Zpomalené PC a dlouhé zapínaní

[MistiG]

Prosím o kontrolu. Už asi týden jede PC pomalu, a zapínání trvá víc jak 5 minut. Nezaznamenal jsem výrazné vytížení CPU. Nejvíc trvá spouštění programů.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:54, on 6.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Corel File Shell Monitor] D:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.cz/s/v/52.07/uploader2.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca018ba80d3440) (gupdate1ca018ba80d3440) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 11413 bytes

[Reklama]

[pitimir]

Nazdar. Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

[MistiG]

Potvrdil jsem vytvoreni konzole pro zotaveni. Behem skenu najela chybova hlaska ktera se mi zobrazuje pri spusteni PC a program na bluetooth. Tyto 2 veci jsem zavrel, pak uz jsem nic nemackal. Snad jsem neudelal nic spatne. Tady je vysledek.

ComboFix 09-09-05.03 - User 06.09.2009 17:23.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2768 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\drivers
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SeARchsettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.3.0.4160\adwpx.exe
c:\program files\Internet Saving Optimizer\3.3.0.4160\Data\config.md
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.3.0.4160\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\unins000.dat
c:\program files\Internet Saving Optimizer\3.3.0.4160\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.3.0.790\FF\chrome.manifest
c:\program files\Media Access Startup\1.3.0.790\HPCommon.dll
c:\program files\Media Access Startup\1.3.0.790\hppx.exe
c:\program files\Media Access Startup\1.3.0.790\MAHelper.exe
c:\program files\Media Access Startup\1.3.0.790\unins000.exe
c:\windows\Installer\22f99ff.msi
c:\windows\system32\AVSredirect.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\tmp30.tmp
c:\windows\system32\tmp66.tmp
c:\windows\system32\tmp67.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-06 do 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-04 21:59 . 2009-09-04 21:59 -------- d-----w- c:\program files\Mp3tag
2009-09-04 17:38 . 2009-09-04 17:38 -------- d-----w- c:\program files\Common Files\Skype
2009-09-03 20:33 . 2009-09-03 20:33 -------- d-----w- c:\program files\Fighters
2009-09-03 11:50 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-03 11:50 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-03 11:50 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-03 11:50 . 2009-09-03 11:50 -------- d-----w- c:\program files\Avira
2009-09-02 20:30 . 2009-09-02 20:30 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-01 14:25 . 2009-09-01 14:25 -------- d-----w- c:\program files\Tinynice Software
2009-09-01 12:53 . 2009-09-02 20:24 -------- d-----w- c:\windows\system32\oodag
2009-09-01 10:41 . 2009-09-01 10:41 -------- d-----w- c:\program files\OO Software
2009-08-29 17:49 . 2009-08-29 17:49 -------- d-----w- c:\windows\Downloaded Installations
2009-08-29 16:07 . 2009-08-29 20:03 -------- d-----w- c:\program files\BSplayer
2009-08-28 21:30 . 2009-09-02 21:03 -------- d-----w- c:\program files\ElcomSoft
2009-08-28 11:20 . 2009-08-28 11:21 -------- d-----w- c:\program files\GCH Guitar academy
2009-08-27 17:46 . 2009-08-27 17:46 -------- d-----w- c:\program files\Pinnacle
2009-08-27 17:46 . 2002-03-19 07:29 14165 ------w- c:\windows\system32\drivers\Pclepci.sys
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- C:\Logs
2009-08-13 19:31 . 2009-09-04 20:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-12 23:18 . 2009-08-12 23:18 -------- d-----w- c:\program files\QIP
2009-08-10 20:36 . 2009-08-10 20:41 -------- d-----w- c:\program files\3D-Fahrschule
2009-08-07 22:18 . 2009-08-07 22:18 36572 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-07 19:23 . 2009-08-27 20:39 -------- d-----w- c:\program files\Any Video Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 14:31 . 2009-07-02 13:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-04 18:25 . 2008-10-02 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 18:03 . 2009-03-27 21:02 -------- d-----w- c:\program files\FlatOut2
2009-09-04 17:38 . 2009-06-12 13:24 -------- d-----r- c:\program files\Skype
2009-09-03 20:31 . 2009-03-26 18:45 -------- d-----w- c:\program files\Valve
2009-09-02 20:58 . 2008-10-05 17:23 -------- d-----w- c:\program files\Aspyr
2009-08-31 11:15 . 2008-10-04 09:29 -------- d-----w- c:\program files\Activision
2009-08-29 09:43 . 2008-10-07 14:43 6318 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-21 12:30 . 2009-05-03 06:29 9 ----a-w- c:\windows\im32st.dat
2009-08-02 20:08 . 2009-08-02 20:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-31 20:59 . 2009-07-31 20:59 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-30 15:53 . 2009-07-30 15:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-28 14:33 . 2009-06-16 18:10 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-25 20:03 . 2009-07-25 20:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-23 14:34 . 2001-10-25 12:00 83680 ----a-w- c:\windows\system32\perfc005.dat
2009-07-23 14:34 . 2001-10-25 12:00 441192 ----a-w- c:\windows\system32\perfh005.dat
2009-07-23 12:49 . 2008-10-05 19:14 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-23 12:38 . 2008-10-05 19:14 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 13:12 . 2008-10-04 13:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 22:34 . 2009-02-22 17:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-14 18:11 . 2009-07-14 18:09 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:10 . 2009-06-12 13:10 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-14 18:09 . 2009-06-12 13:09 -------- d-----w- c:\program files\ICQ6
2009-07-12 19:41 . 2009-07-11 17:54 -------- d-----w- c:\program files\Digital Guitar Tuner 2.3
2009-07-11 15:36 . 2009-07-11 15:35 -------- d-----w- c:\program files\QuickTime
2009-07-11 14:45 . 2009-07-11 14:45 -------- d-----w- c:\program files\Audio Phonics, Inc
2009-07-10 19:31 . 2009-06-12 12:30 -------- d-----w- c:\program files\Google
2009-07-08 15:53 . 2008-10-05 19:03 -------- d-----w- c:\program files\Electronic Arts
2009-07-08 15:52 . 2009-02-01 11:07 9058 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-05 19:59 . 2009-06-30 17:04 0 ----a-w- c:\windows\system32\drivers\5d0b447c.sys
2009-07-02 15:54 . 2008-10-05 19:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-22 21:02 . 2008-10-03 20:04 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-15 19:17 . 2009-02-08 14:09 92661 ----a-w- c:\windows\War3Unin.dat
2009-06-15 16:13 . 2009-06-14 12:15 34 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2009-06-14 14:50 . 2009-06-14 14:50 0 ----a-w- c:\windows\nsreg.dat
2009-06-14 12:09 . 2009-06-14 12:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 13:31 . 2009-06-12 13:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-03-25 19:35 . 2008-10-07 14:43 168 --sh--r- c:\windows\system32\DA2D9F163B.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-06-12 306088]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-03-24 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-09 57344]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-26 1114112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-03-24 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-10-4 1183744]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Nabídka Start^Programy^Po spuštění^userinit.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\EA Games\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Soothsayer\\Soothsayer.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\WINDOWS\\system32\\freecell.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Warcraft III\\War3.exe"=
"d:\\ZALOHA_80GB\\PPK_CD\\hry\\MiniRacer\\engine.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Strong DC++\\rc10\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [24.11.2008 20:44 9344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3.9.2009 13:50 108289]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [24.11.2008 20:44 449280]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.6.2009 15:10 222456]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [25.10.2001 14:00 14336]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [8.12.2008 21:48 2208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3.6.2009 14:46 92008]
S1 5d0b447c;5d0b447c;c:\windows\system32\drivers\5d0b447c.sys [30.6.2009 19:04 0]
S2 gupdate1ca018ba80d3440;Služba Google Update (gupdate1ca018ba80d3440);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2009 20:24 133104]
S3 crystalsysinfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp --> c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp [?]
S3 PhTVTune;MuchTV Plus TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2.10.2008 11:22 23808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-12 18:23]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 18:24]

2009-09-06 c:\windows\Tasks\SLOW-PCfighter.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-07-23 08:52]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-GEST - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/portal/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 17:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-1592454029-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:9b,79,65,01,4d,44,0b,3a,0d,f4,3f,05,fc,57,ef,66,bc,4c,83,f2,c8,
0c,fc,28,a0,af,c2,f2,4a,3d,87,ff,57,4f,92,fd,48,03,5d,1f,6e,c6,fd,17,6d,d4,\
"rkeysecu"=hex:40,d7,d8,38,e1,b7,31,84,38,42,22,3b,ae,4d,fb,01

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,f1,00,ab,f2,f3,
0e,17,b8,e2,63,26,f1,3f,c8,ff,68,52,35,ce,02,d5,99,63,f3,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,86,be,76,b9,1c,
c9,00,29,6a,9c,d6,61,af,45,84,18,6a,af,5a,77,a1,f6,f2,89,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,40,c8,e0,d8,60,
59,7c,36,ff,7c,85,e0,43,d4,0e,fe,f8,7f,e5,81,7c,af,21,e7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,b7,03,84,af,5f,
eb,2e,6b,86,8c,21,01,be,91,eb,e7,e6,56,8e,94,b8,a9,79,0c,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,39,27,79,fe,5b,
92,29,f1,f5,1d,4d,73,a8,13,5c,05,dc,4b,a6,e7,0c,1c,4f,b8,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,19,7d,d9,da,fa,
73,43,87,df,20,58,62,78,6b,cf,c8,8e,6d,81,c4,87,c3,e6,00,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,24,1a,12,1d,b5,
96,6b,f1,fb,a7,78,e6,12,2f,9a,ea,46,ef,c8,0d,5d,77,9d,32,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,5e,53,d0,b9,1d,
ec,67,24,01,3a,48,fc,e8,04,4a,f1,39,ef,80,f3,3a,29,61,4a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d1,8c,60,8b,2b,
05,e2,47,f6,0f,4e,58,98,5b,89,c9,40,60,af,22,ef,f6,59,a0,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a6,1e,e1,ca,24,
53,a7,84,3d,ce,ea,26,2d,45,aa,78,79,5c,a7,0b,b0,24,de,96,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,69,3d,61,c3,0c,
ca,67,73,2a,b7,cc,b5,b9,7f,41,e7,46,12,13,a9,95,2c,19,9b,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0a,5d,c2,ed,5b,
91,3e,04,6c,43,2d,1e,aa,22,2f,9c,42,e4,5a,70,11,93,35,19,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY
*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="?Ż?\11?\16?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"f:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
Celkový čas: 2009-09-06 17:40
ComboFix-quarantined-files.txt 2009-09-06 15:40

Před spuštěním: Volných bajtů: 106 040 168 448
Po spuštění: Volných bajtů: 105 996 574 720

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /usepmtimer /NoExecute=OptOut

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
341 --- E O F --- 2009-06-24 07:01

[pitimir]

Otestuj subor(y) na VIRUSTOTALe:

Kód: Vybrat vše

C:\WINDOWS\system32\drivers\services.exe

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

Btw, pouzivas Garenu?

[MistiG]

Ve slozce drivers jsem soubor services.exe nenasel. Nasel jsem ho napriklad tady C:\WINDOWS\system32\services.exe a tady C:\WINDOWS\system32\drivers\etc\services bez pripony. Garenu pouzivam minimalne.

[pitimir]

1) Odinstaluj Garenu (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.


2) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DirLook::
C:\Logs

Folder::
c:\program files\ICQ6Toolbar

File::
c:\windows\system32\drivers\5d0b447c.sys
c:\windows\system32\DA2D9F163B.sys

Rootkit::
c:\windows\system32\drivers\5d0b447c.sys

Driver::
5d0b447c
ICQ Service

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^User^Nabídka Start^Programy^Po spuštění^userinit.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY
*]

FixCSet::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[MistiG]

Vsechno provedeno bez rucniho restartu, tady je log:

ComboFix 09-09-05.03 - User 07.09.2009 16:33.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2773 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\DA2D9F163B.sys"
"c:\windows\system32\drivers\5d0b447c.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\~GLH002d.TMP
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\system32\DA2D9F163B.sys
c:\windows\system32\drivers\5d0b447c.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_5d0b447c
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2009-08-07 do 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-04 21:59 . 2009-09-04 21:59 -------- d-----w- c:\program files\Mp3tag
2009-09-04 17:38 . 2009-09-04 17:38 -------- d-----w- c:\program files\Common Files\Skype
2009-09-03 20:33 . 2009-09-03 20:33 -------- d-----w- c:\program files\Fighters
2009-09-03 11:50 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-03 11:50 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-03 11:50 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-03 11:50 . 2009-09-03 11:50 -------- d-----w- c:\program files\Avira
2009-09-02 20:30 . 2009-09-02 20:30 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-01 14:25 . 2009-09-01 14:25 -------- d-----w- c:\program files\Tinynice Software
2009-09-01 12:53 . 2009-09-02 20:24 -------- d-----w- c:\windows\system32\oodag
2009-09-01 10:41 . 2009-09-01 10:41 -------- d-----w- c:\program files\OO Software
2009-08-29 17:49 . 2009-08-29 17:49 -------- d-----w- c:\windows\Downloaded Installations
2009-08-29 16:07 . 2009-08-29 20:03 -------- d-----w- c:\program files\BSplayer
2009-08-28 21:30 . 2009-09-02 21:03 -------- d-----w- c:\program files\ElcomSoft
2009-08-28 11:20 . 2009-08-28 11:21 -------- d-----w- c:\program files\GCH Guitar academy
2009-08-27 17:46 . 2009-08-27 17:46 -------- d-----w- c:\program files\Pinnacle
2009-08-27 17:46 . 2002-03-19 07:29 14165 ------w- c:\windows\system32\drivers\Pclepci.sys
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- C:\Logs
2009-08-13 19:31 . 2009-09-04 20:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-12 23:18 . 2009-08-12 23:18 -------- d-----w- c:\program files\QIP
2009-08-10 20:36 . 2009-08-10 20:41 -------- d-----w- c:\program files\3D-Fahrschule

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 14:31 . 2009-07-02 13:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-04 18:25 . 2008-10-02 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 18:03 . 2009-03-27 21:02 -------- d-----w- c:\program files\FlatOut2
2009-09-04 17:38 . 2009-06-12 13:24 -------- d-----r- c:\program files\Skype
2009-09-03 20:31 . 2009-03-26 18:45 -------- d-----w- c:\program files\Valve
2009-09-02 20:58 . 2008-10-05 17:23 -------- d-----w- c:\program files\Aspyr
2009-08-31 11:15 . 2008-10-04 09:29 -------- d-----w- c:\program files\Activision
2009-08-29 09:43 . 2008-10-07 14:43 6318 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-27 20:39 . 2009-08-07 19:23 -------- d-----w- c:\program files\Any Video Converter
2009-08-21 12:30 . 2009-05-03 06:29 9 ----a-w- c:\windows\im32st.dat
2009-08-07 22:18 . 2009-08-07 22:18 36572 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-02 20:08 . 2009-08-02 20:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-31 20:59 . 2009-07-31 20:59 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-30 15:53 . 2009-07-30 15:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-28 14:33 . 2009-06-16 18:10 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-25 20:03 . 2009-07-25 20:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-23 14:34 . 2001-10-25 12:00 83680 ----a-w- c:\windows\system32\perfc005.dat
2009-07-23 14:34 . 2001-10-25 12:00 441192 ----a-w- c:\windows\system32\perfh005.dat
2009-07-23 12:49 . 2008-10-05 19:14 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-23 12:38 . 2008-10-05 19:14 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 13:12 . 2008-10-04 13:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 22:34 . 2009-02-22 17:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-14 18:11 . 2009-07-14 18:09 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:09 . 2009-06-12 13:09 -------- d-----w- c:\program files\ICQ6
2009-07-12 19:41 . 2009-07-11 17:54 -------- d-----w- c:\program files\Digital Guitar Tuner 2.3
2009-07-11 15:36 . 2009-07-11 15:35 -------- d-----w- c:\program files\QuickTime
2009-07-11 14:45 . 2009-07-11 14:45 -------- d-----w- c:\program files\Audio Phonics, Inc
2009-07-10 19:31 . 2009-06-12 12:30 -------- d-----w- c:\program files\Google
2009-07-08 15:52 . 2009-02-01 11:07 9058 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-02 15:54 . 2008-10-05 19:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-22 21:02 . 2008-10-03 20:04 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-15 19:17 . 2009-02-08 14:09 92661 ----a-w- c:\windows\War3Unin.dat
2009-06-15 16:13 . 2009-06-14 12:15 34 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2009-06-14 14:50 . 2009-06-14 14:50 0 ----a-w- c:\windows\nsreg.dat
2009-06-14 12:09 . 2009-06-14 12:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 13:31 . 2009-06-12 13:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Logs ----

2009-08-13 20:26 . 2009-08-13 20:55 2344 ----a-w- c:\logs\Launcher-warnings.log


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-06-12 306088]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-03-24 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-09 57344]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-26 1114112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-03-24 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-10-4 1183744]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\EA Games\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Soothsayer\\Soothsayer.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\WINDOWS\\system32\\freecell.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Warcraft III\\War3.exe"=
"d:\\ZALOHA_80GB\\PPK_CD\\hry\\MiniRacer\\engine.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Strong DC++\\rc10\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [24.11.2008 20:44 9344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3.9.2009 13:50 108289]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [24.11.2008 20:44 449280]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [25.10.2001 14:00 14336]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [8.12.2008 21:48 2208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3.6.2009 14:46 92008]
S2 gupdate1ca018ba80d3440;Služba Google Update (gupdate1ca018ba80d3440);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2009 20:24 133104]
S3 crystalsysinfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp --> c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp [?]
S3 PhTVTune;MuchTV Plus TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2.10.2008 11:22 23808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-12 18:23]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 18:24]

2009-09-06 c:\windows\Tasks\SLOW-PCfighter.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-07-23 08:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/portal/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 16:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-1592454029-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:9b,79,65,01,4d,44,0b,3a,0d,f4,3f,05,fc,57,ef,66,bc,4c,83,f2,c8,
0c,fc,28,a0,af,c2,f2,4a,3d,87,ff,57,4f,92,fd,48,03,5d,1f,6e,c6,fd,17,6d,d4,\
"rkeysecu"=hex:40,d7,d8,38,e1,b7,31,84,38,42,22,3b,ae,4d,fb,01

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY
*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="?Ż?\11?\16?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"f:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\MICROS~1\DW\DW20.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-09-07 17:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-07 15:01
ComboFix2.txt 2009-09-06 15:40

Před spuštěním: Volných bajtů: 106 027 134 976
Po spuštění: Volných bajtů: 105 900 638 208

255 --- E O F --- 2009-06-24 07:01

[pitimir]

Este jeden CFScript, tentoraz v tomto zneni:

Kód: Vybrat vše

KillAll::
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY
*]

Postup rovnaky ako v predoslom poste.

[MistiG]

Tady je log:

ComboFix 09-09-05.03 - User 07.09.2009 21:28.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2848 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-07 do 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-04 21:59 . 2009-09-04 21:59 -------- d-----w- c:\program files\Mp3tag
2009-09-04 17:38 . 2009-09-04 17:38 -------- d-----w- c:\program files\Common Files\Skype
2009-09-03 20:33 . 2009-09-03 20:33 -------- d-----w- c:\program files\Fighters
2009-09-03 11:50 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-03 11:50 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-03 11:50 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-03 11:50 . 2009-09-03 11:50 -------- d-----w- c:\program files\Avira
2009-09-02 20:30 . 2009-09-02 20:30 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-01 14:25 . 2009-09-01 14:25 -------- d-----w- c:\program files\Tinynice Software
2009-09-01 12:53 . 2009-09-02 20:24 -------- d-----w- c:\windows\system32\oodag
2009-09-01 10:41 . 2009-09-01 10:41 -------- d-----w- c:\program files\OO Software
2009-08-29 17:49 . 2009-08-29 17:49 -------- d-----w- c:\windows\Downloaded Installations
2009-08-29 16:07 . 2009-08-29 20:03 -------- d-----w- c:\program files\BSplayer
2009-08-28 21:30 . 2009-09-02 21:03 -------- d-----w- c:\program files\ElcomSoft
2009-08-28 11:20 . 2009-08-28 11:21 -------- d-----w- c:\program files\GCH Guitar academy
2009-08-27 17:46 . 2009-08-27 17:46 -------- d-----w- c:\program files\Pinnacle
2009-08-27 17:46 . 2002-03-19 07:29 14165 ------w- c:\windows\system32\drivers\Pclepci.sys
2009-08-13 20:26 . 2009-08-13 20:26 -------- d-----w- C:\Logs
2009-08-13 19:31 . 2009-09-04 20:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-12 23:18 . 2009-08-12 23:18 -------- d-----w- c:\program files\QIP
2009-08-10 20:36 . 2009-08-10 20:41 -------- d-----w- c:\program files\3D-Fahrschule

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 14:31 . 2009-07-02 13:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-04 18:25 . 2008-10-02 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 18:03 . 2009-03-27 21:02 -------- d-----w- c:\program files\FlatOut2
2009-09-04 17:38 . 2009-06-12 13:24 -------- d-----r- c:\program files\Skype
2009-09-03 20:31 . 2009-03-26 18:45 -------- d-----w- c:\program files\Valve
2009-09-02 20:58 . 2008-10-05 17:23 -------- d-----w- c:\program files\Aspyr
2009-08-31 11:15 . 2008-10-04 09:29 -------- d-----w- c:\program files\Activision
2009-08-29 09:43 . 2008-10-07 14:43 6318 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-27 20:39 . 2009-08-07 19:23 -------- d-----w- c:\program files\Any Video Converter
2009-08-21 12:30 . 2009-05-03 06:29 9 ----a-w- c:\windows\im32st.dat
2009-08-07 22:18 . 2009-08-07 22:18 36572 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-02 20:08 . 2009-08-02 20:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-31 20:59 . 2009-07-31 20:59 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-30 15:53 . 2009-07-30 15:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-28 14:33 . 2009-06-16 18:10 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-25 20:03 . 2009-07-25 20:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-23 14:34 . 2001-10-25 12:00 83680 ----a-w- c:\windows\system32\perfc005.dat
2009-07-23 14:34 . 2001-10-25 12:00 441192 ----a-w- c:\windows\system32\perfh005.dat
2009-07-23 12:49 . 2008-10-05 19:14 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-23 12:38 . 2008-10-05 19:14 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 13:12 . 2008-10-04 13:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 22:34 . 2009-02-22 17:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-14 18:11 . 2009-07-14 18:09 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 18:09 . 2009-06-12 13:09 -------- d-----w- c:\program files\ICQ6
2009-07-12 19:41 . 2009-07-11 17:54 -------- d-----w- c:\program files\Digital Guitar Tuner 2.3
2009-07-11 15:36 . 2009-07-11 15:35 -------- d-----w- c:\program files\QuickTime
2009-07-11 14:45 . 2009-07-11 14:45 -------- d-----w- c:\program files\Audio Phonics, Inc
2009-07-10 19:31 . 2009-06-12 12:30 -------- d-----w- c:\program files\Google
2009-07-08 15:52 . 2009-02-01 11:07 9058 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-02 15:54 . 2008-10-05 19:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-22 21:02 . 2008-10-03 20:04 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-15 19:17 . 2009-02-08 14:09 92661 ----a-w- c:\windows\War3Unin.dat
2009-06-15 16:13 . 2009-06-14 12:15 34 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2009-06-14 14:50 . 2009-06-14 14:50 0 ----a-w- c:\windows\nsreg.dat
2009-06-14 12:09 . 2009-06-14 12:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 13:31 . 2009-06-12 13:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-06-12 306088]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-03-24 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-09 57344]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-26 1114112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-03-24 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-10-4 1183744]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\EA Games\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Soothsayer\\Soothsayer.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\WINDOWS\\system32\\freecell.exe"=
"d:\\ZALOHA_80GB\\Program Files\\Warcraft III\\War3.exe"=
"d:\\ZALOHA_80GB\\PPK_CD\\hry\\MiniRacer\\engine.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Strong DC++\\rc10\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [24.11.2008 20:44 9344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3.9.2009 13:50 108289]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [24.11.2008 20:44 449280]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [25.10.2001 14:00 14336]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [8.12.2008 21:48 2208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3.6.2009 14:46 92008]
S2 gupdate1ca018ba80d3440;Služba Google Update (gupdate1ca018ba80d3440);c:\program files\Google\Update\GoogleUpdate.exe [10.7.2009 20:24 133104]
S3 crystalsysinfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp --> c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp [?]
S3 PhTVTune;MuchTV Plus TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2.10.2008 11:22 23808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-12 18:23]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 18:24]

2009-09-06 c:\windows\Tasks\SLOW-PCfighter.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-07-23 08:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/portal/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 21:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\RXRF3.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-1592454029-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:9b,79,65,01,4d,44,0b,3a,0d,f4,3f,05,fc,57,ef,66,bc,4c,83,f2,c8,
0c,fc,28,a0,af,c2,f2,4a,3d,87,ff,57,4f,92,fd,48,03,5d,1f,6e,c6,fd,17,6d,d4,\
"rkeysecu"=hex:40,d7,d8,38,e1,b7,31,84,38,42,22,3b,ae,4d,fb,01

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY
*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="?Ż?\11?\16?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"f:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1216)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-09-07 21:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-07 19:53
ComboFix2.txt 2009-09-07 15:01
ComboFix3.txt 2009-09-06 15:40

Před spuštěním: Volných bajtů: 105 905 131 520
Po spuštění: Volných bajtů: 105 869 488 128

230 --- E O F --- 2009-06-24 07:01

[pitimir]

Nejak sa mu nechce...

Co PC, nastalo zlepsenie?

[MistiG]

Rad bych rekl ze ano, ale je to porad stejne.

[pitimir]

Stiahni a spust AVPTool. Vypracuj log podla navodu a vloz ho.