prosím o kontrolu logu-problem s procesorem

Sawik · Příspěvekod **Sawik** » 12 črc 2009 20:55

Zkouišel jsem tu hru a pořád stejný :( a procák 1.05 :(
Takže stejný jak předtím,skusím ještě dneska přes noc do rána nechat Spyware Terminator a Nod

Reklama

Sawik · Příspěvekod **Sawik** » 12 črc 2009 21:03

Procesor pořád 1.05 a hra pořád stejná :((

Damned · Příspěvekod **Damned** » 12 črc 2009 21:49

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
*****************************************************************************************************************************************
Stáhni si KillBox ulož si ho na Plochu. Spusť ho a do řádku zkopíruj: C:\sccfg.sys

Zaškrtni "Delete on Reboot" a stiskni bílej kříž v červeným poli. Počítač se restartuje.
*****************************************************************************************************************************************
Po restartu:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\d3d9caps.dat
c:\windows\Tasks\WGASetup.job
c:\windows\system32\KB905474\wgasetup.exe
C:\sccfg.sys

Driver::
sccfg.sys
sccfg

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Sawik · Příspěvekod **Sawik** » 13 črc 2009 11:50

Hej projel sem to ete Nodem a Terminatorem,našlo to par viru,tak sem je maznul,ale furt stejne :-/ :mad:

Sawik · Příspěvekod **Sawik** » 13 črc 2009 12:02

OK už jdu na to ¨xD nevšiml jsem si druhé stranky ve foru :X

Sawik · Příspěvekod **Sawik** » 13 črc 2009 12:29

CombofiX:
ComboFix 09-07-12.03 - PC 13.07.2009 11:56.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1433 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"C:\sccfg.sys"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\KB905474\wgasetup.exe"
"c:\windows\Tasks\WGASetup.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\d3d9caps.dat
c:\windows\system32\KB905474\wgasetup.exe
c:\windows\Tasks\WGASetup.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-13 do 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 09:46 . 2009-07-13 09:46 -------- d-----w- C:\!KillBox
2009-07-11 16:52 . 2009-07-11 16:52 -------- d-----w- c:\program files\Trend Micro
2009-07-11 10:38 . 2009-07-11 10:38 -------- d-----w- C:\ATI
2009-07-10 20:58 . 2009-07-10 20:58 -------- d-----w- c:\program files\Moyea
2009-07-05 20:56 . 2009-07-05 20:56 -------- d-----w- c:\program files\Tencent
2009-07-05 20:52 . 2009-07-05 20:52 -------- d-----w- c:\program files\Viewpoint
2009-07-05 20:51 . 2009-07-07 10:55 -------- d-----w- c:\program files\Common Files\AOL
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\program files\QIP
2009-07-05 11:16 . 2009-07-05 11:16 -------- d-----w- c:\program files\Defraggler
2009-07-04 16:59 . 2009-07-11 12:24 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-07-03 09:13 . 2009-07-03 09:13 -------- d-----w- c:\program files\TeamViewer
2009-07-03 09:12 . 2009-07-03 09:12 -------- d-----w- c:\documents and settings\PC\temp
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-28 19:14 . 2009-06-28 19:24 -------- d-----w- c:\program files\ICQ6.5
2009-06-28 13:07 . 2009-06-28 13:07 -------- d-----w- c:\program files\Miranda IM
2009-06-28 12:29 . 2009-06-28 19:22 -------- d-----w- c:\program files\ICQ6
2009-06-28 10:28 . 2009-06-28 10:28 -------- d-----w- c:\program files\hotkey
2009-06-28 10:23 . 2006-07-12 02:48 17408 ----a-w- c:\windows\system32\drivers\gMouPS2.sys
2009-06-28 10:21 . 2009-06-28 10:21 -------- d-----w- C:\Genius
2009-06-25 18:27 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-25 18:27 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-25 18:26 . 2009-06-25 18:26 -------- d-----w- c:\program files\iPod
2009-06-25 18:26 . 2009-06-25 18:27 -------- d-----w- c:\program files\iTunes
2009-06-25 18:25 . 2009-06-25 18:25 -------- d-----w- c:\program files\Bonjour
2009-06-25 18:14 . 2009-06-25 18:15 -------- d-----w- c:\program files\QuickTime
2009-06-23 20:01 . 2009-06-23 20:01 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-22 15:23 . 2009-06-22 15:23 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-22 15:22 . 2009-06-22 15:22 -------- d-----w- c:\program files\Real
2009-06-22 15:22 . 2009-06-22 15:22 -------- d-----w- c:\program files\Common Files\Real
2009-06-20 11:18 . 2009-06-20 11:18 -------- d-----w- c:\program files\Metin2_CZ
2009-06-16 17:36 . 2009-07-13 09:48 -------- d-----w- c:\program files\Steam
2009-06-15 10:35 . 2009-06-15 10:36 -------- d-----w- c:\program files\VentriloMIX
2009-06-15 10:25 . 2009-06-15 10:25 -------- d-----w- c:\program files\VentSrv
2009-06-14 21:22 . 2009-06-14 21:22 -------- d-----w- c:\program files\PhotoDreamr

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 09:37 . 2007-10-08 13:40 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-13 09:37 . 2007-09-18 14:23 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-12 20:47 . 2008-09-04 15:43 -------- d-----w- c:\program files\Spyware Terminator
2009-07-11 19:57 . 2009-02-08 21:30 -------- d-----w- c:\program files\PokerStars
2009-07-11 17:40 . 2008-12-20 10:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 20:57 . 2008-10-15 19:02 -------- d-----w- c:\program files\WM Converter
2009-07-09 09:40 . 2008-11-08 18:24 -------- d-s---w- c:\program files\Xfire
2009-06-30 10:21 . 2008-12-23 10:16 -------- d-----w- c:\program files\SweetIM
2009-06-29 18:36 . 2007-09-17 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 18:50 . 2007-10-06 22:35 -------- d-----w- c:\program files\BitComet
2009-06-26 18:39 . 2009-05-31 19:09 -------- d-----w- c:\program files\Valve
2009-06-25 18:26 . 2008-04-22 15:57 -------- d-----w- c:\program files\Common Files\Apple
2009-06-23 20:01 . 2008-03-28 18:08 -------- d-----w- c:\program files\DivX
2009-06-22 15:22 . 2003-03-17 21:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-19 20:32 . 2008-10-03 20:45 -------- d-s---w- c:\program files\HLSW
2009-06-18 21:10 . 2008-08-12 17:29 -------- d-----w- c:\program files\mIRC
2009-06-17 09:27 . 2008-12-20 10:12 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-12-20 10:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 11:53 . 2007-09-17 10:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-15 10:36 . 2009-05-08 22:28 -------- d-----w- c:\program files\Ventrilo
2009-06-15 10:36 . 2008-01-04 16:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-12 16:20 . 2007-09-17 09:30 -------- d-----w- c:\program files\Lavalys
2009-06-12 13:20 . 2008-06-17 15:16 -------- d-----w- c:\program files\Electronic Arts
2009-06-11 22:09 . 2009-06-11 22:09 -------- d-----w- c:\program files\PC Info
2009-06-10 13:31 . 2007-09-27 12:23 -------- d-----w- c:\program files\GamePark
2009-06-09 21:43 . 2008-04-26 08:06 -------- d-----w- c:\program files\SiSoftware
2009-06-09 14:50 . 2009-06-09 13:47 -------- d-----w- c:\program files\Disney Interactive Studios
2009-06-09 13:47 . 2009-06-08 21:26 -------- d-----w- c:\program files\RegCleaner
2009-06-09 13:47 . 2009-06-09 13:47 -------- d-----w- c:\program files\Common Files\Skype
2009-06-09 13:47 . 2007-09-17 16:18 -------- d-----w- c:\program files\Skype
2009-06-08 21:30 . 2009-06-08 21:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-08 09:58 . 2008-08-01 16:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-07 21:46 . 2009-06-07 21:37 -------- d-----w- c:\program files\Cool CENZURA
2009-05-29 13:59 . 2009-05-29 13:59 -------- d-----w- c:\program files\Aspyr Media, Inc
2009-05-26 20:23 . 2007-10-06 22:36 -------- d-----w- c:\program files\Google
2009-05-24 15:34 . 2009-05-24 15:34 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-24 15:34 . 2009-05-24 15:34 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-24 15:34 . 2009-05-24 15:34 -------- d-----w- c:\program files\OpenAL
2009-05-24 15:34 . 2009-05-24 15:34 -------- d-----w- c:\program files\Livestation
2009-05-21 12:15 . 2009-05-21 12:15 -------- d-----w- c:\program files\Velvetmatter
2009-05-16 15:12 . 2009-05-15 22:11 -------- d-----w- c:\program files\Garena
2009-05-06 13:47 . 2004-08-18 12:00 78060 ----a-w- c:\windows\system32\perfc005.dat
2009-05-06 13:47 . 2004-08-18 12:00 412618 ----a-w- c:\windows\system32\perfh005.dat
2009-05-01 11:24 . 2009-05-01 11:24 30464 ----a-w- c:\program files\XFire1101CZ.rar
2008-11-27 16:22 . 2009-05-01 11:24 139600 ----a-w- c:\program files\xfire_lang_cz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-12_08.45.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 09:49 . 2009-07-13 09:49 16384 c:\windows\Temp\Perflib_Perfdata_d70.dat
+ 2009-07-13 09:49 . 2009-07-13 09:49 16384 c:\windows\Temp\Perflib_Perfdata_c80.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-02 133104]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2009-03-30 2027520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-26 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-16 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-08 1783808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"HotKey"="c:\program files\HotKey\hotkey.exe" [2008-03-06 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]

c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-29 625952]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-4-18 534016]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\PC\\Dokumenty\\StrongDC.exe"=
"d:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"d:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX_dx10.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\RpcSandraSrv.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"d:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"d:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21312:TCP"= 21312:TCP:*:Disabled:aaa
"27618:TCP"= 27618:TCP:BitComet 27618 TCP
"27618:UDP"= 27618:UDP:BitComet 27618 UDP
"9809:TCP"= 9809:TCP:BitComet 9809 TCP
"9809:UDP"= 9809:UDP:BitComet 9809 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [13.9.2007 10:48 77312]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.6.2008 19:56 34312]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [6.5.2008 19:03 11776]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.9.2008 17:43 141312]
R2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29.9.2003 8:30 110592]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 19:53 468224]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [30.12.2007 19:11 9728]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25.6.2009 9:22 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5.7.2009 22:52 24652]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [28.6.2009 12:23 17408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 16:21 30720]
.
Obsah adresáře 'Naplánované úlohy'

2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{1A97B1E1-ADC6-496D-A5D3-4912F730985C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
LSP: xfire_lsp_9028.dll
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\v1ulvikv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... -us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... -us&query=
FF - component: c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\v1ulvikv.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 12:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

C:\sccfg.sys 20 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1960408961-412668190-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,a9,d3,fe,fb,10,50,54,a6,e6,20,1b,0b,16,4d,19,ef,42,4b,69,a1,80,f4,
53,a2,4b,87,7b,9a,f2,34,43,4c,02,d0,14,02,07,37,19,08,a4,d7,87,46,15,97,60,\
"??"=hex:6e,b9,a4,6b,ab,9d,63,2f,a3,2b,9b,27,1d,dd,69,4e

[HKEY_USERS\S-1-5-21-1960408961-412668190-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,2d,64,f7,fb,94,16,01,6f,12,32,98,1d,22,84,62,b3,92,db,24,90,
72,7a,8e,3b,36,2d,23,67,66,c7,54,ae,74,67,e0,6d,f4,a5,a5,2b,a4,27,49,4d,4a,\
"rkeysecu"=hex:fd,b2,2a,6e,4d,9d,14,e9,6d,ca,26,27,9a,d1,aa,18
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\xfire_lsp_9028.dll
.
Celkový čas: 2009-07-13 12:05
ComboFix-quarantined-files.txt 2009-07-13 10:04
ComboFix2.txt 2009-07-12 18:30
ComboFix3.txt 2009-07-12 08:49

Před spuštěním: 3 545 288 704
Po spuštění: 3 518 181 376

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
283 --- E O F --- 2009-05-07 22:39

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:30, on 13.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HotKey\hotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{4064728C-D16E-42EA-AD85-BC11AECC6DA8}: NameServer = 81.200.48.11,81.200.48.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{4064728C-D16E-42EA-AD85-BC11AECC6DA8}: NameServer = 81.200.48.11,81.200.48.12
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{4064728C-D16E-42EA-AD85-BC11AECC6DA8}: NameServer = 81.200.48.11,81.200.48.12
O17 - HKLM\System\CS4\Services\Tcpip\..\{4064728C-D16E-42EA-AD85-BC11AECC6DA8}: NameServer = 81.200.48.11,81.200.48.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12442 bytes

Sawik · Příspěvekod **Sawik** » 13 črc 2009 12:30

PC porád stejné :(

Damned · Příspěvekod **Damned** » 13 črc 2009 14:19

Odstraníme nejdřív šmejdy, pak se ti někdo mrkne na ten procesor.

Odinstaluj si Viewpoint .
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\ezsidmv.dat

DirLook::
c:\documents and settings\PC\temp

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21312:TCP"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Sawik · Příspěvekod **Sawik** » 13 črc 2009 20:41

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:17, on 13.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HotKey\hotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [HotKey] C:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{4064728C-D16E-42EA-AD85-BC11AECC6DA8}: NameServer = 81.200.48.11,81.200.48.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{4064728C-D16E-42EA-AD85-BC11AECC6DA8}: NameServer = 81.200.48.11,81.200.48.12
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{4064728C-D16E-42EA-AD85-BC11AECC6DA8}: NameServer = 81.200.48.11,81.200.48.12
O17 - HKLM\System\CS4\Services\Tcpip\..\{4064728C-D16E-42EA-AD85-BC11AECC6DA8}: NameServer = 81.200.48.11,81.200.48.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 12263 bytes

Combofix:
ComboFix 09-07-12.03 - PC 13.07.2009 19:09.4.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1473 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-13 do 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 17:02 . 2009-07-13 17:02 -------- d-----w- c:\windows\LastGood
2009-07-13 10:39 . 2009-07-13 10:39 -------- d-----w- c:\program files\PokerStove
2009-07-13 09:46 . 2009-07-13 09:46 -------- d-----w- C:\!KillBox
2009-07-11 16:52 . 2009-07-11 16:52 -------- d-----w- c:\program files\Trend Micro
2009-07-11 10:38 . 2009-07-11 10:38 -------- d-----w- C:\ATI
2009-07-10 20:58 . 2009-07-10 20:58 -------- d-----w- c:\program files\Moyea
2009-07-05 20:56 . 2009-07-05 20:56 -------- d-----w- c:\program files\Tencent
2009-07-05 20:51 . 2009-07-07 10:55 -------- d-----w- c:\program files\Common Files\AOL
2009-07-05 14:41 . 2009-07-05 14:41 -------- d-----w- c:\program files\QIP
2009-07-05 11:16 . 2009-07-05 11:16 -------- d-----w- c:\program files\Defraggler
2009-07-04 16:59 . 2009-07-11 12:24 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-07-03 09:13 . 2009-07-03 09:13 -------- d-----w- c:\program files\TeamViewer
2009-07-03 09:12 . 2009-07-03 09:12 -------- d-----w- c:\documents and settings\PC\temp
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-28 19:14 . 2009-06-28 19:24 -------- d-----w- c:\program files\ICQ6.5
2009-06-28 13:07 . 2009-06-28 13:07 -------- d-----w- c:\program files\Miranda IM
2009-06-28 12:29 . 2009-06-28 19:22 -------- d-----w- c:\program files\ICQ6
2009-06-28 10:28 . 2009-06-28 10:28 -------- d-----w- c:\program files\hotkey
2009-06-28 10:23 . 2006-07-12 02:48 17408 ----a-w- c:\windows\system32\drivers\gMouPS2.sys
2009-06-28 10:21 . 2009-06-28 10:21 -------- d-----w- C:\Genius
2009-06-25 18:27 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-25 18:27 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-25 18:26 . 2009-06-25 18:26 -------- d-----w- c:\program files\iPod
2009-06-25 18:26 . 2009-06-25 18:27 -------- d-----w- c:\program files\iTunes
2009-06-25 18:25 . 2009-06-25 18:25 -------- d-----w- c:\program files\Bonjour
2009-06-25 18:14 . 2009-06-25 18:15 -------- d-----w- c:\program files\QuickTime
2009-06-23 20:01 . 2009-06-23 20:01 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-22 15:23 . 2009-06-22 15:23 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-22 15:22 . 2009-06-22 15:22 -------- d-----w- c:\program files\Real
2009-06-22 15:22 . 2009-06-22 15:22 -------- d-----w- c:\program files\Common Files\Real
2009-06-20 11:18 . 2009-06-20 11:18 -------- d-----w- c:\program files\Metin2_CZ
2009-06-16 17:36 . 2009-07-13 16:44 -------- d-----w- c:\program files\Steam
2009-06-15 10:35 . 2009-06-15 10:36 -------- d-----w- c:\program files\VentriloMIX
2009-06-15 10:25 . 2009-06-15 10:25 -------- d-----w- c:\program files\VentSrv
2009-06-14 21:22 . 2009-06-14 21:22 -------- d-----w- c:\program files\PhotoDreamr

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 10:38 . 2009-02-08 21:30 -------- d-----w- c:\program files\PokerStars
2009-07-13 09:37 . 2007-10-08 13:40 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-13 09:37 . 2007-09-18 14:23 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-12 20:47 . 2008-09-04 15:43 -------- d-----w- c:\program files\Spyware Terminator
2009-07-11 17:40 . 2008-12-20 10:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 20:57 . 2008-10-15 19:02 -------- d-----w- c:\program files\WM Converter
2009-07-09 09:40 . 2008-11-08 18:24 -------- d-s---w- c:\program files\Xfire
2009-06-30 10:21 . 2008-12-23 10:16 -------- d-----w- c:\program files\SweetIM
2009-06-29 18:36 . 2007-09-17 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 18:50 . 2007-10-06 22:35 -------- d-----w- c:\program files\BitComet
2009-06-26 18:39 . 2009-05-31 19:09 -------- d-----w- c:\program files\Valve
2009-06-25 18:26 . 2008-04-22 15:57 -------- d-----w- c:\program files\Common Files\Apple
2009-06-23 20:01 . 2008-03-28 18:08 -------- d-----w- c:\program files\DivX
2009-06-22 15:22 . 2003-03-17 21:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-19 20:32 . 2008-10-03 20:45 -------- d-s---w- c:\program files\HLSW
2009-06-18 21:10 . 2008-08-12 17:29 -------- d-----w- c:\program files\mIRC
2009-06-17 09:27 . 2008-12-20 10:12 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-12-20 10:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 11:53 . 2007-09-17 10:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-15 10:36 . 2009-05-08 22:28 -------- d-----w- c:\program files\Ventrilo
2009-06-15 10:36 . 2008-01-04 16:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-12 16:20 . 2007-09-17 09:30 -------- d-----w- c:\program files\Lavalys
2009-06-12 13:20 . 2008-06-17 15:16 -------- d-----w- c:\program files\Electronic Arts
2009-06-11 22:09 . 2009-06-11 22:09 -------- d-----w- c:\program files\PC Info
2009-06-10 13:31 . 2007-09-27 12:23 -------- d-----w- c:\program files\GamePark
2009-06-09 21:43 . 2008-04-26 08:06 -------- d-----w- c:\program files\SiSoftware
2009-06-09 14:50 . 2009-06-09 13:47 -------- d-----w- c:\program files\Disney Interactive Studios
2009-06-09 13:47 . 2009-06-08 21:26 -------- d-----w- c:\program files\RegCleaner
2009-06-09 13:47 . 2009-06-09 13:47 -------- d-----w- c:\program files\Common Files\Skype
2009-06-09 13:47 . 2007-09-17 16:18 -------- d-----w- c:\program files\Skype
2009-06-08 09:58 . 2008-08-01 16:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-07 21:46 . 2009-06-07 21:37 -------- d-----w- c:\program files\Cool CENZURA
2009-05-29 13:59 . 2009-05-29 13:59 -------- d-----w- c:\program files\Aspyr Media, Inc
2009-05-26 20:23 . 2007-10-06 22:36 -------- d-----w- c:\program files\Google
2009-05-24 15:34 . 2009-05-24 15:34 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-24 15:34 . 2009-05-24 15:34 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-24 15:34 . 2009-05-24 15:34 -------- d-----w- c:\program files\OpenAL
2009-05-24 15:34 . 2009-05-24 15:34 -------- d-----w- c:\program files\Livestation
2009-05-21 12:15 . 2009-05-21 12:15 -------- d-----w- c:\program files\Velvetmatter
2009-05-16 15:12 . 2009-05-15 22:11 -------- d-----w- c:\program files\Garena
2009-05-06 13:47 . 2004-08-18 12:00 78060 ----a-w- c:\windows\system32\perfc005.dat
2009-05-06 13:47 . 2004-08-18 12:00 412618 ----a-w- c:\windows\system32\perfh005.dat
2009-05-01 11:24 . 2009-05-01 11:24 30464 ----a-w- c:\program files\XFire1101CZ.rar
2008-11-27 16:22 . 2009-05-01 11:24 139600 ----a-w- c:\program files\xfire_lang_cz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\PC\temp ----

2009-06-25 07:38 . 2009-06-25 07:38 2034504 ----a-w- c:\documents and settings\PC\temp\TeamViewer\Version4\TeamViewer_.exe

((((((((((((((((((((((((((((( SnapShot@2009-07-12_08.45.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 16:45 . 2009-07-13 16:45 16384 c:\windows\Temp\Perflib_Perfdata_d74.dat
+ 2009-07-13 16:45 . 2009-07-13 16:45 16384 c:\windows\Temp\Perflib_Perfdata_c38.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-02 133104]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2009-03-30 2027520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-26 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-16 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-08 1783808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"HotKey"="c:\program files\HotKey\hotkey.exe" [2008-03-06 86016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]

c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-29 625952]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-4-18 534016]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\PC\\Dokumenty\\StrongDC.exe"=
"d:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"d:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX_dx10.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\RpcSandraSrv.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"d:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"d:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27618:TCP"= 27618:TCP:BitComet 27618 TCP
"27618:UDP"= 27618:UDP:BitComet 27618 UDP
"9809:TCP"= 9809:TCP:BitComet 9809 TCP
"9809:UDP"= 9809:UDP:BitComet 9809 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [13.9.2007 10:48 77312]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.6.2008 19:56 34312]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [6.5.2008 19:03 11776]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.9.2008 17:43 141312]
R2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29.9.2003 8:30 110592]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 19:53 468224]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [30.12.2007 19:11 9728]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25.6.2009 9:22 185640]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [28.6.2009 12:23 17408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 16:21 30720]
.
Obsah adresáře 'Naplánované úlohy'

2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{1A97B1E1-ADC6-496D-A5D3-4912F730985C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
LSP: xfire_lsp_9028.dll
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\v1ulvikv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?inv ... -us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... -us&query=
FF - component: c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\v1ulvikv.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 19:15
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

C:\sccfg.sys 20 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1960408961-412668190-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,a9,d3,fe,fb,10,50,54,a6,e6,20,1b,0b,16,4d,19,ef,42,4b,69,a1,80,f4,
53,a2,4b,87,7b,9a,f2,34,43,4c,02,d0,14,02,07,37,19,08,a4,d7,87,46,15,97,60,\
"??"=hex:6e,b9,a4,6b,ab,9d,63,2f,a3,2b,9b,27,1d,dd,69,4e

[HKEY_USERS\S-1-5-21-1960408961-412668190-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,2d,64,f7,fb,94,16,01,6f,12,32,98,1d,22,84,62,b3,92,db,24,90,
72,7a,8e,3b,36,2d,23,67,66,c7,54,ae,74,67,e0,6d,f4,a5,a5,2b,a4,27,49,4d,4a,\
"rkeysecu"=hex:fd,b2,2a,6e,4d,9d,14,e9,6d,ca,26,27,9a,d1,aa,18
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\xfire_lsp_9028.dll
.
Celkový čas: 2009-07-13 19:18
ComboFix-quarantined-files.txt 2009-07-13 17:18
ComboFix2.txt 2009-07-13 10:05
ComboFix3.txt 2009-07-12 18:30
ComboFix4.txt 2009-07-12 08:49

Před spuštěním: 3 445 649 408
Po spuštění: 3 418 345 472

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
279 --- E O F --- 2009-05-07 22:39

btW.: pc se chová stejně

Damned · Příspěvekod **Damned** » 13 črc 2009 21:26

Tak, počítač máš bez parazitů. Z mého pohledu je to čistý.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pokračuj s tím procesorem v tom druhým topicu.
Tento označ topic za vyřešený (zelená fajfka) a měj se. Kdyby si měl problémy, tak se zastav :bigups:

Sawik · Příspěvekod **Sawik** » 13 črc 2009 21:43

OK...
Dik,snad nak pořeším procák a tu hruu... zatím

prosím o kontrolu logu-problem s procesorem Vyřešeno

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem

Re: prosím o kontrolu logu-problem s procesorem Vyřešeno

Re: prosím o kontrolu logu-problem s procesorem

Kdo je online