 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 07:11 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-13 16:37 . 2009-07-10 15:51 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-07-13 16:37 . 2009-07-13 16:37 -------- d-----w- c:\program files\Sun
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- C:\hh
2009-07-11 13:30 . 2009-07-11 13:30 -------- d-----w- c:\program files\Gathering
2009-07-10 12:21 . 2009-07-10 12:21 -------- d-----w- c:\programdata\salvation
2009-07-10 11:26 . 2009-07-10 12:15 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-10 11:26 . 2009-07-10 12:15 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-10 11:26 . 2009-07-10 11:26 -------- d-----w- c:\program files\OpenAL
2009-07-09 20:02 . 2009-07-22 17:52 -------- d-----w- c:\program files\Midway Home Entertainment
2009-07-09 18:56 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-09 18:56 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-09 18:56 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-07-09 18:56 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-08 10:31 . 2009-07-08 10:31 -------- d-----w- c:\program files\Techland

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 . 2008-04-06 10:24 2023957 ----a-r- c:\windows\system32\DUCHOVE.EXE
2009-07-30 14:36 . 2007-01-08 21:09 606912 ----a-w- c:\windows\system32\perfh005.dat
2009-07-30 14:36 . 2007-01-08 21:09 119398 ----a-w- c:\windows\system32\perfc005.dat
2009-07-27 20:30 . 2009-05-01 18:08 -------- d-----w- c:\program files\Orbitdownloader
2009-07-25 12:22 . 2007-06-30 11:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 18:57 . 2009-06-25 19:34 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-22 17:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-22 17:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-22 17:35 . 2009-04-06 19:33 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-22 17:07 . 2009-06-05 19:44 -------- d-----w- c:\program files\Java
2009-07-22 16:58 . 2009-06-13 11:26 -------- d-----w- c:\program files\MediaCoder
2009-07-22 16:53 . 2009-07-22 16:51 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-21 21:52 . 2009-07-29 06:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 06:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 06:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 06:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 11:50 . 2007-06-30 10:57 -------- d-----w- c:\program files\3DO
2009-07-10 12:15 . 2008-07-06 13:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-10 12:15 . 2008-07-06 13:29 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-20 18:51 . 2009-06-20 18:51 -------- d-----w- c:\programdata\LangSoft
2009-06-12 18:44 . 2009-01-23 17:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 11:35 . 2008-07-30 15:13 -------- d-----w- c:\program files\THQ
2009-06-03 14:40 . 2009-06-03 14:35 -------- d-----w- c:\program files\Heroes of Annihilated Empires
2009-06-02 16:11 . 2009-07-22 16:51 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2009-07-22 16:51 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-07-22 16:51 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-21 09:33 . 2009-06-05 19:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-05 22:31 . 2009-07-22 16:51 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-05-01 21:02 . 2009-07-22 16:51 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-07-22 16:51 685056 ----a-w- c:\windows\system32\divx.dll
2007-06-25 12:52 . 2007-06-25 12:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-29 4317184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):59,83,d6,71,f4,0a,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AE1CB8E5-333F-47C9-881A-C38891977C2A}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{A5BDDC76-9527-46EF-871D-C3D9A878004E}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"TCP Query User{4271EC19-FBE0-4EE6-8966-F823AF534883}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{165FC4A9-28EC-4AB7-A8E1-0571D4077D23}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{F5ED6747-9022-4738-8929-615023B2178B}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{C309E57C-3C83-4625-93BC-AA7E32737858}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{6EFB09A6-1D96-4CB0-9479-0F1447C38DB9}c:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:c:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III
"UDP Query User{41D3CC05-460C-49B8-B163-F18749C1B5A3}c:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:c:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III
"TCP Query User{FD25EF0D-32AF-4A0D-9C4E-36BD1579116C}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{DCF5E605-2F16-4B9F-8855-DF0C8B49A4A9}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"TCP Query User{CB44FB78-F2AC-4973-81B4-382A3C0BDD50}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{C6C11AE8-D037-4F22-8F4C-A7653B1A17E5}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"TCP Query User{81EDBB6C-5AAF-4358-8876-ABCB783961F0}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{10F55886-1658-473C-96E1-1FDFAAD9D253}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"{B0623D2E-BD04-48AF-B5DA-794FDD1378DD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{72A432D3-9EC4-429E-81C7-C3654CABEBF4}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C042617F-AEAC-496D-A32E-7F2D6362781E}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F13FA254-9554-45AD-A55C-48B7443F1FB3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{AA5F1EDA-59A6-4F42-BF51-E587FCFD484E}"= UDP:c:\program files\vco\Outbreak.exe:Outbreak
"{20FCF377-2497-4AD6-9A5C-7B4087E2E94E}"= TCP:c:\program files\vco\Outbreak.exe:Outbreak
"TCP Query User{10B5D367-07E9-4790-9F46-CFF57B4FB7D8}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{1714997F-8A69-4BB7-97A2-B3EEF9FBF726}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{118B05C0-9910-4B05-A40E-E01B79867181}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{14F79999-D4D8-4893-AC2A-BE59971D31F4}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"{2E9F7A0D-E151-488C-BCE3-79FDC0F4BA19}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{45EFE2D5-8B6B-4C91-9326-FA1EEE12263D}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{F28FC77D-4B66-4A45-B247-04AE673AE488}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{0565AE10-848D-475B-B55A-5FEAB765E0D9}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{A1FC0748-6740-44B0-8777-673DC05EE29E}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{33300B21-F771-4EF3-8EC5-937C0F660036}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{EC3673FA-994C-4721-B524-78898813BAE6}"= UDP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{CAE3C79A-4167-40BB-AA06-0AF8561CE8CA}"= TCP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"TCP Query User{01CBB986-B62A-4CA5-8D0D-4304D3B01180}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{487DF458-71B8-4972-91DC-59BDF2AD5D93}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{A0F0AA35-7EC8-4A41-A66D-776F072477FA}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{610F56C3-27D0-4374-9EBF-7EA5A4AC83FD}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{2B3A48AF-1139-4A23-8589-AFA29758EB55}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{0A4CFA53-003E-4EAB-99E2-755A0F434329}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{4CBC1D55-11E5-48B1-855E-3EC274D025B5}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{2CCE4807-AA06-48CF-8F03-2C9A9ACFCF47}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"TCP Query User{D453ADB1-88BD-468A-B027-D7445730D564}c:\\modules\\half-life\\hlds.exe"= UDP:c:\modules\half-life\hlds.exe:hlds
"UDP Query User{69BDA5BD-C1DB-4F5C-B702-661C49D5F82C}c:\\modules\\half-life\\hlds.exe"= TCP:c:\modules\half-life\hlds.exe:hlds
"TCP Query User{3AA92F8B-404A-4259-9011-5E44CF12F3AE}c:\\modules\\half-life\\hl.exe"= UDP:c:\modules\half-life\hl.exe:Half-Life Launcher
"UDP Query User{69847F5F-C787-4FDE-861C-708593731274}c:\\modules\\half-life\\hl.exe"= TCP:c:\modules\half-life\hl.exe:Half-Life Launcher
"TCP Query User{0FE0DE69-E030-4036-A62E-C9B96F8E6FBA}c:\\users\\uživatel\\appdata\\local\\temporary projects\\chat\\bin\\debug\\chat.vshost.exe"= UDP:c:\users\uživatel\appdata\local\temporary projects\chat\bin\debug\chat.vshost.exe:chat.vshost.exe
"UDP Query User{4C9F0F2B-3124-45A0-9F71-259437D96DF0}c:\\users\\uživatel\\appdata\\local\\temporary projects\\chat\\bin\\debug\\chat.vshost.exe"= TCP:c:\users\uživatel\appdata\local\temporary projects\chat\bin\debug\chat.vshost.exe:chat.vshost.exe
"TCP Query User{260D5B62-594C-4646-9337-5B25FB0018CC}c:\\modules\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= UDP:c:\modules\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"UDP Query User{5FAC2472-3F90-4AAB-A134-4BFFED94549A}c:\\modules\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= TCP:c:\modules\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"{58809C2E-3A5E-4277-AAE5-7215A1B8F58E}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{3B36AA70-3559-4726-BE93-77DA47F5AE81}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{E7B44CBB-1F62-4C6A-A253-D2B304BACE86}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{FEC4C986-3639-437A-9DCF-DB2337AA2F19}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{AFE95A75-0DD9-441B-833B-703A8924C483}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{4083C6C4-BDD3-49B8-9A77-48EEA607DBD9}\\\\fantasy\\winxp (c)\\program files\\qip\\qip.exe"= UDp:\\fantasy\winxp (c)\program files\qip\qip.exe:qip.exe
"UDP Query User{8ED3A2BE-811C-4CF9-8255-835A9146CF98}\\\\fantasy\\winxp (c)\\program files\\qip\\qip.exe"= TCp:\\fantasy\winxp (c)\program files\qip\qip.exe:qip.exe
"TCP Query User{32AD99CF-B863-4E48-8989-CDF6CF222CA5}\\\\fantasy\\winxp (c)\\program files\\orbitdownloader\\orbitnet.exe"= UDp:\\fantasy\winxp (c)\program files\orbitdownloader\orbitnet.exe:orbitnet.exe
"UDP Query User{539B73D7-02FF-4B74-9950-ED55F8891AA7}\\\\fantasy\\winxp (c)\\program files\\orbitdownloader\\orbitnet.exe"= TCp:\\fantasy\winxp (c)\program files\orbitdownloader\orbitnet.exe:orbitnet.exe
"TCP Query User{304E51BA-05E5-4D98-A913-D751167DAAF0}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{013152E8-8D88-4B2B-9BEC-BE73A69E19DF}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{6BB41B64-767C-4C1A-9809-484E07F74E54}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{02860C13-4008-4253-87A0-0F2260887F19}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{2955A6A7-F257-4692-9A8C-07F6CCAD8DB4}\\\\fantasy\\winxp (c)\\program files\\icq6.5\\icq.exe"= UDp:\\fantasy\winxp (c)\program files\icq6.5\icq.exe:icq.exe
"UDP Query User{E0F17154-6A88-49C4-A1BB-E7B24D4F0D60}\\\\fantasy\\winxp (c)\\program files\\icq6.5\\icq.exe"= TCp:\\fantasy\winxp (c)\program files\icq6.5\icq.exe:icq.exe
"TCP Query User{9C79E67F-2419-40DC-8E16-97D0E7AB6486}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{B01740A3-AFFF-4B93-B096-5B6BCB76F2B4}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{BEAF0563-024F-472D-B20B-1E1BFEA37BAC}c:\\modules\\nnew\\port_kom\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= UDP:c:\modules\nnew\port_kom\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"UDP Query User{B0EB8515-CA97-4667-B61D-58154922808F}c:\\modules\\nnew\\port_kom\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= TCP:c:\modules\nnew\port_kom\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"TCP Query User{A84D773D-F7C4-4178-870A-3E692102A972}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\release\\main_s.exe"= UDP:c:\modules\nnew\port_kom\main_s\main_s\bin\release\main_s.exe:
"UDP Query User{552E33F9-2D28-42A7-B422-D6B5FD7A5A0A}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\release\\main_s.exe"= TCP:c:\modules\nnew\port_kom\main_s\main_s\bin\release\main_s.exe:
"TCP Query User{B0A9AB16-58AA-4441-9BCD-398A84EE2B5E}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\debug\\main_s.vshost.exe"= UDP:c:\modules\nnew\port_kom\main_s\main_s\bin\debug\main_s.vshost.exe:vshost.exe
"UDP Query User{990BCF54-9F72-4D7D-9D8B-90B53E85ADED}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\debug\\main_s.vshost.exe"= TCP:c:\modules\nnew\port_kom\main_s\main_s\bin\debug\main_s.vshost.exe:vshost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\System32\drivers\psdrv02.sys [11.9.2006 14:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\System32\drivers\pssync05.sys [3.11.2006 10:24 61312]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [13.10.2005 15:46 35328]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [13.7.2009 18:37 115856]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3.4.2007 10:43 1131136]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [14.10.2007 17:19 115968]
S2 psrem02;CD Guard Drivers Auto Removal (v2);c:\windows\system32\psrem02.exe svc --> c:\windows\system32\psrem02.exe svc [?]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [6.4.2009 21:44 55280]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [22.11.2008 12:53 23064]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8.3.2009 22:31 1527900]
S4 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{97C7791A-4FE0-47DA-9DB5-C1B8BBF3B8C3}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 64.29.148.46:80
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 22:20
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,26,2e,15,28,1b,01,4f,97,a7,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,26,2e,15,28,1b,01,4f,97,a7,d6,\

[HKEY_USERS\S-1-5-21-795433935-3380769853-2322432176-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,ee,8c,7e,7c,68,84,07,7d,e5,92,3b,bd,53,58,bc,2c,94,8a,9a,d2,e0,3d,
5e,48,3b,ab,a3,24,60,69,78,ae,22,cf,03,28,44,fe,99,ee,71,d1,dd,28,ce,68,5b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-795433935-3380769853-2322432176-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,13,19,dc,bb,4d,51,c1,56,8f,0b,bd,73,23,1d,09,3e,9a,43,64,fb,
3b,1b,eb,16,0b,9d,58,5c,69,8b,27,d9,5c,e5,82,f0,ce,2f,9d,8b,4a,76,cf,cd,50,\
"rkeysecu"=hex:d7,9f,8c,ea,8b,e9,c1,52,7f,cb,22,56,3b,7b,9e,7b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,49,39,91,6b,9f,
86,ae,ec,e2,63,26,f1,3f,c8,ff,68,90,3b,26,5c,ae,6e,84,c4,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ea,d8,86,f8,ca,
65,13,91,6a,9c,d6,61,af,45,84,18,94,5f,6f,37,d7,a1,a9,29,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d1,e3,52,51,20,
c4,fa,fc,ff,7c,85,e0,43,d4,0e,fe,b5,a7,b9,1d,20,35,11,86,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,05,5c,1e,52,5b,
3a,3d,64,86,8c,21,01,be,91,eb,e7,e9,5f,c9,fe,bc,ad,42,2a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,af,af,fd,a7,90,
f8,9d,bd,f5,1d,4d,73,a8,13,5c,05,81,15,3b,6a,17,dc,fe,4e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,2f,3a,c1,de,50,
c4,18,1f,df,20,58,62,78,6b,cf,c8,fd,57,42,60,5d,81,ab,f8,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,15,30,16,3c,60,
9a,39,8e,fb,a7,78,e6,12,2f,9a,ea,a3,8d,75,0a,b5,04,8f,49,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,67,49,b9,86,
8a,be,65,01,3a,48,fc,e8,04,4a,f1,90,cd,67,e4,36,b1,32,7a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,e2,b1,53,4f,35,
d4,5c,46,f6,0f,4e,58,98,5b,89,c9,8b,cd,ea,1c,db,2c,57,9e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,65,37,a2,90,5f,
bd,76,0a,3d,ce,ea,26,2d,45,aa,78,db,8a,97,10,b0,21,48,0e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,eb,4a,0d,ef,69,
89,bc,1d,2a,b7,cc,b5,b9,7f,41,e7,2c,b4,f2,d2,fd,82,d7,82,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e0,6f,c9,24,ac,
59,e9,4a,6c,43,2d,1e,aa,22,2f,9c,08,f7,13,a7,0a,48,8d,4d,6c,43,2d,1e,aa,22,\
.
Celkový čas: 2009-07-30 22:22
ComboFix-quarantined-files.txt 2009-07-30 20:22

Před spuštěním: Volných bajtů: 94 248 292 352
Po spuštění: Volných bajtů: 94 230 806 528

309 --- E O F --- 2009-07-29 08:36

--------------------------------------------------------------------------------------

Doteď tenhle PC fungoval. Byl bych rád, aby to tak zůstalo. :-)

Díky moc.
S pozdravem Paulí.

[Reklama]

[Paulí]

Žádná odpověď ? prosím prosím

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Po výmazu MbAM opakuj Combofix , vypni rez. ochranu antiviru.
Combofix sem nemáš dávat , pokud máš nálezy v MbAM., nejdříve odstranit nákazy v MbAM a pak teprve přistoupit ke Combofixu..a používat ho bez doporučení rádců , bych vůbec nedoporučoval.

[Paulí]

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2531
Windows 6.0.6002 Service Pack 2

31.7.2009 22:01:26
mbam-log-2009-07-31 (22-01-26).txt

Typ skenu: Rychlý sken
Objektu skenováno: 83745
Uplynulý cas: 3 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\alewinsecure.winsecure (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\alewinsecure.winsecure.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7be6b643-6201-4cf7-b8b1-d79ffae57cba} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1789eb6-b263-4bd6-8830-d3daaf78949a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{58696980-c6b3-4ad2-ab53-718f1c3c57ca} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a93a1ba9-9ee8-469f-a9fe-fd1c26700bda} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-100011000004} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AleWinSecure.exe (Adware.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Windows\AutoUpdateWin32.exe (Trojan.BHO) -> Quarantined and deleted successfully.
c:\Windows\AutoUpdateWin33.exe (Adware.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------

Po vyžádaném restartu a po aktualizaci CF:
ComboFix 09-07-31.01 - Uživatel 31.07.2009 22:09.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.2297 [GMT 2:00]
Spuštěný z: c:\users\Uživatel\Desktop\Nová složka\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-30 20:06 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 20:06 . 2009-07-30 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 20:06 . 2009-07-30 20:06 -------- d-----w- c:\programdata\Malwarebytes
2009-07-30 20:06 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 20:29 . 2009-07-27 20:29 -------- d-----w- C:\downloads
2009-07-25 12:30 . 2009-07-25 12:30 -------- d-----w- c:\program files\GameShadow
2009-07-25 12:21 . 2009-07-25 12:21 -------- d-----w- c:\program files\Eidos
2009-07-22 18:57 . 2009-07-22 19:02 -------- d-----w- c:\windows\$regcmp$
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\ca-ES
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\eu-ES
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\vi-VN
2009-07-22 17:31 . 2009-07-22 17:31 -------- d-----w- c:\windows\system32\EventProviders
2009-07-22 17:29 . 2009-04-11 06:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2009-07-22 17:28 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-22 17:04 . 2009-07-22 17:46 -------- d-----w- c:\programdata\NOS
2009-07-22 17:04 . 2009-07-22 17:46 -------- d-----w- c:\program files\NOS
2009-07-21 18:38 . 2009-07-21 18:38 -------- d-----w- C:\AV_LOGS
2009-07-21 18:36 . 2009-07-27 20:34 -------- d-----w- c:\program files\AV Vcs 7.0
2009-07-21 18:08 . 2009-07-21 18:09 -------- d-----w- c:\programdata\Screaming Bee
2009-07-21 18:08 . 2009-07-21 18:08 -------- d-----w- c:\program files\Screaming Bee
2009-07-15 07:11 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 07:11 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 07:11 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 07:11 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 07:11 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 07:11 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-13 16:37 . 2009-07-10 15:51 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-07-13 16:37 . 2009-07-13 16:37 -------- d-----w- c:\program files\Sun
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- C:\hh
2009-07-11 13:30 . 2009-07-11 13:30 -------- d-----w- c:\program files\Gathering
2009-07-10 12:21 . 2009-07-10 12:21 -------- d-----w- c:\programdata\salvation
2009-07-10 11:26 . 2009-07-10 12:15 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-10 11:26 . 2009-07-10 12:15 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-10 11:26 . 2009-07-10 11:26 -------- d-----w- c:\program files\OpenAL
2009-07-09 20:02 . 2009-07-22 17:52 -------- d-----w- c:\program files\Midway Home Entertainment
2009-07-09 18:56 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-09 18:56 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-09 18:56 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-07-09 18:56 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-08 10:31 . 2009-07-08 10:31 -------- d-----w- c:\program files\Techland

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 . 2008-04-06 10:24 2023957 ----a-r- c:\windows\system32\DUCHOVE.EXE
2009-07-31 20:10 . 2007-01-08 21:09 606912 ----a-w- c:\windows\system32\perfh005.dat
2009-07-31 20:10 . 2007-01-08 21:09 119398 ----a-w- c:\windows\system32\perfc005.dat
2009-07-27 20:30 . 2009-05-01 18:08 -------- d-----w- c:\program files\Orbitdownloader
2009-07-25 12:22 . 2007-06-30 11:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 18:57 . 2009-06-25 19:34 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-22 17:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-22 17:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-22 17:35 . 2009-04-06 19:33 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-22 17:07 . 2009-06-05 19:44 -------- d-----w- c:\program files\Java
2009-07-22 16:58 . 2009-06-13 11:26 -------- d-----w- c:\program files\MediaCoder
2009-07-22 16:53 . 2009-07-22 16:51 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-21 21:52 . 2009-07-29 06:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 06:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 06:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 06:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 11:50 . 2007-06-30 10:57 -------- d-----w- c:\program files\3DO
2009-07-10 12:15 . 2008-07-06 13:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-10 12:15 . 2008-07-06 13:29 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-20 18:51 . 2009-06-20 18:51 -------- d-----w- c:\programdata\LangSoft
2009-06-12 18:44 . 2009-01-23 17:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 11:35 . 2008-07-30 15:13 -------- d-----w- c:\program files\THQ
2009-06-03 14:40 . 2009-06-03 14:35 -------- d-----w- c:\program files\Heroes of Annihilated Empires
2009-06-02 16:11 . 2009-07-22 16:51 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2009-07-22 16:51 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-07-22 16:51 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-21 09:33 . 2009-06-05 19:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-05 22:31 . 2009-07-22 16:51 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2007-06-25 12:52 . 2007-06-25 12:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_20.20.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-25 12:41 . 2009-07-30 14:33 42574 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-06-25 12:41 . 2009-07-31 20:05 42574 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-31 20:05 53926 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-06-28 06:19 . 2009-07-31 20:05 17474 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-795433935-3380769853-2322432176-1000_UserData.bin
- 2007-06-27 11:12 . 2009-07-30 20:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-27 11:12 . 2009-07-31 20:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-27 11:12 . 2009-07-31 20:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-27 11:12 . 2009-07-30 20:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-27 11:12 . 2009-07-30 20:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-06-27 11:12 . 2009-07-31 20:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-07-22 17:39 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-31 07:03 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-31 07:03 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-07-22 17:39 51200 c:\windows\inf\infpub.dat
+ 2009-07-31 20:04 . 2009-07-31 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-30 14:31 . 2009-07-30 14:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-31 20:04 . 2009-07-31 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-30 14:31 . 2009-07-30 14:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:25 . 2008-01-19 07:30 761344 c:\windows\System32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-11-02 10:25 . 2009-04-11 06:24 761344 c:\windows\System32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-11-02 10:25 . 2009-04-11 06:28 744448 c:\windows\System32\spool\drivers\w32x86\3\unidrvui.dll
+ 2006-11-02 10:25 . 2009-04-11 06:28 372736 c:\windows\System32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2006-11-02 12:36 . 2009-04-11 06:28 198656 c:\windows\System32\spool\drivers\w32x86\3\mxdwdui.dll
- 2006-11-02 12:36 . 2008-01-19 07:35 198656 c:\windows\System32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2006-11-02 10:25 . 2009-04-11 06:28 779264 c:\windows\System32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-11-02 10:33 . 2009-07-31 20:10 595308 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-30 14:36 595308 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-31 20:10 104742 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-30 14:36 104742 c:\windows\System32\perfc009.dat
+ 2009-07-22 17:29 . 2009-04-11 06:28 198656 c:\windows\System32\DriverStore\FileRepository\prnms001.inf_307fbde5\mxdwdui.dll
+ 2006-11-02 10:25 . 2009-07-31 07:03 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-22 17:39 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-04-11 06:28 1675776 c:\windows\System32\spool\drivers\w32x86\3\XPSSVCS.DLL
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-29 4317184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):59,83,d6,71,f4,0a,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AE1CB8E5-333F-47C9-881A-C38891977C2A}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{A5BDDC76-9527-46EF-871D-C3D9A878004E}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"TCP Query User{4271EC19-FBE0-4EE6-8966-F823AF534883}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{165FC4A9-28EC-4AB7-A8E1-0571D4077D23}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{F5ED6747-9022-4738-8929-615023B2178B}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{C309E57C-3C83-4625-93BC-AA7E32737858}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{6EFB09A6-1D96-4CB0-9479-0F1447C38DB9}c:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:c:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III
"UDP Query User{41D3CC05-460C-49B8-B163-F18749C1B5A3}c:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:c:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III
"TCP Query User{FD25EF0D-32AF-4A0D-9C4E-36BD1579116C}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{DCF5E605-2F16-4B9F-8855-DF0C8B49A4A9}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"TCP Query User{CB44FB78-F2AC-4973-81B4-382A3C0BDD50}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{C6C11AE8-D037-4F22-8F4C-A7653B1A17E5}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"TCP Query User{81EDBB6C-5AAF-4358-8876-ABCB783961F0}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{10F55886-1658-473C-96E1-1FDFAAD9D253}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"{B0623D2E-BD04-48AF-B5DA-794FDD1378DD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{72A432D3-9EC4-429E-81C7-C3654CABEBF4}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C042617F-AEAC-496D-A32E-7F2D6362781E}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F13FA254-9554-45AD-A55C-48B7443F1FB3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{AA5F1EDA-59A6-4F42-BF51-E587FCFD484E}"= UDP:c:\program files\vco\Outbreak.exe:Outbreak
"{20FCF377-2497-4AD6-9A5C-7B4087E2E94E}"= TCP:c:\program files\vco\Outbreak.exe:Outbreak
"TCP Query User{10B5D367-07E9-4790-9F46-CFF57B4FB7D8}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{1714997F-8A69-4BB7-97A2-B3EEF9FBF726}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{118B05C0-9910-4B05-A40E-E01B79867181}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{14F79999-D4D8-4893-AC2A-BE59971D31F4}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"{2E9F7A0D-E151-488C-BCE3-79FDC0F4BA19}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{45EFE2D5-8B6B-4C91-9326-FA1EEE12263D}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{F28FC77D-4B66-4A45-B247-04AE673AE488}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{0565AE10-848D-475B-B55A-5FEAB765E0D9}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{A1FC0748-6740-44B0-8777-673DC05EE29E}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{33300B21-F771-4EF3-8EC5-937C0F660036}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{EC3673FA-994C-4721-B524-78898813BAE6}"= UDP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{CAE3C79A-4167-40BB-AA06-0AF8561CE8CA}"= TCP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"TCP Query User{01CBB986-B62A-4CA5-8D0D-4304D3B01180}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{487DF458-71B8-4972-91DC-59BDF2AD5D93}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{A0F0AA35-7EC8-4A41-A66D-776F072477FA}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{610F56C3-27D0-4374-9EBF-7EA5A4AC83FD}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{2B3A48AF-1139-4A23-8589-AFA29758EB55}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{0A4CFA53-003E-4EAB-99E2-755A0F434329}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{4CBC1D55-11E5-48B1-855E-3EC274D025B5}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{2CCE4807-AA06-48CF-8F03-2C9A9ACFCF47}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"TCP Query User{D453ADB1-88BD-468A-B027-D7445730D564}c:\\modules\\half-life\\hlds.exe"= UDP:c:\modules\half-life\hlds.exe:hlds
"UDP Query User{69BDA5BD-C1DB-4F5C-B702-661C49D5F82C}c:\\modules\\half-life\\hlds.exe"= TCP:c:\modules\half-life\hlds.exe:hlds
"TCP Query User{3AA92F8B-404A-4259-9011-5E44CF12F3AE}c:\\modules\\half-life\\hl.exe"= UDP:c:\modules\half-life\hl.exe:Half-Life Launcher
"UDP Query User{69847F5F-C787-4FDE-861C-708593731274}c:\\modules\\half-life\\hl.exe"= TCP:c:\modules\half-life\hl.exe:Half-Life Launcher
"TCP Query User{0FE0DE69-E030-4036-A62E-C9B96F8E6FBA}c:\\users\\uživatel\\appdata\\local\\temporary projects\\chat\\bin\\debug\\chat.vshost.exe"= UDP:c:\users\uživatel\appdata\local\temporary projects\chat\bin\debug\chat.vshost.exe:chat.vshost.exe
"UDP Query User{4C9F0F2B-3124-45A0-9F71-259437D96DF0}c:\\users\\uživatel\\appdata\\local\\temporary projects\\chat\\bin\\debug\\chat.vshost.exe"= TCP:c:\users\uživatel\appdata\local\temporary projects\chat\bin\debug\chat.vshost.exe:chat.vshost.exe
"TCP Query User{260D5B62-594C-4646-9337-5B25FB0018CC}c:\\modules\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= UDP:c:\modules\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"UDP Query User{5FAC2472-3F90-4AAB-A134-4BFFED94549A}c:\\modules\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= TCP:c:\modules\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"{58809C2E-3A5E-4277-AAE5-7215A1B8F58E}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{3B36AA70-3559-4726-BE93-77DA47F5AE81}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{E7B44CBB-1F62-4C6A-A253-D2B304BACE86}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{FEC4C986-3639-437A-9DCF-DB2337AA2F19}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{AFE95A75-0DD9-441B-833B-703A8924C483}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{4083C6C4-BDD3-49B8-9A77-48EEA607DBD9}\\\\fantasy\\winxp (c)\\program files\\qip\\qip.exe"= UDp:\\fantasy\winxp (c)\program files\qip\qip.exe:qip.exe
"UDP Query User{8ED3A2BE-811C-4CF9-8255-835A9146CF98}\\\\fantasy\\winxp (c)\\program files\\qip\\qip.exe"= TCp:\\fantasy\winxp (c)\program files\qip\qip.exe:qip.exe
"TCP Query User{32AD99CF-B863-4E48-8989-CDF6CF222CA5}\\\\fantasy\\winxp (c)\\program files\\orbitdownloader\\orbitnet.exe"= UDp:\\fantasy\winxp (c)\program files\orbitdownloader\orbitnet.exe:orbitnet.exe
"UDP Query User{539B73D7-02FF-4B74-9950-ED55F8891AA7}\\\\fantasy\\winxp (c)\\program files\\orbitdownloader\\orbitnet.exe"= TCp:\\fantasy\winxp (c)\program files\orbitdownloader\orbitnet.exe:orbitnet.exe
"TCP Query User{304E51BA-05E5-4D98-A913-D751167DAAF0}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{013152E8-8D88-4B2B-9BEC-BE73A69E19DF}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{6BB41B64-767C-4C1A-9809-484E07F74E54}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{02860C13-4008-4253-87A0-0F2260887F19}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{2955A6A7-F257-4692-9A8C-07F6CCAD8DB4}\\\\fantasy\\winxp (c)\\program files\\icq6.5\\icq.exe"= UDp:\\fantasy\winxp (c)\program files\icq6.5\icq.exe:icq.exe
"UDP Query User{E0F17154-6A88-49C4-A1BB-E7B24D4F0D60}\\\\fantasy\\winxp (c)\\program files\\icq6.5\\icq.exe"= TCp:\\fantasy\winxp (c)\program files\icq6.5\icq.exe:icq.exe
"TCP Query User{9C79E67F-2419-40DC-8E16-97D0E7AB6486}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{B01740A3-AFFF-4B93-B096-5B6BCB76F2B4}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{BEAF0563-024F-472D-B20B-1E1BFEA37BAC}c:\\modules\\nnew\\port_kom\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= UDP:c:\modules\nnew\port_kom\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"UDP Query User{B0EB8515-CA97-4667-B61D-58154922808F}c:\\modules\\nnew\\port_kom\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= TCP:c:\modules\nnew\port_kom\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"TCP Query User{A84D773D-F7C4-4178-870A-3E692102A972}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\release\\main_s.exe"= UDP:c:\modules\nnew\port_kom\main_s\main_s\bin\release\main_s.exe:
"UDP Query User{552E33F9-2D28-42A7-B422-D6B5FD7A5A0A}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\release\\main_s.exe"= TCP:c:\modules\nnew\port_kom\main_s\main_s\bin\release\main_s.exe:
"TCP Query User{B0A9AB16-58AA-4441-9BCD-398A84EE2B5E}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\debug\\main_s.vshost.exe"= UDP:c:\modules\nnew\port_kom\main_s\main_s\bin\debug\main_s.vshost.exe:vshost.exe
"UDP Query User{990BCF54-9F72-4D7D-9D8B-90B53E85ADED}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\debug\\main_s.vshost.exe"= TCP:c:\modules\nnew\port_kom\main_s\main_s\bin\debug\main_s.vshost.exe:vshost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\System32\drivers\psdrv02.sys [11.9.2006 14:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\System32\drivers\pssync05.sys [3.11.2006 10:24 61312]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [13.10.2005 15:46 35328]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [13.7.2009 18:37 115856]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3.4.2007 10:43 1131136]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [14.10.2007 17:19 115968]
S2 psrem02;CD Guard Drivers Auto Removal (v2);c:\windows\system32\psrem02.exe svc --> c:\windows\system32\psrem02.exe svc [?]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [6.4.2009 21:44 55280]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [22.11.2008 12:53 23064]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8.3.2009 22:31 1527900]
S4 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-31 c:\windows\Tasks\User_Feed_Synchronization-{97C7791A-4FE0-47DA-9DB5-C1B8BBF3B8C3}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 64.29.148.46:80
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 22:14
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,26,2e,15,28,1b,01,4f,97,a7,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,26,2e,15,28,1b,01,4f,97,a7,d6,\

[HKEY_USERS\S-1-5-21-795433935-3380769853-2322432176-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,ee,8c,7e,7c,68,84,07,7d,e5,92,3b,bd,53,58,bc,2c,94,8a,9a,d2,e0,3d,
5e,48,3b,ab,a3,24,60,69,78,ae,22,cf,03,28,44,fe,99,ee,71,d1,dd,28,ce,68,5b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-795433935-3380769853-2322432176-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,13,19,dc,bb,4d,51,c1,56,8f,0b,bd,73,23,1d,09,3e,9a,43,64,fb,
3b,1b,eb,16,0b,9d,58,5c,69,8b,27,d9,5c,e5,82,f0,ce,2f,9d,8b,4a,76,cf,cd,50,\
"rkeysecu"=hex:d7,9f,8c,ea,8b,e9,c1,52,7f,cb,22,56,3b,7b,9e,7b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,49,39,91,6b,9f,
86,ae,ec,e2,63,26,f1,3f,c8,ff,68,90,3b,26,5c,ae,6e,84,c4,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ea,d8,86,f8,ca,
65,13,91,6a,9c,d6,61,af,45,84,18,94,5f,6f,37,d7,a1,a9,29,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d1,e3,52,51,20,
c4,fa,fc,ff,7c,85,e0,43,d4,0e,fe,b5,a7,b9,1d,20,35,11,86,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,05,5c,1e,52,5b,
3a,3d,64,86,8c,21,01,be,91,eb,e7,e9,5f,c9,fe,bc,ad,42,2a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,af,af,fd,a7,90,
f8,9d,bd,f5,1d,4d,73,a8,13,5c,05,81,15,3b,6a,17,dc,fe,4e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,2f,3a,c1,de,50,
c4,18,1f,df,20,58,62,78,6b,cf,c8,fd,57,42,60,5d,81,ab,f8,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,15,30,16,3c,60,
9a,39,8e,fb,a7,78,e6,12,2f,9a,ea,a3,8d,75,0a,b5,04,8f,49,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,67,49,b9,86,
8a,be,65,01,3a,48,fc,e8,04,4a,f1,90,cd,67,e4,36,b1,32,7a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,e2,b1,53,4f,35,
d4,5c,46,f6,0f,4e,58,98,5b,89,c9,8b,cd,ea,1c,db,2c,57,9e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,65,37,a2,90,5f,
bd,76,0a,3d,ce,ea,26,2d,45,aa,78,db,8a,97,10,b0,21,48,0e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,eb,4a,0d,ef,69,
89,bc,1d,2a,b7,cc,b5,b9,7f,41,e7,2c,b4,f2,d2,fd,82,d7,82,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e0,6f,c9,24,ac,
59,e9,4a,6c,43,2d,1e,aa,22,2f,9c,08,f7,13,a7,0a,48,8d,4d,6c,43,2d,1e,aa,22,\
.
Celkový čas: 2009-07-31 22:17
ComboFix-quarantined-files.txt 2009-07-31 20:16

Před spuštěním: Volných bajtů: 97 474 863 104
Po spuštění: Volných bajtů: 97 439 039 488

338 --- E O F --- 2009-07-31 07:15

-----------------------------------------------------------------------------

Mě nikdo předem neupozornil, že se CF nesmí spouštět dřív.
Bylo mě divný, že mě to včera pokazilo plochu.
Já vůl.

[jaro3]

Je to vlastně bez nákazy..jen úprava klíčů.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Tuto složku znáš ( sám si vytvořil) ?:
C:\hh

Tento soubor znáš:
c:\windows\system32\DUCHOVE.EXE
pokud ne otestuj na Virustotal
Vlož sem pak odkaz výsledku.

[Paulí]

"AntiVirusOverride"=dword:00000000

Antivirus nepoužívám a nechci, aby mě systém na to upozorňoval.

C:\hh

Složku používám jako zkušební pro písničky.

c:\windows\system32\DUCHOVE.EXE

Přesně nevím co to je a neopovažuji se to spustit. Možná by to mohl být nefunkční spořič z filmu "Ať žijí duchové" - nešel a možná jsem ho zapomněl smazat. Log z virustotalu je zde http://www.virustotal.com/cs/analisis/4 ... 1249073515 .

CF
ComboFix 09-07-31.01 - Uživatel 31.07.2009 22:51.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.647 [GMT 2:00]
Spuštěný z: c:\users\Uživatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Uživatel\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-30 20:06 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 20:06 . 2009-07-30 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 20:06 . 2009-07-30 20:06 -------- d-----w- c:\programdata\Malwarebytes
2009-07-30 20:06 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 20:29 . 2009-07-27 20:29 -------- d-----w- C:\downloads
2009-07-25 12:30 . 2009-07-25 12:30 -------- d-----w- c:\program files\GameShadow
2009-07-25 12:21 . 2009-07-25 12:21 -------- d-----w- c:\program files\Eidos
2009-07-22 18:57 . 2009-07-22 19:02 -------- d-----w- c:\windows\$regcmp$
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\ca-ES
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\eu-ES
2009-07-22 17:39 . 2009-07-22 17:40 -------- d-----w- c:\windows\system32\vi-VN
2009-07-22 17:31 . 2009-07-22 17:31 -------- d-----w- c:\windows\system32\EventProviders
2009-07-22 17:29 . 2009-04-11 06:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2009-07-22 17:28 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-22 17:04 . 2009-07-22 17:46 -------- d-----w- c:\programdata\NOS
2009-07-22 17:04 . 2009-07-22 17:46 -------- d-----w- c:\program files\NOS
2009-07-21 18:38 . 2009-07-21 18:38 -------- d-----w- C:\AV_LOGS
2009-07-21 18:36 . 2009-07-27 20:34 -------- d-----w- c:\program files\AV Vcs 7.0
2009-07-21 18:08 . 2009-07-21 18:09 -------- d-----w- c:\programdata\Screaming Bee
2009-07-21 18:08 . 2009-07-21 18:08 -------- d-----w- c:\program files\Screaming Bee
2009-07-15 07:11 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 07:11 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 07:11 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 07:11 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 07:11 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 07:11 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-13 16:37 . 2009-07-10 15:51 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-07-13 16:37 . 2009-07-13 16:37 -------- d-----w- c:\program files\Sun
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- C:\hh
2009-07-11 13:30 . 2009-07-11 13:30 -------- d-----w- c:\program files\Gathering
2009-07-10 12:21 . 2009-07-10 12:21 -------- d-----w- c:\programdata\salvation
2009-07-10 11:26 . 2009-07-10 12:15 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-10 11:26 . 2009-07-10 12:15 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-10 11:26 . 2009-07-10 11:26 -------- d-----w- c:\program files\OpenAL
2009-07-09 20:02 . 2009-07-22 17:52 -------- d-----w- c:\program files\Midway Home Entertainment
2009-07-09 18:56 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-09 18:56 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-09 18:56 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-07-09 18:56 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-08 10:31 . 2009-07-08 10:31 -------- d-----w- c:\program files\Techland

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 . 2008-04-06 10:24 2023957 ----a-r- c:\windows\system32\DUCHOVE.EXE
2009-07-31 20:10 . 2007-01-08 21:09 606912 ----a-w- c:\windows\system32\perfh005.dat
2009-07-31 20:10 . 2007-01-08 21:09 119398 ----a-w- c:\windows\system32\perfc005.dat
2009-07-27 20:30 . 2009-05-01 18:08 -------- d-----w- c:\program files\Orbitdownloader
2009-07-25 12:22 . 2007-06-30 11:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 18:57 . 2009-06-25 19:34 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-22 17:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-22 17:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-22 17:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-22 17:35 . 2009-04-06 19:33 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-22 17:07 . 2009-06-05 19:44 -------- d-----w- c:\program files\Java
2009-07-22 16:58 . 2009-06-13 11:26 -------- d-----w- c:\program files\MediaCoder
2009-07-22 16:53 . 2009-07-22 16:51 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-21 21:52 . 2009-07-29 06:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 06:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 06:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 06:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 11:50 . 2007-06-30 10:57 -------- d-----w- c:\program files\3DO
2009-07-10 12:15 . 2008-07-06 13:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-10 12:15 . 2008-07-06 13:29 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-20 18:51 . 2009-06-20 18:51 -------- d-----w- c:\programdata\LangSoft
2009-06-12 18:44 . 2009-01-23 17:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 11:35 . 2008-07-30 15:13 -------- d-----w- c:\program files\THQ
2009-06-03 14:40 . 2009-06-03 14:35 -------- d-----w- c:\program files\Heroes of Annihilated Empires
2009-06-02 16:11 . 2009-07-22 16:51 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2009-07-22 16:51 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-07-22 16:51 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-21 09:33 . 2009-06-05 19:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-05 22:31 . 2009-07-22 16:51 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2007-06-25 12:52 . 2007-06-25 12:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_20.20.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-25 12:41 . 2009-07-30 14:33 42574 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-06-25 12:41 . 2009-07-31 20:05 42574 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-31 20:05 53926 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-06-28 06:19 . 2009-07-31 20:05 17474 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-795433935-3380769853-2322432176-1000_UserData.bin
- 2007-06-27 11:12 . 2009-07-30 20:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-27 11:12 . 2009-07-31 20:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-27 11:12 . 2009-07-31 20:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-27 11:12 . 2009-07-30 20:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-27 11:12 . 2009-07-30 20:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-06-27 11:12 . 2009-07-31 20:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-07-22 17:39 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-31 07:03 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-31 07:03 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-07-22 17:39 51200 c:\windows\inf\infpub.dat
+ 2009-07-31 20:04 . 2009-07-31 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-30 14:31 . 2009-07-30 14:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-31 20:04 . 2009-07-31 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-30 14:31 . 2009-07-30 14:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:25 . 2008-01-19 07:30 761344 c:\windows\System32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-11-02 10:25 . 2009-04-11 06:24 761344 c:\windows\System32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-11-02 10:25 . 2009-04-11 06:28 744448 c:\windows\System32\spool\drivers\w32x86\3\unidrvui.dll
+ 2006-11-02 10:25 . 2009-04-11 06:28 372736 c:\windows\System32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2006-11-02 12:36 . 2009-04-11 06:28 198656 c:\windows\System32\spool\drivers\w32x86\3\mxdwdui.dll
- 2006-11-02 12:36 . 2008-01-19 07:35 198656 c:\windows\System32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2006-11-02 10:25 . 2009-04-11 06:28 779264 c:\windows\System32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-11-02 10:33 . 2009-07-31 20:10 595308 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-30 14:36 595308 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-31 20:10 104742 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-30 14:36 104742 c:\windows\System32\perfc009.dat
+ 2009-07-22 17:29 . 2009-04-11 06:28 198656 c:\windows\System32\DriverStore\FileRepository\prnms001.inf_307fbde5\mxdwdui.dll
+ 2006-11-02 10:25 . 2009-07-31 07:03 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-22 17:39 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-04-11 06:28 1675776 c:\windows\System32\spool\drivers\w32x86\3\XPSSVCS.DLL
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-29 4317184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):59,83,d6,71,f4,0a,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AE1CB8E5-333F-47C9-881A-C38891977C2A}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{A5BDDC76-9527-46EF-871D-C3D9A878004E}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"TCP Query User{4271EC19-FBE0-4EE6-8966-F823AF534883}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{165FC4A9-28EC-4AB7-A8E1-0571D4077D23}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{F5ED6747-9022-4738-8929-615023B2178B}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{C309E57C-3C83-4625-93BC-AA7E32737858}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{6EFB09A6-1D96-4CB0-9479-0F1447C38DB9}c:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:c:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III
"UDP Query User{41D3CC05-460C-49B8-B163-F18749C1B5A3}c:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:c:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III
"TCP Query User{FD25EF0D-32AF-4A0D-9C4E-36BD1579116C}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{DCF5E605-2F16-4B9F-8855-DF0C8B49A4A9}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"TCP Query User{CB44FB78-F2AC-4973-81B4-382A3C0BDD50}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{C6C11AE8-D037-4F22-8F4C-A7653B1A17E5}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"TCP Query User{81EDBB6C-5AAF-4358-8876-ABCB783961F0}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{10F55886-1658-473C-96E1-1FDFAAD9D253}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"{B0623D2E-BD04-48AF-B5DA-794FDD1378DD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{72A432D3-9EC4-429E-81C7-C3654CABEBF4}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C042617F-AEAC-496D-A32E-7F2D6362781E}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F13FA254-9554-45AD-A55C-48B7443F1FB3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{AA5F1EDA-59A6-4F42-BF51-E587FCFD484E}"= UDP:c:\program files\vco\Outbreak.exe:Outbreak
"{20FCF377-2497-4AD6-9A5C-7B4087E2E94E}"= TCP:c:\program files\vco\Outbreak.exe:Outbreak
"TCP Query User{10B5D367-07E9-4790-9F46-CFF57B4FB7D8}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{1714997F-8A69-4BB7-97A2-B3EEF9FBF726}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{118B05C0-9910-4B05-A40E-E01B79867181}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{14F79999-D4D8-4893-AC2A-BE59971D31F4}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"{2E9F7A0D-E151-488C-BCE3-79FDC0F4BA19}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{45EFE2D5-8B6B-4C91-9326-FA1EEE12263D}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{F28FC77D-4B66-4A45-B247-04AE673AE488}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{0565AE10-848D-475B-B55A-5FEAB765E0D9}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{A1FC0748-6740-44B0-8777-673DC05EE29E}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{33300B21-F771-4EF3-8EC5-937C0F660036}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{EC3673FA-994C-4721-B524-78898813BAE6}"= UDP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{CAE3C79A-4167-40BB-AA06-0AF8561CE8CA}"= TCP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"TCP Query User{01CBB986-B62A-4CA5-8D0D-4304D3B01180}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{487DF458-71B8-4972-91DC-59BDF2AD5D93}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{A0F0AA35-7EC8-4A41-A66D-776F072477FA}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{610F56C3-27D0-4374-9EBF-7EA5A4AC83FD}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{2B3A48AF-1139-4A23-8589-AFA29758EB55}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{0A4CFA53-003E-4EAB-99E2-755A0F434329}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{4CBC1D55-11E5-48B1-855E-3EC274D025B5}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{2CCE4807-AA06-48CF-8F03-2C9A9ACFCF47}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"TCP Query User{D453ADB1-88BD-468A-B027-D7445730D564}c:\\modules\\half-life\\hlds.exe"= UDP:c:\modules\half-life\hlds.exe:hlds
"UDP Query User{69BDA5BD-C1DB-4F5C-B702-661C49D5F82C}c:\\modules\\half-life\\hlds.exe"= TCP:c:\modules\half-life\hlds.exe:hlds
"TCP Query User{3AA92F8B-404A-4259-9011-5E44CF12F3AE}c:\\modules\\half-life\\hl.exe"= UDP:c:\modules\half-life\hl.exe:Half-Life Launcher
"UDP Query User{69847F5F-C787-4FDE-861C-708593731274}c:\\modules\\half-life\\hl.exe"= TCP:c:\modules\half-life\hl.exe:Half-Life Launcher
"TCP Query User{0FE0DE69-E030-4036-A62E-C9B96F8E6FBA}c:\\users\\uživatel\\appdata\\local\\temporary projects\\chat\\bin\\debug\\chat.vshost.exe"= UDP:c:\users\uživatel\appdata\local\temporary projects\chat\bin\debug\chat.vshost.exe:chat.vshost.exe
"UDP Query User{4C9F0F2B-3124-45A0-9F71-259437D96DF0}c:\\users\\uživatel\\appdata\\local\\temporary projects\\chat\\bin\\debug\\chat.vshost.exe"= TCP:c:\users\uživatel\appdata\local\temporary projects\chat\bin\debug\chat.vshost.exe:chat.vshost.exe
"TCP Query User{260D5B62-594C-4646-9337-5B25FB0018CC}c:\\modules\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= UDP:c:\modules\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"UDP Query User{5FAC2472-3F90-4AAB-A134-4BFFED94549A}c:\\modules\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= TCP:c:\modules\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"{58809C2E-3A5E-4277-AAE5-7215A1B8F58E}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{3B36AA70-3559-4726-BE93-77DA47F5AE81}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{E7B44CBB-1F62-4C6A-A253-D2B304BACE86}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{FEC4C986-3639-437A-9DCF-DB2337AA2F19}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{AFE95A75-0DD9-441B-833B-703A8924C483}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{4083C6C4-BDD3-49B8-9A77-48EEA607DBD9}\\\\fantasy\\winxp (c)\\program files\\qip\\qip.exe"= UDp:\\fantasy\winxp (c)\program files\qip\qip.exe:qip.exe
"UDP Query User{8ED3A2BE-811C-4CF9-8255-835A9146CF98}\\\\fantasy\\winxp (c)\\program files\\qip\\qip.exe"= TCp:\\fantasy\winxp (c)\program files\qip\qip.exe:qip.exe
"TCP Query User{32AD99CF-B863-4E48-8989-CDF6CF222CA5}\\\\fantasy\\winxp (c)\\program files\\orbitdownloader\\orbitnet.exe"= UDp:\\fantasy\winxp (c)\program files\orbitdownloader\orbitnet.exe:orbitnet.exe
"UDP Query User{539B73D7-02FF-4B74-9950-ED55F8891AA7}\\\\fantasy\\winxp (c)\\program files\\orbitdownloader\\orbitnet.exe"= TCp:\\fantasy\winxp (c)\program files\orbitdownloader\orbitnet.exe:orbitnet.exe
"TCP Query User{304E51BA-05E5-4D98-A913-D751167DAAF0}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{013152E8-8D88-4B2B-9BEC-BE73A69E19DF}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{6BB41B64-767C-4C1A-9809-484E07F74E54}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{02860C13-4008-4253-87A0-0F2260887F19}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{2955A6A7-F257-4692-9A8C-07F6CCAD8DB4}\\\\fantasy\\winxp (c)\\program files\\icq6.5\\icq.exe"= UDp:\\fantasy\winxp (c)\program files\icq6.5\icq.exe:icq.exe
"UDP Query User{E0F17154-6A88-49C4-A1BB-E7B24D4F0D60}\\\\fantasy\\winxp (c)\\program files\\icq6.5\\icq.exe"= TCp:\\fantasy\winxp (c)\program files\icq6.5\icq.exe:icq.exe
"TCP Query User{9C79E67F-2419-40DC-8E16-97D0E7AB6486}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{B01740A3-AFFF-4B93-B096-5B6BCB76F2B4}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{BEAF0563-024F-472D-B20B-1E1BFEA37BAC}c:\\modules\\nnew\\port_kom\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= UDP:c:\modules\nnew\port_kom\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"UDP Query User{B0EB8515-CA97-4667-B61D-58154922808F}c:\\modules\\nnew\\port_kom\\chatserver\\chatserver\\bin\\release\\chatserver.exe"= TCP:c:\modules\nnew\port_kom\chatserver\chatserver\bin\release\chatserver.exe:ChatServer
"TCP Query User{A84D773D-F7C4-4178-870A-3E692102A972}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\release\\main_s.exe"= UDP:c:\modules\nnew\port_kom\main_s\main_s\bin\release\main_s.exe:
"UDP Query User{552E33F9-2D28-42A7-B422-D6B5FD7A5A0A}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\release\\main_s.exe"= TCP:c:\modules\nnew\port_kom\main_s\main_s\bin\release\main_s.exe:
"TCP Query User{B0A9AB16-58AA-4441-9BCD-398A84EE2B5E}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\debug\\main_s.vshost.exe"= UDP:c:\modules\nnew\port_kom\main_s\main_s\bin\debug\main_s.vshost.exe:vshost.exe
"UDP Query User{990BCF54-9F72-4D7D-9D8B-90B53E85ADED}c:\\modules\\nnew\\port_kom\\main_s\\main_s\\bin\\debug\\main_s.vshost.exe"= TCP:c:\modules\nnew\port_kom\main_s\main_s\bin\debug\main_s.vshost.exe:vshost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\System32\drivers\psdrv02.sys [11.9.2006 14:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\System32\drivers\pssync05.sys [3.11.2006 10:24 61312]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [13.10.2005 15:46 35328]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [13.7.2009 18:37 115856]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3.4.2007 10:43 1131136]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [14.10.2007 17:19 115968]
S2 psrem02;CD Guard Drivers Auto Removal (v2);c:\windows\system32\psrem02.exe svc --> c:\windows\system32\psrem02.exe svc [?]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [6.4.2009 21:44 55280]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [22.11.2008 12:53 23064]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8.3.2009 22:31 1527900]
S4 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-31 c:\windows\Tasks\User_Feed_Synchronization-{97C7791A-4FE0-47DA-9DB5-C1B8BBF3B8C3}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 64.29.148.46:80
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 22:57
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,26,2e,15,28,1b,01,4f,97,a7,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,26,2e,15,28,1b,01,4f,97,a7,d6,\

[HKEY_USERS\S-1-5-21-795433935-3380769853-2322432176-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,ee,8c,7e,7c,68,84,07,7d,e5,92,3b,bd,53,58,bc,2c,94,8a,9a,d2,e0,3d,
5e,48,3b,ab,a3,24,60,69,78,ae,22,cf,03,28,44,fe,99,ee,71,d1,dd,28,ce,68,5b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-795433935-3380769853-2322432176-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,13,19,dc,bb,4d,51,c1,56,8f,0b,bd,73,23,1d,09,3e,9a,43,64,fb,
3b,1b,eb,16,0b,9d,58,5c,69,8b,27,d9,5c,e5,82,f0,ce,2f,9d,8b,4a,76,cf,cd,50,\
"rkeysecu"=hex:d7,9f,8c,ea,8b,e9,c1,52,7f,cb,22,56,3b,7b,9e,7b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,49,39,91,6b,9f,
86,ae,ec,e2,63,26,f1,3f,c8,ff,68,90,3b,26,5c,ae,6e,84,c4,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ea,d8,86,f8,ca,
65,13,91,6a,9c,d6,61,af,45,84,18,94,5f,6f,37,d7,a1,a9,29,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d1,e3,52,51,20,
c4,fa,fc,ff,7c,85,e0,43,d4,0e,fe,b5,a7,b9,1d,20,35,11,86,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,05,5c,1e,52,5b,
3a,3d,64,86,8c,21,01,be,91,eb,e7,e9,5f,c9,fe,bc,ad,42,2a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,af,af,fd,a7,90,
f8,9d,bd,f5,1d,4d,73,a8,13,5c,05,81,15,3b,6a,17,dc,fe,4e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,2f,3a,c1,de,50,
c4,18,1f,df,20,58,62,78,6b,cf,c8,fd,57,42,60,5d,81,ab,f8,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,15,30,16,3c,60,
9a,39,8e,fb,a7,78,e6,12,2f,9a,ea,a3,8d,75,0a,b5,04,8f,49,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,67,49,b9,86,
8a,be,65,01,3a,48,fc,e8,04,4a,f1,90,cd,67,e4,36,b1,32,7a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,e2,b1,53,4f,35,
d4,5c,46,f6,0f,4e,58,98,5b,89,c9,8b,cd,ea,1c,db,2c,57,9e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,65,37,a2,90,5f,
bd,76,0a,3d,ce,ea,26,2d,45,aa,78,db,8a,97,10,b0,21,48,0e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,eb,4a,0d,ef,69,
89,bc,1d,2a,b7,cc,b5,b9,7f,41,e7,2c,b4,f2,d2,fd,82,d7,82,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e0,6f,c9,24,ac,
59,e9,4a,6c,43,2d,1e,aa,22,2f,9c,08,f7,13,a7,0a,48,8d,4d,6c,43,2d,1e,aa,22,\
.
Celkový čas: 2009-07-31 23:00
ComboFix-quarantined-files.txt 2009-07-31 21:00

Před spuštěním: Volných bajtů: 96 598 061 056
Po spuštění: Volných bajtů: 96 635 392 000

339 --- E O F --- 2009-07-31 07:15


--------------------------------------------------------------

HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:47, on 31.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Uživatel\Desktop\Nová složka\HijackThis.exe
C:\Users\Uživatel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.29.148.46:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PC
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\Windows\system32\psrem02.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe

--
End of file - 5353 bytes

[jaro3]

Jak myslíš , já bych si antivir rozhodně pořídil, i něco na spyware, možná i firewall.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\Software\..\Telephony: DomainName = PC
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PC

Tuto proxy adresu si nastavoval sám:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.29.148.46:80
Pokud ne , tak taky fix.

O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\Windows\system32\psrem02.exe
Instaloval si sám ? Pokud ne , ukonči ve správci úloh psrem02.exe
a smaž:
C:\Windows\system32\psrem02.exe , můžeš dát i ve službách typ spouštění na zákázáno.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Pokud se chceš zbavit všech souborů Combofixu, HJT atd.:
Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou )

na plochu a spusť ho.
Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění)a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)
Je to vše.

[Paulí]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.29.148.46:80

nevím o tom - smazáno

O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\Windows\system32\psrem02.exe

Smazáno i se souborem.

ComboFix odinstalován.

ATF Cleaner podle odkaz nejde stáhnout - ale nevadí, nepotřebuji


Vše ? Ok díky moc.
[Prosím ještě odpověz, jestli vše, ať vím, zda už můžu jít spát.]

[jaro3]

Odkaz funguje , musíš chvilku počkat , jo je to vše, jdu taky spát.
ProxyServer = 64.29.148.46:80 nejpíše anonymous surfing,,

[Paulí]

Díky moc.