ComboFIX check :-)

[hlupak]

Muzete mi to checknout pls.?
dekuji

ComboFix 08-03-01 - BOBANEK 2008-02-29 20:27:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1487 [GMT 0:00]
Running from: G:\Documents and Settings\BOBANEK\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-29 17:42 . 2008-02-29 20:12 <DIR> d-------- G:\WINDOWS\LastGood
2008-02-27 13:02 . 2008-02-27 13:02 0 --ah----- G:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-27 13:02 . 2008-02-27 13:02 0 --ah----- G:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-02-24 17:56 . 2008-02-24 22:49 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\DMCache
2008-02-24 17:28 . 2008-02-24 17:28 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\THQ
2008-02-23 17:47 . 2008-02-23 17:47 <DIR> d-------- G:\Program Files\SystemRequirementsLab
2008-02-23 14:25 . 2008-02-23 14:25 32 --a------ G:\WINDOWS\go
2008-02-20 12:30 . 2008-02-20 12:30 <DIR> d-------- G:\Program Files\Logitech
2008-02-20 12:30 . 2008-02-20 12:30 <DIR> d-------- G:\Program Files\Common Files\Logitech
2008-02-20 12:08 . 2008-02-22 19:07 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-02-20 12:03 . 2008-02-20 12:03 <DIR> dr-h----- G:\Documents and Settings\BOBANEK\Application Data\SecuROM
2008-02-19 12:46 . 2008-02-19 12:46 <DIR> d-------- G:\Program Files\Creative
2008-02-19 12:46 . 2002-06-06 14:38 139,264 --a------ G:\WINDOWS\system32\eax.dll
2008-02-16 16:36 . 2002-08-08 04:11 319,488 -ra------ G:\WINDOWS\system32\MafiaSetup.exe
2008-02-16 13:32 . 2008-02-16 13:32 <DIR> d-------- G:\WINDOWS\system32\xlive
2008-02-16 13:15 . 2008-02-16 13:15 <DIR> d-------- G:\Documents and Settings\BOBANEK\Contacts
2008-02-16 12:48 . 2008-02-16 12:54 <DIR> d-------- G:\Program Files\Windows Live
2008-02-16 12:48 . 2008-02-16 12:51 <DIR> d--hsc--- G:\Program Files\Common Files\WindowsLiveInstaller
2008-02-16 12:48 . 2008-02-16 12:48 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-16 12:48 . 2008-02-16 12:50 4,566 --a------ G:\WINDOWS\imsins.BAK
2008-02-16 12:45 . 2008-02-16 12:45 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\MSNInstaller
2008-02-16 11:53 . 2007-03-05 11:51 360,580 --a------ G:\WINDOWS\eSellerateEngine.dll
2008-02-15 12:46 . 2008-02-15 12:46 <DIR> d--h----- G:\WINDOWS\PIF
2008-02-14 17:10 . 2008-02-14 17:10 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\Codemasters
2008-02-14 12:24 . 2008-02-14 12:24 <DIR> d-------- G:\Program Files\ATI Technologies
2008-02-14 12:24 . 2008-01-22 14:42 593,920 --------- G:\WINDOWS\system32\ati2sgag.exe
2008-02-14 12:06 . 2008-02-15 19:41 <DIR> d-------- G:\WINDOWS\system32\AGEIA
2008-02-14 12:06 . 2008-02-15 19:41 <DIR> d-------- G:\Program Files\AGEIA Technologies
2008-02-13 16:43 . 2008-02-13 16:43 <DIR> d-------- G:\Program Files\Activision Value
2008-02-13 16:23 . 2008-02-13 16:23 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\DAEMON Tools
2008-02-13 16:20 . 2008-02-13 16:20 716,272 --a------ G:\WINDOWS\system32\drivers\sptd.sys
2008-02-13 14:56 . 2008-02-13 14:56 <DIR> d-------- G:\Program Files\Microsoft Silverlight
2008-02-12 12:58 . 2008-02-12 12:58 376 --a------ G:\WINDOWS\ODBC.INI
2008-02-12 12:56 . 2008-02-12 12:56 <DIR> d-------- G:\WINDOWS\ShellNew
2008-02-12 12:56 . 2008-02-12 12:56 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\Microsoft Web Folders
2008-02-10 19:38 . 2008-02-10 19:38 <DIR> d-------- G:\Program Files\OpenAL
2008-02-10 19:38 . 2007-10-12 15:14 3,734,536 --a------ G:\WINDOWS\system32\d3dx9_36.dll
2008-02-10 19:38 . 2007-07-19 18:14 3,727,720 --a------ G:\WINDOWS\system32\d3dx9_35.dll
2008-02-10 19:38 . 2007-10-12 15:14 1,374,232 --a------ G:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-10 19:38 . 2007-07-19 18:14 1,358,192 --a------ G:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-10 19:38 . 2007-10-02 09:56 444,776 --a------ G:\WINDOWS\system32\d3dx10_36.dll
2008-02-10 19:38 . 2007-07-19 18:14 444,776 --a------ G:\WINDOWS\system32\d3dx10_35.dll
2008-02-10 19:38 . 2007-10-22 03:39 267,272 --a------ G:\WINDOWS\system32\xactengine2_10.dll
2008-02-10 19:38 . 2007-07-20 00:57 267,112 --a------ G:\WINDOWS\system32\xactengine2_9.dll
2008-02-09 03:36 . 2008-02-09 03:36 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 03:36 . 2007-05-13 12:24 86,683 --a------ G:\WINDOWS\system32\pthreadGC2.dll
2008-02-08 14:52 . 2008-02-08 14:52 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\Apple Computer
2008-02-08 13:43 . 2008-02-08 13:43 <DIR> d-------- G:\Program Files\Common Files\Adobe
2008-02-05 12:11 . 2008-02-25 12:54 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\HLSW
2008-02-02 17:29 . 2008-02-02 17:29 <DIR> d-------- G:\Program Files\Sonic
2008-02-02 17:29 . 2008-02-02 17:29 <DIR> d-------- G:\Program Files\Common Files\Sonic Shared
2008-02-01 16:26 . 2008-02-01 16:26 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\Ahead
2008-02-01 16:26 . 2008-02-01 16:26 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 20:17 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Azureus
2008-02-29 20:12 --------- d-----w G:\Program Files\Kaspersky Lab
2008-02-29 17:43 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-02-27 16:01 22,328 ----a-w G:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-27 16:01 107,832 ----a-w G:\WINDOWS\system32\PnkBstrB.exe
2008-02-25 12:56 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Xfire
2008-02-23 16:59 --------- d-----w G:\Program Files\Opera
2008-02-16 12:27 107,888 ----a-w G:\WINDOWS\system32\CmdLineExt.dll
2008-02-15 19:41 --------- d-----w G:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 12:23 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\InstallShield
2008-02-12 12:56 --------- d-----w G:\Program Files\microsoft frontpage
2008-02-10 19:38 409,600 ----a-w G:\WINDOWS\system32\wrap_oal.dll
2008-02-10 19:38 114,688 ----a-w G:\WINDOWS\system32\OpenAL32.dll
2008-02-02 17:29 --------- d-----w G:\Program Files\Common Files\Roxio Shared
2008-01-31 02:02 54,608 ----a-w G:\WINDOWS\system32\xfcodec.dll
2008-01-30 13:04 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Skype
2008-01-29 16:42 --------- d-----w G:\Program Files\Xvid
2008-01-29 14:48 32 ----a-w G:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-29 14:48 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\skypePM
2008-01-29 14:46 --------- d-----w G:\Program Files\Skype
2008-01-29 14:46 --------- d-----w G:\Program Files\Common Files\Skype
2008-01-29 14:46 --------- d-----w G:\Documents and Settings\All Users\Application Data\Skype
2008-01-28 22:00 14,656 ----a-w G:\WINDOWS\gdrv.sys
2008-01-28 19:58 --------- d-----w G:\Documents and Settings\NetworkService\Application Data\Xfire
2008-01-28 13:21 --------- d-----w G:\Program Files\Windows Media Components
2008-01-28 13:21 --------- d-----w G:\Program Files\Mingjong
2008-01-28 13:20 --------- d-----w G:\Program Files\Common Files\snpstd2
2008-01-24 14:17 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\atitray
2008-01-24 13:50 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\ATI
2008-01-23 21:14 --------- d-----w G:\Documents and Settings\All Users\Application Data\Sonic
2008-01-23 20:22 --------- d-----w G:\Program Files\Intervideo
2008-01-23 13:56 24,944 ----a-w G:\WINDOWS\system32\drivers\GVTDrv.sys
2008-01-22 21:38 2,845,696 ----a-w G:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w G:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w G:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w G:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w G:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w G:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w G:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w G:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w G:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w G:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w G:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w G:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w G:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w G:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w G:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w G:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w G:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 49,152 ----a-w G:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w G:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w G:\WINDOWS\system32\ati2cqag.dll
2008-01-21 14:33 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\teamspeak2
2008-01-15 21:20 --------- d-----w G:\Program Files\ICQ6
2008-01-12 23:29 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Teleca
2008-01-12 23:09 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Sony Ericsson
2008-01-12 23:08 --------- d-----w G:\Program Files\Common Files\Teleca Shared
2008-01-12 23:08 --------- d-----w G:\Program Files\Common Files\Sony Ericsson Shared
2008-01-12 23:08 --------- d-----w G:\Documents and Settings\All Users\Application Data\Teleca
2008-01-12 23:08 --------- d-----w G:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-12 22:54 --------- d-----w G:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-12 13:42 --------- d-----w G:\Program Files\Sony
2008-01-12 13:42 --------- d-----w G:\Program Files\Common Files\Sony Shared
2008-01-12 13:41 --------- d-----w G:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-01-11 21:46 --------- d--h--w G:\Documents and Settings\All Users\Application Data\ebtcudat
2008-01-11 15:59 --------- d-----w G:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-10 19:15 --------- d-----w G:\Documents and Settings\All Users\Application Data\Azureus
2008-01-10 14:22 66,872 ----a-w G:\WINDOWS\system32\PnkBstrA.exe
2008-01-10 14:01 22,328 ----a-w G:\Documents and Settings\BOBANEK\Application Data\PnkBstrK.sys
2008-01-10 13:20 --------- d-----w G:\Program Files\Gigabyte
2008-01-10 13:20 --------- d-----w G:\Program Files\Common Files\InstallShield
2008-01-10 13:20 --------- d-----w G:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-09 21:54 --------- d-----w G:\Program Files\Common Files\BitDefender
2008-01-09 21:26 --------- d-----w G:\Program Files\Common Files\Symantec Shared
2008-01-09 21:07 --------- d-----w G:\Documents and Settings\All Users\Application Data\Symantec
2008-01-09 21:01 73,216 ----a-w G:\WINDOWS\ST6UNST.EXE
2008-01-09 21:01 249,856 ------w G:\WINDOWS\Setup1.exe
2008-01-09 21:01 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Symantec
2008-01-09 19:58 --------- d-----w G:\Program Files\MSBuild
2008-01-09 19:56 --------- d-----w G:\Program Files\Reference Assemblies
2008-01-09 18:51 --------- d-----w G:\Program Files\Driver Cleaner Pro
2008-01-09 18:47 --------- d-----w G:\Program Files\CCleaner
2008-01-09 17:18 --------- d-----w G:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-09 13:06 --------- d-----w G:\Program Files\Webteh
2008-01-08 17:58 306,432 ----a-w G:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-08 17:58 --------- d-----w G:\Program Files\TuneUp Utilities 2008
2008-01-08 17:58 --------- d-----w G:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Sony Corporation
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\PC Suite
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Nokia Multimedia Player
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Nokia
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\MailFrontier
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Ideazon
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\ICQ
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\DivX
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\BSplayer PRO
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Acoustica
2008-01-08 16:25 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Winamp
2008-01-08 15:55 --------- d-----w G:\Program Files\MSXML 6.0
2008-01-08 15:53 --------- d-----w G:\Program Files\MSXML 4.0
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2007-06-20 20:50 15360]
"ISUSPM"="G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 22:56 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="G:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-06-20 20:52 208952]
"PHIME2002ASync"="G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-06-20 20:52 455168]
"PHIME2002A"="G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-06-20 20:52 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 08:08 16380416 G:\WINDOWS\RTHDCPL.exe]
"ISUSScheduler"="G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 22:56 86960]
"SNPSTD2"="G:\WINDOWS\vsnpstd2.exe" [2004-01-05 18:34 40960]
"Start WingMan Profiler"="G:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"RivaTunerStartupDaemon"="I:\3d\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 18:05 2650112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\CTFMON.EXE" [2007-06-20 20:50 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2007-06-20 20:49 5376 G:\WINDOWS\system32\antiwpa.dll

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=G:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=G:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 16:51 486856 D:\PROGRAMY\Daemontool\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
I:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-10 22:56 218032 G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-10 22:56 218032 G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 06:36 36864 G:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
G:\Program Files\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 G:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2008-01-04 17:33 684118 D:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
G:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-08 14:51 155648 I:\Quick\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 G:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=G:\WINDOWS\system32\xRaidSetup.exe boot
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"G:\\WINDOWS\\system32\\PnkBstrA.exe"=
"G:\\WINDOWS\\system32\\PnkBstrB.exe"=
"G:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"D:\\CoH\\CoH\\RelicCOH.exe"=
"G:\\Program Files\\ICQ6\\ICQ.exe"=
"G:\\Program Files\\Skype\\Phone\\Skype.exe"=
"J:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"J:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"H:\\GAMES\\COD4\\iw3mp.exe"=
"D:\\Program Files\\SiSoftware Sandra Professional Business XIIc\\Win32\\RpcDataSrv.exe"=
"D:\\Program Files\\SiSoftware Sandra Professional Business XIIc\\RpcSandraSrv.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"J:\\Program Files\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 UxTuneUp;TuneUp Theme Extension;G:\WINDOWS\System32\svchost.exe [2007-06-20 20:54]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;G:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 07:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;G:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 09:49]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;G:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 18:40]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service;G:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-08 17:58]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\PROGRAMY\testy\warezing.net_-_Everest\EVEREST Ultimate Edition\kerneld.wnt [2007-10-17 00:00]
S3 gdrv;gdrv;G:\WINDOWS\gdrv.sys [2008-01-28 22:00]
S3 snpstd2;USB PC Camera (SN9C103);G:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 21:31]
S3 SymIM;Symantec Network Security Intermediate Filter Service;G:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;G:\WINDOWS\system32\DRIVERS\SymIM.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\setup.EXE /AUTORUN
\Shell\configure\command - L:\setup.EXE
\Shell\install\command - L:\setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - N:\MafiaLauncher.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\m.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\Shell\AutoRun\command - P:\m.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 17:19:03 G:\WINDOWS\Tasks\1-Click Maintenance.job"
- G:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 20:28:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: G:\WINDOWS\system32\winlogon.exe
-> G:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
-> G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
-> G:\WINDOWS\system32\klogon.dll

PROCESS: G:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> G:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
-> G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
-> G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
-> G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Completion time: 2008-03-01 20:28:42
.
2008-02-17 14:19:21 --- E O F ---

[BUBINO]

Ahoj hlupak.

Do poznamkoveho bloku skopiruj toto nasledovne :

File::
G:\WINDOWS\imsins.BAK
G:\WINDOWS\go

DirLook::
G:\Documents and Settings\All Users\Application Data\ebtcudat
G:\Program Files\Mingjong

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]

Uloz na plochu ako CFScript.txt . Chyt mysou, presun nad combo a pust ako na obazku dole. Po skene sem hod log, ktory naskoci.

[hlupak]

skopiroval odsud....udelal presne tak, ale! myslim ze ta Mingjong tam porad je...teda je nasel sem to..
no nic novej log.
tak sem to ted smazal rucne

ComboFix 08-03-01 - BOBANEK 2008-03-02 1:28:50.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1396 [GMT 0:00]
Running from: G:\Documents and Settings\BOBANEK\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\BOBANEK\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-01 21:14 . 2007-12-04 13:04 837,496 --a------ G:\WINDOWS\system32\aswBoot.exe
2008-03-01 21:14 . 2004-01-09 09:13 380,928 --a------ G:\WINDOWS\system32\actskin4.ocx
2008-03-01 21:14 . 2007-12-04 12:54 95,608 --a------ G:\WINDOWS\system32\AvastSS.scr
2008-03-01 21:14 . 2007-12-04 14:55 94,544 --a------ G:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-01 21:14 . 2007-12-04 14:56 93,264 --a------ G:\WINDOWS\system32\drivers\aswmon.sys
2008-03-01 21:14 . 2007-12-04 14:51 42,912 --a------ G:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-01 21:14 . 2007-12-04 14:49 26,624 --a------ G:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-01 21:14 . 2007-12-04 14:53 23,152 --a------ G:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-27 13:02 . 2008-02-27 13:02 0 --ah----- G:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-27 13:02 . 2008-02-27 13:02 0 --ah----- G:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-02-24 17:56 . 2008-02-24 22:49 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\DMCache
2008-02-24 17:28 . 2008-02-24 17:28 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\THQ
2008-02-23 17:47 . 2008-02-23 17:47 <DIR> d-------- G:\Program Files\SystemRequirementsLab
2008-02-23 14:25 . 2008-02-23 14:25 32 --a------ G:\WINDOWS\go
2008-02-20 12:30 . 2008-02-20 12:30 <DIR> d-------- G:\Program Files\Logitech
2008-02-20 12:30 . 2008-02-20 12:30 <DIR> d-------- G:\Program Files\Common Files\Logitech
2008-02-20 12:08 . 2008-02-22 19:07 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-02-20 12:03 . 2008-02-20 12:03 <DIR> dr-h----- G:\Documents and Settings\BOBANEK\Application Data\SecuROM
2008-02-19 12:46 . 2008-02-19 12:46 <DIR> d-------- G:\Program Files\Creative
2008-02-19 12:46 . 2002-06-06 14:38 139,264 --a------ G:\WINDOWS\system32\eax.dll
2008-02-16 16:36 . 2002-08-08 04:11 319,488 -ra------ G:\WINDOWS\system32\MafiaSetup.exe
2008-02-16 13:32 . 2008-02-16 13:32 <DIR> d-------- G:\WINDOWS\system32\xlive
2008-02-16 13:15 . 2008-02-16 13:15 <DIR> d-------- G:\Documents and Settings\BOBANEK\Contacts
2008-02-16 12:48 . 2008-02-16 12:54 <DIR> d-------- G:\Program Files\Windows Live
2008-02-16 12:48 . 2008-02-16 12:51 <DIR> d--hsc--- G:\Program Files\Common Files\WindowsLiveInstaller
2008-02-16 12:48 . 2008-02-16 12:48 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-16 12:45 . 2008-02-16 12:45 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\MSNInstaller
2008-02-16 11:53 . 2007-03-05 11:51 360,580 --a------ G:\WINDOWS\eSellerateEngine.dll
2008-02-15 12:46 . 2008-02-15 12:46 <DIR> d--h----- G:\WINDOWS\PIF
2008-02-14 17:10 . 2008-02-14 17:10 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\Codemasters
2008-02-14 12:24 . 2008-02-14 12:24 <DIR> d-------- G:\Program Files\ATI Technologies
2008-02-14 12:24 . 2008-01-22 14:42 593,920 --------- G:\WINDOWS\system32\ati2sgag.exe
2008-02-14 12:06 . 2008-02-15 19:41 <DIR> d-------- G:\WINDOWS\system32\AGEIA
2008-02-14 12:06 . 2008-02-15 19:41 <DIR> d-------- G:\Program Files\AGEIA Technologies
2008-02-13 16:43 . 2008-02-13 16:43 <DIR> d-------- G:\Program Files\Activision Value
2008-02-13 16:23 . 2008-02-13 16:23 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\DAEMON Tools
2008-02-13 16:20 . 2008-02-13 16:20 716,272 --a------ G:\WINDOWS\system32\drivers\sptd.sys
2008-02-13 14:56 . 2008-02-13 14:56 <DIR> d-------- G:\Program Files\Microsoft Silverlight
2008-02-12 12:58 . 2008-02-12 12:58 376 --a------ G:\WINDOWS\ODBC.INI
2008-02-12 12:56 . 2008-02-12 12:56 <DIR> d-------- G:\WINDOWS\ShellNew
2008-02-12 12:56 . 2008-02-12 12:56 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\Microsoft Web Folders
2008-02-10 19:38 . 2008-02-10 19:38 <DIR> d-------- G:\Program Files\OpenAL
2008-02-10 19:38 . 2007-10-12 15:14 3,734,536 --a------ G:\WINDOWS\system32\d3dx9_36.dll
2008-02-10 19:38 . 2007-07-19 18:14 3,727,720 --a------ G:\WINDOWS\system32\d3dx9_35.dll
2008-02-10 19:38 . 2007-10-12 15:14 1,374,232 --a------ G:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-10 19:38 . 2007-07-19 18:14 1,358,192 --a------ G:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-10 19:38 . 2007-10-02 09:56 444,776 --a------ G:\WINDOWS\system32\d3dx10_36.dll
2008-02-10 19:38 . 2007-07-19 18:14 444,776 --a------ G:\WINDOWS\system32\d3dx10_35.dll
2008-02-10 19:38 . 2007-10-22 03:39 267,272 --a------ G:\WINDOWS\system32\xactengine2_10.dll
2008-02-10 19:38 . 2007-07-20 00:57 267,112 --a------ G:\WINDOWS\system32\xactengine2_9.dll
2008-02-09 03:36 . 2008-02-09 03:36 <DIR> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 03:36 . 2007-05-13 12:24 86,683 --a------ G:\WINDOWS\system32\pthreadGC2.dll
2008-02-08 14:52 . 2008-02-08 14:52 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\Apple Computer
2008-02-08 13:43 . 2008-02-08 13:43 <DIR> d-------- G:\Program Files\Common Files\Adobe
2008-02-05 12:11 . 2008-02-25 12:54 <DIR> d-------- G:\Documents and Settings\BOBANEK\Application Data\HLSW
2008-02-02 17:29 . 2008-02-02 17:29 <DIR> d-------- G:\Program Files\Sonic
2008-02-02 17:29 . 2008-02-02 17:29 <DIR> d-------- G:\Program Files\Common Files\Sonic Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 01:29 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Azureus
2008-02-29 20:12 --------- d-----w G:\Program Files\Kaspersky Lab
2008-02-29 17:43 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-02-27 16:01 22,328 ----a-w G:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-27 16:01 107,832 ----a-w G:\WINDOWS\system32\PnkBstrB.exe
2008-02-25 12:56 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Xfire
2008-02-23 16:59 --------- d-----w G:\Program Files\Opera
2008-02-16 12:27 107,888 ----a-w G:\WINDOWS\system32\CmdLineExt.dll
2008-02-15 19:41 --------- d-----w G:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 12:23 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\InstallShield
2008-02-12 12:56 --------- d-----w G:\Program Files\microsoft frontpage
2008-02-10 19:38 409,600 ----a-w G:\WINDOWS\system32\wrap_oal.dll
2008-02-10 19:38 114,688 ----a-w G:\WINDOWS\system32\OpenAL32.dll
2008-02-02 17:29 --------- d-----w G:\Program Files\Common Files\Roxio Shared
2008-02-01 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Ahead
2008-02-01 16:26 --------- d-----w G:\Documents and Settings\All Users\Application Data\Ahead
2008-01-31 02:02 54,608 ----a-w G:\WINDOWS\system32\xfcodec.dll
2008-01-30 13:04 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Skype
2008-01-29 16:42 --------- d-----w G:\Program Files\Xvid
2008-01-29 14:48 32 ----a-w G:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-29 14:48 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\skypePM
2008-01-29 14:46 --------- d-----w G:\Program Files\Skype
2008-01-29 14:46 --------- d-----w G:\Program Files\Common Files\Skype
2008-01-29 14:46 --------- d-----w G:\Documents and Settings\All Users\Application Data\Skype
2008-01-28 22:00 14,656 ----a-w G:\WINDOWS\gdrv.sys
2008-01-28 19:58 --------- d-----w G:\Documents and Settings\NetworkService\Application Data\Xfire
2008-01-28 13:21 --------- d-----w G:\Program Files\Windows Media Components
2008-01-28 13:21 --------- d-----w G:\Program Files\Mingjong
2008-01-28 13:20 --------- d-----w G:\Program Files\Common Files\snpstd2
2008-01-24 14:17 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\atitray
2008-01-24 13:50 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\ATI
2008-01-23 21:14 --------- d-----w G:\Documents and Settings\All Users\Application Data\Sonic
2008-01-23 20:22 --------- d-----w G:\Program Files\Intervideo
2008-01-23 13:56 24,944 ----a-w G:\WINDOWS\system32\drivers\GVTDrv.sys
2008-01-22 21:38 2,845,696 ----a-w G:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w G:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w G:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w G:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w G:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w G:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w G:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w G:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w G:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w G:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w G:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w G:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w G:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w G:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w G:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w G:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w G:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 49,152 ----a-w G:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w G:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w G:\WINDOWS\system32\ati2cqag.dll
2008-01-21 14:33 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\teamspeak2
2008-01-15 21:20 --------- d-----w G:\Program Files\ICQ6
2008-01-12 23:29 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Teleca
2008-01-12 23:09 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Sony Ericsson
2008-01-12 23:08 --------- d-----w G:\Program Files\Common Files\Teleca Shared
2008-01-12 23:08 --------- d-----w G:\Program Files\Common Files\Sony Ericsson Shared
2008-01-12 23:08 --------- d-----w G:\Documents and Settings\All Users\Application Data\Teleca
2008-01-12 23:08 --------- d-----w G:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-12 22:54 --------- d-----w G:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-12 13:42 --------- d-----w G:\Program Files\Sony
2008-01-12 13:42 --------- d-----w G:\Program Files\Common Files\Sony Shared
2008-01-12 13:41 --------- d-----w G:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-01-11 21:46 --------- d--h--w G:\Documents and Settings\All Users\Application Data\ebtcudat
2008-01-11 15:59 --------- d-----w G:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-10 19:15 --------- d-----w G:\Documents and Settings\All Users\Application Data\Azureus
2008-01-10 14:22 66,872 ----a-w G:\WINDOWS\system32\PnkBstrA.exe
2008-01-10 14:01 22,328 ----a-w G:\Documents and Settings\BOBANEK\Application Data\PnkBstrK.sys
2008-01-10 13:55 --------- d-----w G:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-01-10 13:20 --------- d-----w G:\Program Files\Gigabyte
2008-01-10 13:20 --------- d-----w G:\Program Files\Common Files\InstallShield
2008-01-10 13:20 --------- d-----w G:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-09 21:54 --------- d-----w G:\Program Files\Common Files\BitDefender
2008-01-09 21:26 --------- d-----w G:\Program Files\Common Files\Symantec Shared
2008-01-09 21:07 --------- d-----w G:\Documents and Settings\All Users\Application Data\Symantec
2008-01-09 21:01 73,216 ----a-w G:\WINDOWS\ST6UNST.EXE
2008-01-09 21:01 249,856 ------w G:\WINDOWS\Setup1.exe
2008-01-09 21:01 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Symantec
2008-01-09 19:58 --------- d-----w G:\Program Files\MSBuild
2008-01-09 19:56 --------- d-----w G:\Program Files\Reference Assemblies
2008-01-09 18:51 --------- d-----w G:\Program Files\Driver Cleaner Pro
2008-01-09 18:47 --------- d-----w G:\Program Files\CCleaner
2008-01-09 17:18 --------- d-----w G:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-09 13:06 --------- d-----w G:\Program Files\Webteh
2008-01-08 17:58 306,432 ----a-w G:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-08 17:58 --------- d-----w G:\Program Files\TuneUp Utilities 2008
2008-01-08 17:58 --------- d-----w G:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Sony Corporation
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\PC Suite
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Nokia Multimedia Player
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Nokia
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\MailFrontier
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Ideazon
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\ICQ
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\DivX
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\BSplayer PRO
2008-01-08 16:26 --------- d-----w G:\Documents and Settings\BOBANEK\Application Data\Acoustica
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2007-06-20 20:50 15360]
"ISUSPM"="G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 22:56 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="G:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-06-20 20:52 208952]
"PHIME2002ASync"="G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-06-20 20:52 455168]
"PHIME2002A"="G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-06-20 20:52 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 08:08 16380416 G:\WINDOWS\RTHDCPL.exe]
"ISUSScheduler"="G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 22:56 86960]
"SNPSTD2"="G:\WINDOWS\vsnpstd2.exe" [2004-01-05 18:34 40960]
"Start WingMan Profiler"="G:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"RivaTunerStartupDaemon"="I:\3d\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 18:05 2650112]
"ZoneAlarm Client"="D:\PROGRAMY\ZoneAlarm.7.0.462.000.Inc.Keygen\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"avast!"="D:\PROGRAMY\avast\ashDisp.exe" [2007-12-04 13:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\CTFMON.EXE" [2007-06-20 20:50 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2007-06-20 20:49 5376 G:\WINDOWS\system32\antiwpa.dll

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=G:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=G:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 16:51 486856 D:\PROGRAMY\Daemontool\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
I:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-10 22:56 218032 G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-10 22:56 218032 G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 06:36 36864 G:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
G:\Program Files\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 G:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2008-01-04 17:33 684118 D:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
G:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-08 14:51 155648 I:\Quick\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 G:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=G:\WINDOWS\system32\xRaidSetup.exe boot
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"G:\\WINDOWS\\system32\\PnkBstrA.exe"=
"G:\\WINDOWS\\system32\\PnkBstrB.exe"=
"G:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"D:\\CoH\\CoH\\RelicCOH.exe"=
"G:\\Program Files\\ICQ6\\ICQ.exe"=
"G:\\Program Files\\Skype\\Phone\\Skype.exe"=
"J:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"J:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"H:\\GAMES\\COD4\\iw3mp.exe"=
"D:\\Program Files\\SiSoftware Sandra Professional Business XIIc\\Win32\\RpcDataSrv.exe"=
"D:\\Program Files\\SiSoftware Sandra Professional Business XIIc\\RpcSandraSrv.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"J:\\Program Files\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 UxTuneUp;TuneUp Theme Extension;G:\WINDOWS\System32\svchost.exe [2007-06-20 20:54]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;G:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 07:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;G:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 09:49]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;G:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 18:40]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\PROGRAMY\testy\warezing.net_-_Everest\EVEREST Ultimate Edition\kerneld.wnt [2007-10-17 00:00]
S3 gdrv;gdrv;G:\WINDOWS\gdrv.sys [2008-01-28 22:00]
S3 snpstd2;USB PC Camera (SN9C103);G:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 21:31]
S3 SymIM;Symantec Network Security Intermediate Filter Service;G:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;G:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;G:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-08 17:58]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\setup.EXE /AUTORUN
\Shell\configure\command - L:\setup.EXE
\Shell\install\command - L:\setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - N:\MafiaLauncher.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\m.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\Shell\AutoRun\command - P:\m.exe

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 17:19:03 G:\WINDOWS\Tasks\1-Click Maintenance.job"
- G:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 01:29:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-02 1:29:46
ComboFix2.txt 2008-03-02 01:25:43
ComboFix3.txt 2008-03-02 01:21:40
ComboFix4.txt 2008-03-01 20:28:42
.
2008-02-17 14:19:21 --- E O F ---

[Baron Prášil]

G:\WINDOWS\system32\antiwpa.dll
http://mirrors.castlecops.com/o20list-460.html
doporučuju legální systém,hlupak