PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:13, on 5.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Documents and Settings\Marcel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marcel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marcel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marcel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marcel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\rainbar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [ViSplore] C:\Program Files\ViSplore\ViSplore.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-cl ... ynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3940745762
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553543000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29BFE745-D7DA-4A8D-969D-DC1A8BACBA81}: NameServer = 192.168.159.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A105439-C123-4AC0-BAD8-33898E385A43}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{29BFE745-D7DA-4A8D-969D-DC1A8BACBA81}: NameServer = 192.168.159.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{29BFE745-D7DA-4A8D-969D-DC1A8BACBA81}: NameServer = 192.168.159.9
O17 - HKLM\System\CS3\Services\Tcpip\..\{29BFE745-D7DA-4A8D-969D-DC1A8BACBA81}: NameServer = 192.168.159.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9f362ffa9e07c) (gupdate1c9f362ffa9e07c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: Webový server SMART (SMART Web Server) - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe

--
End of file - 9904 bytes
:crazy:

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F3 - REG:win.ini: run=
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-cl ... ynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3940745762
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2910
Windows 5.1.2600 Service Pack 3

5.10.2009 22:09:05
mbam-log-2009-10-05 (22-09-01).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 110970
Uplynulý čas: 13 minute(s), 54 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Marcel\Oblíbené položky\Online Security Test.url (Rogue.Link) -> No action taken.

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

V Logu bylo napsáno že škodlivý odkaz byl smazán a pak jsem to omylem restartoval než jsem ti ho sem hodil. ComboFix udělám zítra tak zatím.

Nevím jestli tu zítra budu. Nechám kdyžtak vzkaz klukům.

ComboFix 09-10-04.01 - Marcel 06.10.2009 15:42.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.650 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marcel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\166a2ba.msi
c:\windows\system\Djsec61721.dll
c:\windows\system\Djsec63691.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-06 do 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-05 19:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 19:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 19:44 . 2009-10-05 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 18:40 . 2009-10-05 18:40 -------- d-----w- c:\program files\Trend Micro
2009-10-01 18:45 . 2009-10-01 18:59 -------- d-----w- c:\program files\Counter-Strike 2D
2009-09-25 22:20 . 2009-09-25 22:20 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-16 17:50 . 2009-09-16 17:50 -------- d-----w- c:\program files\IMSIDesign
2009-09-16 17:48 . 2009-09-16 17:48 -------- d-----w- c:\program files\TurboCAD Designer 15 Setup
2009-09-10 12:30 . 2009-10-06 13:39 -------- d-----w- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 17:50 . 2009-06-02 15:44 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-01 17:12 . 2009-08-27 08:31 -------- d-----w- c:\program files\John Deere American Farmer Deluxe
2009-10-01 17:09 . 2009-06-16 19:00 -------- d-----w- c:\program files\Xfire
2009-09-17 19:54 . 2009-03-14 12:29 -------- d-----w- c:\program files\BitComet
2009-09-13 18:24 . 2009-04-10 22:25 -------- d-----w- c:\program files\CSS
2009-09-13 08:47 . 2009-09-04 14:28 -------- d-----w- c:\program files\Valve
2009-09-08 14:30 . 2009-06-15 16:06 -------- d-----w- c:\program files\Java
2009-09-08 14:03 . 2009-08-23 18:01 -------- d-----w- c:\program files\CPUID
2009-08-27 06:55 . 2008-11-10 17:38 -------- d-----w- c:\program files\CCleaner
2009-08-26 19:16 . 2009-08-12 12:00 -------- d-----w- c:\program files\Metin2_CZ
2009-08-24 13:52 . 2009-08-23 18:45 -------- d-----w- c:\program files\Styler
2009-08-24 11:39 . 2008-11-10 14:45 -------- d-----w- c:\program files\EA GAMES
2009-08-24 11:39 . 2008-10-13 23:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 18:46 . 2009-08-23 18:46 -------- d-----w- c:\program files\ViSplore
2009-08-23 18:46 . 2009-08-23 18:46 -------- d-----w- c:\program files\TrueTransparency
2009-08-23 18:46 . 2009-08-23 18:46 -------- d-----w- c:\program files\WinFlip
2009-08-23 18:45 . 2009-08-23 18:45 -------- d-----w- c:\program files\Vista Rainbar
2009-08-23 18:02 . 2009-08-23 18:02 -------- d-----w- c:\program files\Lavalys
2009-08-23 14:05 . 2009-08-23 14:05 -------- d-----w- c:\program files\IObit
2009-08-14 22:36 . 2009-08-14 22:36 -------- d-----w- c:\program files\Microsoft WSE
2009-08-14 22:17 . 2009-04-28 12:32 -------- d-----w- c:\program files\Electronic Arts
2009-08-14 19:13 . 2009-08-14 19:13 -------- d-----w- c:\program files\Reality Pump
2009-08-12 06:38 . 2009-03-26 21:18 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-12 06:38 . 2009-03-26 21:18 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 09:01 . 2008-04-14 06:51 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2009-06-15 16:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2008-04-14 06:51 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 20:26 . 2009-03-26 21:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-16 20:26 . 2009-04-10 16:33 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-13 21:43 . 2008-04-14 06:52 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Marcel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-06-15 133104]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
"Vista Rainbar"="c:\program files\Vista Rainbar\rainbar.exe" [2008-11-12 131447]
"ViSplore"="c:\program files\ViSplore\ViSplore.exe" [2008-11-12 393216]
"Steam"="c:\program files\Steam\Steam.exe" [2009-09-10 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 531784]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Marcel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-9-26 3266448]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-4-8 9723904]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Quake 3 Arena\\quake3.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\CSS\\hl2.exe"=
"c:\\Program Files\\CSS\\srcds.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\Marcel\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Reality Pump\\World War III Black Gold\\Setup.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Counter-Strike 2D\\CounterStrike2D.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9394:TCP"= 9394:TCP:BitComet 9394 TCP
"9394:UDP"= 9394:UDP:BitComet 9394 UDP
"14919:TCP"= 14919:TCP:BitComet 14919 TCP
"14919:UDP"= 14919:UDP:BitComet 14919 UDP
"7933:TCP"= 7933:TCP:BitComet 7933 TCP
"7933:UDP"= 7933:UDP:BitComet 7933 UDP
"15943:TCP"= 15943:TCP:BitComet 15943 TCP
"15943:UDP"= 15943:UDP:BitComet 15943 UDP
"20237:TCP"= 20237:TCP:BitComet 20237 TCP
"20237:UDP"= 20237:UDP:BitComet 20237 UDP
"59071:TCP"= 59071:TCP:Pando Media Booster
"59071:UDP"= 59071:UDP:Pando Media Booster
"17880:TCP"= 17880:TCP:BitComet 17880 TCP
"17880:UDP"= 17880:UDP:BitComet 17880 UDP
"14651:TCP"= 14651:TCP:BitComet 14651 TCP
"14651:UDP"= 14651:UDP:BitComet 14651 UDP
"12227:TCP"= 12227:TCP:BitComet 12227 TCP
"12227:UDP"= 12227:UDP:BitComet 12227 UDP
"7041:TCP"= 7041:TCP:BitComet 7041 TCP
"7041:UDP"= 7041:UDP:BitComet 7041 UDP
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
"15676:TCP"= 15676:TCP:BitComet 15676 TCP
"15676:UDP"= 15676:UDP:BitComet 15676 UDP
"12248:TCP"= 12248:TCP:BitComet 12248 TCP
"12248:UDP"= 12248:UDP:BitComet 12248 UDP
"14746:TCP"= 14746:TCP:BitComet 14746 TCP
"14746:UDP"= 14746:UDP:BitComet 14746 UDP
"23788:TCP"= 23788:TCP:BitComet 23788 TCP
"23788:UDP"= 23788:UDP:BitComet 23788 UDP

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 15:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 15:23 727720]
S2 gupdate1c9f362ffa9e07c;Google Update Service (gupdate1c9f362ffa9e07c);c:\program files\Google\Update\GoogleUpdate.exe [22.6.2009 19:58 133104]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [23.8.2009 20:01 12672]
S3 FLASHSYS;FLASHSYS;c:\windows\system32\drivers\FlashSys.sys [31.1.2008 17:18 9216]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [9.11.2008 21:11 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [9.11.2008 21:11 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [9.11.2008 21:11 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [9.11.2008 21:12 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [9.11.2008 21:12 98568]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [15.4.2009 16:30 1048576]
S3 SMART Web Server;Webový server SMART;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [15.4.2009 16:27 1236992]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [13.4.2008 11:21 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 17:57]

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 17:57]

2009-10-06 c:\windows\Tasks\User_Feed_Synchronization-{0D6A13DA-BD8B-4B8A-A099-75BEFC42DCDA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {29BFE745-D7DA-4A8D-969D-DC1A8BACBA81} = 192.168.159.9
TCP: {7A105439-C123-4AC0-BAD8-33898E385A43} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.21.0.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-LClock - c:\program files\LClock\LClock.exe
HKCU-Run-ViStart - c:\program files\ViStart\ViStart.exe
HKCU-Run-ViOrb - c:\program files\ViOrb\ViOrb.exe
HKCU-Run-VisualTooltip - c:\program files\VisualTooltip\VisualToolTip.exe
HKLM-Run-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 15:56
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-861567501-842925246-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b0,e4,6c,37,73,3b,90,20,e0,2e,d6,2f,c5,56,b4,11,3d,e1,9b,ac,9d,ea,ff,
48,80,3a,ee,46,c4,e9,08,09,35,2f,b9,ad,66,cf,6c,be,65,fd,60,36,1c,54,8c,9a,\
"??"=hex:0f,6a,08,54,6b,e3,37,31,ce,0b,0c,0d,6e,cf,0d,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-10-06 15:58
ComboFix-quarantined-files.txt 2009-10-06 13:58

Před spuštěním: 3 770 347 520
Po spuštění: 6 766 989 312

214 --- E O F --- 2009-09-09 12:37

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\GameMon.des.exe
c:\windows\system32\GameMon.des
c:\windows\system32\GameMon.exe

Driver::
KGyGaAvL
npggsvc;nProtect GameGuard Service
npggsvc

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

ComboFix 09-10-04.01 - Marcel 06.10.2009 17:42.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.587 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marcel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marcel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\system32\GameMon.des"
"c:\windows\system32\GameMon.des.exe"
"c:\windows\system32\GameMon.exe"
"c:\windows\system32\KGyGaAvL.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\GameMon.des
c:\windows\system32\KGyGaAvL.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-06 do 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-05 19:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 19:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 19:44 . 2009-10-05 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 18:40 . 2009-10-05 18:40 -------- d-----w- c:\program files\Trend Micro
2009-10-01 18:45 . 2009-10-01 18:59 -------- d-----w- c:\program files\Counter-Strike 2D
2009-09-25 22:20 . 2009-09-25 22:20 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-16 17:50 . 2009-09-16 17:50 -------- d-----w- c:\program files\IMSIDesign
2009-09-16 17:48 . 2009-09-16 17:48 -------- d-----w- c:\program files\TurboCAD Designer 15 Setup
2009-09-10 12:30 . 2009-10-06 13:39 -------- d-----w- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 17:12 . 2009-08-27 08:31 -------- d-----w- c:\program files\John Deere American Farmer Deluxe
2009-10-01 17:09 . 2009-06-16 19:00 -------- d-----w- c:\program files\Xfire
2009-09-17 19:54 . 2009-03-14 12:29 -------- d-----w- c:\program files\BitComet
2009-09-13 18:24 . 2009-04-10 22:25 -------- d-----w- c:\program files\CSS
2009-09-13 08:47 . 2009-09-04 14:28 -------- d-----w- c:\program files\Valve
2009-09-08 14:30 . 2009-06-15 16:06 -------- d-----w- c:\program files\Java
2009-09-08 14:03 . 2009-08-23 18:01 -------- d-----w- c:\program files\CPUID
2009-08-27 06:55 . 2008-11-10 17:38 -------- d-----w- c:\program files\CCleaner
2009-08-26 19:16 . 2009-08-12 12:00 -------- d-----w- c:\program files\Metin2_CZ
2009-08-24 13:52 . 2009-08-23 18:45 -------- d-----w- c:\program files\Styler
2009-08-24 11:39 . 2008-11-10 14:45 -------- d-----w- c:\program files\EA GAMES
2009-08-24 11:39 . 2008-10-13 23:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 18:46 . 2009-08-23 18:46 -------- d-----w- c:\program files\ViSplore
2009-08-23 18:46 . 2009-08-23 18:46 -------- d-----w- c:\program files\TrueTransparency
2009-08-23 18:46 . 2009-08-23 18:46 -------- d-----w- c:\program files\WinFlip
2009-08-23 18:45 . 2009-08-23 18:45 -------- d-----w- c:\program files\Vista Rainbar
2009-08-23 18:02 . 2009-08-23 18:02 -------- d-----w- c:\program files\Lavalys
2009-08-23 14:05 . 2009-08-23 14:05 -------- d-----w- c:\program files\IObit
2009-08-14 22:36 . 2009-08-14 22:36 -------- d-----w- c:\program files\Microsoft WSE
2009-08-14 22:17 . 2009-04-28 12:32 -------- d-----w- c:\program files\Electronic Arts
2009-08-14 19:13 . 2009-08-14 19:13 -------- d-----w- c:\program files\Reality Pump
2009-08-12 06:38 . 2009-03-26 21:18 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-12 06:38 . 2009-03-26 21:18 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 09:01 . 2008-04-14 06:51 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2009-06-15 16:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2008-04-14 06:51 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 20:26 . 2009-03-26 21:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-16 20:26 . 2009-04-10 16:33 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-13 21:43 . 2008-04-14 06:52 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Marcel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-06-15 133104]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
"Vista Rainbar"="c:\program files\Vista Rainbar\rainbar.exe" [2008-11-12 131447]
"ViSplore"="c:\program files\ViSplore\ViSplore.exe" [2008-11-12 393216]
"Steam"="c:\program files\Steam\Steam.exe" [2009-09-10 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 531784]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Marcel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-9-26 3266448]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-4-8 9723904]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Quake 3 Arena\\quake3.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\CSS\\hl2.exe"=
"c:\\Program Files\\CSS\\srcds.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\Marcel\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Reality Pump\\World War III Black Gold\\Setup.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Counter-Strike 2D\\CounterStrike2D.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9394:TCP"= 9394:TCP:BitComet 9394 TCP
"9394:UDP"= 9394:UDP:BitComet 9394 UDP
"14919:TCP"= 14919:TCP:BitComet 14919 TCP
"14919:UDP"= 14919:UDP:BitComet 14919 UDP
"7933:TCP"= 7933:TCP:BitComet 7933 TCP
"7933:UDP"= 7933:UDP:BitComet 7933 UDP
"15943:TCP"= 15943:TCP:BitComet 15943 TCP
"15943:UDP"= 15943:UDP:BitComet 15943 UDP
"20237:TCP"= 20237:TCP:BitComet 20237 TCP
"20237:UDP"= 20237:UDP:BitComet 20237 UDP
"59071:TCP"= 59071:TCP:Pando Media Booster
"59071:UDP"= 59071:UDP:Pando Media Booster
"17880:TCP"= 17880:TCP:BitComet 17880 TCP
"17880:UDP"= 17880:UDP:BitComet 17880 UDP
"14651:TCP"= 14651:TCP:BitComet 14651 TCP
"14651:UDP"= 14651:UDP:BitComet 14651 UDP
"12227:TCP"= 12227:TCP:BitComet 12227 TCP
"12227:UDP"= 12227:UDP:BitComet 12227 UDP
"7041:TCP"= 7041:TCP:BitComet 7041 TCP
"7041:UDP"= 7041:UDP:BitComet 7041 UDP
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
"15676:TCP"= 15676:TCP:BitComet 15676 TCP
"15676:UDP"= 15676:UDP:BitComet 15676 UDP
"12248:TCP"= 12248:TCP:BitComet 12248 TCP
"12248:UDP"= 12248:UDP:BitComet 12248 UDP
"14746:TCP"= 14746:TCP:BitComet 14746 TCP
"14746:UDP"= 14746:UDP:BitComet 14746 UDP
"23788:TCP"= 23788:TCP:BitComet 23788 TCP
"23788:UDP"= 23788:UDP:BitComet 23788 UDP

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 15:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 15:23 727720]
S2 gupdate1c9f362ffa9e07c;Google Update Service (gupdate1c9f362ffa9e07c);c:\program files\Google\Update\GoogleUpdate.exe [22.6.2009 19:58 133104]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [23.8.2009 20:01 12672]
S3 FLASHSYS;FLASHSYS;c:\windows\system32\drivers\FlashSys.sys [31.1.2008 17:18 9216]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [9.11.2008 21:11 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [9.11.2008 21:11 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [9.11.2008 21:11 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [9.11.2008 21:12 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [9.11.2008 21:12 98568]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [15.4.2009 16:30 1048576]
S3 SMART Web Server;Webový server SMART;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [15.4.2009 16:27 1236992]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [13.4.2008 11:21 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 17:57]

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 17:57]

2009-10-06 c:\windows\Tasks\User_Feed_Synchronization-{0D6A13DA-BD8B-4B8A-A099-75BEFC42DCDA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {29BFE745-D7DA-4A8D-969D-DC1A8BACBA81} = 192.168.159.9
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.21.0.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 17:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-861567501-842925246-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b0,e4,6c,37,73,3b,90,20,e0,2e,d6,2f,c5,56,b4,11,3d,e1,9b,ac,9d,ea,ff,
48,80,3a,ee,46,c4,e9,08,09,35,2f,b9,ad,66,cf,6c,be,65,fd,60,36,1c,54,8c,9a,\
"??"=hex:0f,6a,08,54,6b,e3,37,31,ce,0b,0c,0d,6e,cf,0d,61
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-10-06 17:50
ComboFix-quarantined-files.txt 2009-10-06 15:50
ComboFix2.txt 2009-10-06 13:58

Před spuštěním: 6 778 060 800
Po spuštění: 6 765 867 008

209 --- E O F --- 2009-09-09 12:37

Damned píše:... + nový log z HJT a popiš chování počítače

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:30, on 6.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Marcel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marcel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marcel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\rainbar.exe
O4 - HKCU\..\Run: [ViSplore] C:\Program Files\ViSplore\ViSplore.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553543000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29BFE745-D7DA-4A8D-969D-DC1A8BACBA81}: NameServer = 192.168.159.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{29BFE745-D7DA-4A8D-969D-DC1A8BACBA81}: NameServer = 192.168.159.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{29BFE745-D7DA-4A8D-969D-DC1A8BACBA81}: NameServer = 192.168.159.9
O17 - HKLM\System\CS3\Services\Tcpip\..\{29BFE745-D7DA-4A8D-969D-DC1A8BACBA81}: NameServer = 192.168.159.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9f362ffa9e07c) (gupdate1c9f362ffa9e07c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
O23 - Service: Webový server SMART (SMART Web Server) - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe

--
End of file - 8196 bytes

A počítač jede plynuleji netrvá mu tak dlouho načítání aplikací atd.

PC-HELP.CZ

Prosím o kontrolu logu něco se mi tam vrtá

Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá

Re: Prosím o kontrolu logu něco se mi tam vrtá