Nevíte, co znamenají tyto infikace-vypalovacky nevypaluji Vyřešeno

[Linas]

Ahoj, resim tu tema http://pc-help.cz/viewtopic.php?f=7&t=61401, tak me napadlo jestli ta chyba nemuze byt malware, nebo nejakou inou infikaci, tak sem dam log, pokud myslite nebo vite jestli kvuli temto infikacim vypalovacky nevypaluji, tak bych prosil nejakej navod co stim udelat, dekuji :)

LOG z Malwarebytes' Anti-Malware

► Zobrazit spoiler

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 5132

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/1 19:09:16
mbam-log-2011-01-06 (19-09-16).txt

Typ skenu: Rychlý sken
Skenované objekty: 169093
Uplynulý čas: 7 minuta(y), 38 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\C8H1KKCTZV (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Malware.Trace) -> No action taken.

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Linas System\Dokumenty\downloads\windows_xp_setup_simulator.exe (Trojan.Logger) -> No action taken.
C:\WINDOWS\system32\CTF\klog.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\msagent\chars\Reaper.acs (Backdoor.PcClient) -> No action taken.

[Reklama]

[memphisto]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Linas]

MbAM

► Zobrazit spoiler

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 5132

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/1 13:47:29
mbam-log-2011-01-09 (13-47-29).txt

Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 351590
Uplynulý čas: 1 hodina(y), 39 minuta(y), 39 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Acronis Disk Director Suite 10 build 2160\crack\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Program Files\Screaming Bee\MorphVOX Pro\morphvox.pro.3.0.5.build.39239-patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFA88B0C-B9FC-4B99-9696-116C7B2620D5}\RP186\A0109656.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FFA88B0C-B9FC-4B99-9696-116C7B2620D5}\RP202\A0123476.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ComboFix

► Zobrazit spoiler

ComboFix 11-01-08.04 - Linas System ne 09/01 14:00:58.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1061 [GMT 1:00]
Spuštěný z: c:\documents and settings\Linas System\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Eset NOD32 Antivirus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\WINDOWSDEFENDER.EXE
c:\documents and settings\Linas System\Data aplikací\PriceGong
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Linas System\Data aplikací\PriceGong\Data\z.xml
C:\Tmp3AC6.tmp
c:\windows\install.exe
c:\windows\nayceaatm.dll
c:\windows\system32\CTF
c:\windows\system32\drivers\qbpci.sys
c:\windows\system32\natcraatm.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_adeqet


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-09 do 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 11:16 . 2011-01-09 11:20 -------- d-----w- c:\documents and settings\Linas System\Local Settings\Data aplikací\MTA San Andreas
2011-01-08 12:26 . 2008-04-14 08:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-01-06 17:14 . 2011-01-06 17:14 -------- d-----w- c:\program files\Yamicsoft
2011-01-02 11:26 . 2011-01-02 11:26 -------- d-----w- C:\$WIN_NT$.~BT
2011-01-02 11:22 . 2011-01-02 11:22 -------- d-----w- c:\program files\Product Key Finder Lite
2011-01-02 02:25 . 2007-03-07 12:27 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-01-02 02:17 . 2011-01-02 02:17 -------- d-----w- c:\program files\Acronis Disk Director Suite 10 build 2160
2011-01-02 01:54 . 2011-01-02 01:54 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-01-02 01:41 . 2011-01-02 01:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-02 01:39 . 2011-01-02 02:25 -------- d-----w- c:\program files\Paragon Software
2011-01-02 01:18 . 2011-01-02 01:54 -------- d-----w- c:\program files\Common Files\Acronis
2011-01-02 01:18 . 2011-01-02 01:18 -------- d-----w- c:\program files\Acronis
2011-01-02 00:47 . 2007-03-19 17:05 4245008 ----a-w- c:\windows\system32\qtp-mt334.dll
2011-01-02 00:47 . 2007-03-19 17:05 13840 ----a-w- c:\windows\system32\wnaspi32.dll
2011-01-02 00:47 . 2007-03-19 17:04 247824 ----a-w- c:\windows\system32\prgiso.dll
2011-01-01 23:39 . 2011-01-02 01:42 -------- d-----w- c:\documents and settings\Administrator
2011-01-01 20:38 . 2011-01-01 20:38 -------- d-----w- c:\program files\OCCT
2011-01-01 19:57 . 2011-01-01 19:57 -------- d-----w- c:\program files\Lavalys
2010-12-30 02:11 . 2010-12-30 02:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\phpDesigner
2010-12-30 02:08 . 2010-12-30 02:13 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\phpDesigner
2010-12-30 02:08 . 2010-12-30 02:10 -------- d-----w- c:\program files\phpDesigner 7
2010-12-29 14:59 . 2010-12-29 15:03 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-29 14:59 . 2010-12-29 15:03 139264 ----a-w- c:\windows\War3Unin.exe
2010-12-28 21:51 . 2010-12-28 21:52 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\Ashampoo Movie Menu
2010-12-28 21:51 . 2010-12-28 21:51 -------- d-----w- c:\documents and settings\Linas System\Local Settings\Data aplikací\Ashampoo Movie Menu
2010-12-28 21:50 . 2010-12-28 21:50 -------- d-----w- c:\documents and settings\Linas System\Local Settings\Data aplikací\ashampoo
2010-12-28 21:50 . 2010-12-28 21:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ashampoo
2010-12-28 12:54 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-12-28 12:47 . 2010-12-28 21:50 -------- d-----w- c:\program files\Ashampoo
2010-12-25 13:23 . 2010-12-25 13:23 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\TuneUp Software
2010-12-24 12:54 . 2010-12-24 12:54 -------- d-----w- c:\documents and settings\Ostatní\Data aplikací\Nero
2010-12-22 22:11 . 2010-12-22 22:11 -------- d-----w- c:\program files\Common Files\Skype
2010-12-22 22:11 . 2010-12-22 22:11 -------- d-----r- c:\program files\Skype
2010-12-20 21:15 . 2010-12-20 21:15 -------- d-----w- c:\program files\CountDown ShutDown PC
2010-12-19 19:43 . 2010-12-19 19:43 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\AskToolbar
2010-12-18 18:46 . 2011-01-05 18:54 -------- d-----w- c:\documents and settings\Linas System\Local Settings\Data aplikací\AskToolbar
2010-12-18 10:08 . 2010-12-14 13:43 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-18 10:07 . 2010-12-14 13:39 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-18 10:07 . 2010-12-18 10:07 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\TuneUp Software
2010-12-18 10:07 . 2010-12-18 10:08 -------- d-----w- c:\program files\TuneUp Utilities 2011
2010-12-18 10:06 . 2010-12-18 10:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2010-12-18 10:06 . 2010-12-18 10:06 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-17 20:36 . 2010-12-17 20:36 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\Screaming Bee
2010-12-17 20:35 . 2010-12-17 20:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Screaming Bee
2010-12-17 20:34 . 2010-12-17 20:34 -------- d-----w- c:\program files\Screaming Bee
2010-12-17 20:34 . 2010-12-17 20:34 -------- d-----w- c:\program files\Common Files\Screaming Bee
2010-12-17 19:23 . 2010-12-17 19:28 -------- d-----w- C:\vcs5core
2010-12-17 19:23 . 2010-12-17 19:23 -------- d-----w- C:\AV_LOGS
2010-12-17 18:58 . 2010-12-17 19:24 -------- d-----w- C:\vcs5BGEffects
2010-12-17 18:51 . 2010-12-17 18:57 -------- d-----w- c:\program files\AV Vcs 4.0
2010-12-12 19:21 . 2010-12-18 18:47 -------- d-----w- c:\documents and settings\Linas System\Local Settings\Data aplikací\Conduit
2010-12-12 19:21 . 2010-12-12 19:21 -------- d-----w- c:\program files\Conduit
2010-12-12 19:20 . 2010-12-18 18:47 -------- d-----w- c:\documents and settings\Linas System\Local Settings\Data aplikací\uTorrentBar
2010-12-12 19:20 . 2010-12-25 19:05 -------- d-----w- c:\program files\uTorrentBar
2010-12-11 09:41 . 2010-12-11 09:41 -------- d-----w- c:\program files\FreeTime
2010-12-11 09:12 . 2010-12-11 09:12 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\Canneverbe Limited
2010-12-11 09:12 . 2010-12-11 09:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Canneverbe Limited
2010-12-11 09:12 . 2010-12-17 23:47 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-12-11 09:12 . 2010-12-11 09:41 -------- d-----w- c:\documents and settings\Linas System\Local Settings\Data aplikací\OpenCandy
2010-12-11 09:12 . 2010-12-11 09:12 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\OpenCandy
2010-12-11 08:14 . 2010-12-11 08:14 -------- d-----w- C:\MovieDVDMaker
2010-12-10 23:47 . 2010-12-10 23:47 -------- d-----w- c:\documents and settings\Linas System\Local Settings\Data aplikací\WinAVI
2010-12-10 23:34 . 2010-12-10 23:38 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\avidemux
2010-12-10 23:34 . 2010-12-10 23:34 -------- d-----w- c:\program files\Avidemux 2.5
2010-12-10 22:55 . 2010-12-10 22:56 -------- d-----w- c:\program files\Common Files\Nero
2010-12-10 22:55 . 2010-12-10 23:06 -------- d-----w- c:\program files\Nero
2010-12-10 21:32 . 2010-12-10 21:32 -------- d-----w- C:\videodvdmaker
2010-12-10 21:32 . 2010-12-10 21:32 -------- d-----w- c:\documents and settings\Linas System\Data aplikací\Video DVD Maker FREE
2010-12-10 19:25 . 2010-12-21 13:11 823661 ----a-w- c:\documents and settings\Linas System\aktualizace.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 13:07 . 2008-01-02 08:42 16608 ----a-w- c:\windows\gdrv.sys
2010-12-24 00:06 . 2010-11-22 16:39 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-23 15:33 . 2010-10-04 16:30 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-04 14:45 . 2010-12-04 14:38 86528 ----a-w- c:\windows\bnetunin.exe
2010-12-04 14:45 . 2010-12-04 14:38 61440 ----a-w- c:\windows\diabswun.exe
2010-12-01 20:04 . 2010-12-01 20:05 2855 ----a-w- c:\windows\SETUP.PIF
2010-11-24 15:40 . 2010-10-04 16:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 06:08 . 2008-01-02 12:40 737280 ----a-w- c:\windows\iun6002.exe
2010-11-22 16:43 . 2010-11-22 16:43 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-16 11:01 . 2011-01-09 13:13 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{B955E02B-D9EA-4279-9FEB-4E097548528C}\mpengine.dll
2010-11-12 17:53 . 2010-08-21 23:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-08-21 23:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-23 07:15 . 2010-10-23 07:15 2894 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-10-19 09:41 . 2010-08-17 19:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 08:00 . 2010-10-28 18:14 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-16 20:44 . 2010-10-16 20:45 62976 ----a-w- c:\windows\system32\steam_api.dll
2010-10-16 18:55 . 2010-11-17 11:37 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55 . 2010-11-17 11:37 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55 . 2010-04-03 20:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-04-03 20:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-04-03 20:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2009-03-08 08:37 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2009-03-08 08:37 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2009-03-08 08:37 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2009-03-08 08:37 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2009-03-08 08:37 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2009-03-08 08:37 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 11:04 . 2010-10-16 11:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:04 . 2010-10-16 11:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:04 . 2010-10-16 11:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:04 . 2010-10-16 11:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 11:04 . 2010-10-16 11:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:04 . 2010-10-16 11:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
.

------- Sigcheck -------

[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-02 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-02 12:27 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-02 12:27 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 11:17 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-02 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin1.dll" [2011-01-02 3911776]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-02 3911776]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-12 395640]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-10-31 19071672]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-04-26 24576]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2010-07-01 603136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-14 2225208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Linas System\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-4-17 1689600]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Skype.lnk - c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Game Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry\\II\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry\\II\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry\\II\\Far Cry 2\\bin\\FC2Editor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56374:TCP"= 56374:TCP:Pando Media Booster
"56374:UDP"= 56374:UDP:Pando Media Booster
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/1 10:50 691696]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [4/10 17:34 704384]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/4 9:52 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/10 17:30 135336]
R2 ES lite Service;ES lite Service for program management.;c:\program files\GIGABYTE\EasySaver\essvr.exe [2/1 10:11 80392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6/12 8:31 1238408]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11 17:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14/12 14:41 1517376]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11 19:19 13592]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [4/10 17:32 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [4/10 17:34 257432]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [1/1 0:13 37560]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26/9 23:21 21920]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29/11 19:27 10064]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [4/10 17:32 1195008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3 13:16 130384]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [28/12 13:54 406016]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [1/1 20:57 26736]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\LINASS~1\LOCALS~1\Temp\CUB29EA.tmp --> c:\docume~1\LINASS~1\LOCALS~1\Temp\CUB29EA.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3 13:16 753504]
S3 zebratap;NeoRouter Network Interface;c:\windows\system32\drivers\zebratap.sys [29/3 21:24 25216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2011-01-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-12-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-21 11:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15446&l=dis
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\documents and settings\Linas System\Data aplikací\Mozilla\Firefox\Profiles\nt4ar5n3.default\
FF - prefs.js: browser.search.selectedEngine - Rapidshare Google Arama
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?tool ... m-1.0.0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: kikin plugin: {AA994882-F391-4d2e-806F-8908DA4814ED} - %profile%\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Asociace souborů -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-09 14:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\LINASS~1\LOCALS~1\Temp\CUB29EA.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1220945662-515967899-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:d3,7e,a3,d2,c9,3c,5b,bc,9f,67,63,ad,04,b9,cf,e1,a3,3a,84,b3,aa,
d6,8d,fd,e9,24,e4,6f,c8,fa,76,0f,df,ff,d4,ec,59,f6,13,20,56,7b,a5,e1,67,55,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(816)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\dvmurl.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-01-09 14:16:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-09 13:16

Před spuštěním: Volných bajtů: 72 086 007 808
Po spuštění: Volných bajtů: 72 204 849 152

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWSX="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 69BFC451E19AFACE787CD504273B69D7

[Linas]

dockam se nekdy odpovedi nebo to muzu uzavrit ?

[guest]

Zřejmě memphisto je nějak zaneprázdněn. Zkusím požádat Bledulku má-li čas.

[bledulka]

Ahoj,
V mbamu jsi všechno smazal?
Teď to s počítačem vypadá jak?