"Lagování her" prosím o kontrolu

[bereline]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:27, on 28.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ntvdm.exe
D:\Miranda IM\Miranda IM\miranda32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HiJackThis\HiJackTHIS\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet(torrent)\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "C:\PROGRA~1\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Disk Cleaner.lnk = C:\Program Files\Disk Cleaner\dclean.exe
O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\BitComet(torrent)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\BitComet(torrent)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\BitComet(torrent)\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet(torrent)\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11010 bytes

[Reklama]

[jaro3]

Fix v HJT:

Kód: Vybrat vše

O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
a možná i toto, pokud neznáš:
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) –


Máš mít jen jeden antivir, vidím tam Spybot i Eset/Nod32.Asi se hádají.

[bereline]

Před 20-ti minutama jsem právě aktualizovat SbyBot+stáhnul novou verzi ..

[jaro3]

Tak NOD odinstaluj.Nebo opačně.

[bereline]

NODA asi nechám, ale proč bych mě dávat SpyBot pryč je to dobrej program ... vždy něco v pc najde ... nedá se akorát nějak vypnout ochrana ?

[bereline]

našel jsem Rezidenční program ve SbyBot SDHelper a TeaTimer mám je tedy vypnout ??

[jaro3]

Nemám s ním osobní zkušenost, zkus ho deaktivovat, jestli se nehádá s NODEm.Pak ho zase zapni, třeba to tím není.Jinak v logu nic nevidím, jak se chová PC mimo hry?Jo , zkus , pak to zase vrať.

[bereline]

v pohodě ... tady je popsán můj problém http://www.pc-help.cz/viewtopic.php?f=36&t=31636

[jaro3]

Tak to zkusíme rozkrýt:
vypni rez. ochranu u antiviru NOD32 a SpyBota:
postupuj podle fredika na této stránce:
viewtopic.php?f=70&t=31077
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[bereline]

fajn, jdu na zo

[bereline]

ComboFix 08-09-27.03 - RedFisch 2008-09-28 16:48:23.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.678 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\RedFisch\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
C:\WINDOWS\system32\hook.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-08-28 do 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 15:03 . 2008-09-28 15:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Nabˇdka Start
2008-09-28 15:03 . 2004-08-17 16:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-28 14:40 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-09-28 14:40 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-28 14:38 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003306_.tmp
2008-09-28 14:20 . 2008-09-28 14:20 <DIR> d-------- C:\e9388ec93fabcec0540e
2008-09-28 12:48 . 2008-09-28 12:48 <DIR> d-------- C:\Documents and Settings\RedFisch\DoctorWeb
2008-09-27 16:10 . 2008-09-27 16:10 <DIR> d-------- C:\WINDOWS\nview
2008-09-27 16:10 . 2008-09-17 09:55 453,152 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-27 16:10 . 2008-09-28 15:16 201,461 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-27 16:10 . 2008-09-17 09:55 18,394 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-27 16:09 . 2008-09-16 21:27 453,152 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-27 15:26 . 2003-09-08 10:30 2,252,800 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-09-27 15:26 . 2003-08-29 06:02 1,454,080 --a------ C:\WINDOWS\system\SmWizard.exe
2008-09-27 15:26 . 2002-04-29 09:04 917,504 --a------ C:\WINDOWS\system\cmids3d.dll
2008-09-27 15:26 . 2003-09-15 08:19 752,960 --a------ C:\WINDOWS\system32\drivers\cmuda.sys
2008-09-27 15:26 . 2003-08-20 12:46 233,472 --a------ C:\WINDOWS\system32\cmirmdrv.exe
2008-09-27 15:26 . 2003-09-15 13:06 94,208 --a------ C:\WINDOWS\system32\cmuda.dll
2008-09-27 15:26 . 2003-04-24 07:29 32,768 --a------ C:\WINDOWS\system32\udaprop.dll
2008-09-27 15:26 . 2003-02-18 12:26 28,672 --a------ C:\WINDOWS\system32\cmirmdrv.dll
2008-09-27 15:10 . 2008-09-27 15:10 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-09-27 15:10 . 2003-08-05 14:23 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2008-09-27 15:10 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2008-09-27 15:10 . 2002-10-18 15:56 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2008-09-27 15:10 . 2008-09-28 13:15 231 --a------ C:\WINDOWS\system\CmiCnfg.ini
2008-09-27 15:10 . 2008-09-27 15:10 0 --a------ C:\WINDOWS\Wininit.ini
2008-09-27 15:07 . 2000-10-25 14:27 3,000 -ra------ C:\WINDOWS\system32\SetupNT.sys
2008-09-27 15:07 . 2008-09-28 13:06 3 --a------ C:\WINDOWS\system32\BSETUP.TMP
2008-09-26 22:43 . 2007-01-01 20:03 40,960 -ra------ C:\WINDOWS\system32\psfind.dll
2008-09-26 22:37 . 2008-09-26 22:53 <DIR> d-------- C:\Program Files\THQ
2008-09-25 20:10 . 2007-10-29 10:51 <DIR> d--h----- C:\Documents and Settings\Ondra\ćablony
2008-09-25 20:10 . 2008-02-07 17:55 <DIR> d-------- C:\Documents and Settings\Ondra\Plocha
2008-09-25 20:10 . 2007-10-29 11:45 <DIR> d--h----- C:\Documents and Settings\Ondra\Okolnˇ tisk rny
2008-09-25 20:10 . 2007-10-29 11:45 <DIR> d--h----- C:\Documents and Settings\Ondra\Okolnˇ sˇś
2008-09-25 20:10 . 2007-10-29 11:45 <DIR> d-------- C:\Documents and Settings\Ondra\Oblˇben‚ polo§ky
2008-09-25 20:10 . 2007-10-29 11:45 <DIR> dr------- C:\Documents and Settings\Ondra\Nabˇdka Start
2008-09-25 20:10 . 2007-10-29 11:45 <DIR> d-------- C:\Documents and Settings\Ondra\Dokumenty
2008-09-25 20:10 . <DIR> C:\Documents and Settings\Ondra\Data aplikací\Microsoft
2008-09-25 20:10 . 2007-10-29 11:45 <DIR> dr-h----- C:\Documents and Settings\Ondra\Data aplikacˇ
2008-09-25 20:10 . 2008-09-25 20:10 <DIR> d-------- C:\Documents and Settings\Ondra
2008-09-25 20:02 . 2008-09-01 12:17 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-09-25 20:02 . 2008-09-01 12:18 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-09-25 20:02 . 2008-07-24 18:46 47,640 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-09-25 20:02 . 2008-09-01 12:17 28,984 --a------ C:\WINDOWS\system32\LMIport.dll
2008-09-25 20:02 . 2008-09-25 20:02 1,024 --a------ C:\.rnd
2008-09-25 20:01 . 2008-09-28 10:12 <DIR> d-------- C:\Program Files\LogMeIn
2008-09-16 19:22 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-16 19:22 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-11 17:12 . 2008-09-11 17:12 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-11 17:12 . 2008-09-11 17:12 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-09-11 17:12 . 2008-09-11 17:12 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-09-10 19:37 . 2008-09-10 19:37 <DIR> d-------- C:\Documents and Settings\RedFisch\Phone Browser
2008-09-10 09:41 . 2008-09-10 09:41 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-09-08 14:27 . 2008-09-08 14:27 <DIR> d-------- C:\Westwood
2008-09-06 10:49 . <DIR> C:\Documents and Settings\RedFisch\Data aplikací\Nokia
2008-09-06 10:48 . 2008-09-06 10:48 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-06 10:48 . 2008-09-06 10:48 <DIR> d-------- C:\Program Files\DIFX
2008-09-06 10:48 . 2008-09-06 10:48 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-06 10:48 . 2008-09-06 10:48 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-09-06 10:48 . <DIR> C:\Documents and Settings\RedFisch\Data aplikací\PC Suite
2008-09-06 10:48 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-09-06 10:48 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-06 10:48 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-09-06 10:48 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-09-06 10:48 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-09-06 10:47 . 2008-09-06 10:48 <DIR> d-------- C:\Program Files\Nokia
2008-09-06 10:47 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-09-01 12:17 . 2008-09-01 12:17 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-09-01 12:17 . 2008-09-01 12:17 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
2008-08-30 18:15 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-08-30 18:15 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-08-30 17:58 . <DIR> C:\Documents and Settings\RedFisch\Data aplikací\InstallShield
2008-08-30 15:42 . 2008-08-30 15:42 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-08-29 13:53 . 2008-08-29 13:53 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 Patch Version 26
2008-08-29 13:40 . 2008-09-24 18:07 476 --a------ C:\win32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 14:47 --------- d-----w C:\Documents and Settings\RedFisch\Data aplikací\Free Download Manager
2008-09-28 13:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-28 10:42 --------- d-----w C:\Program Files\HLSW
2008-09-27 16:56 --------- d-----w C:\Program Files\PowerArchiver
2008-09-27 13:43 --------- d-----w C:\Documents and Settings\RedFisch\Data aplikací\Skype
2008-09-27 13:16 --------- d-----w C:\Documents and Settings\RedFisch\Data aplikací\MegauploadToolbar
2008-09-26 20:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 20:37 --------- d-----w C:\Program Files\EA Games
2008-09-25 18:10 --------- d-----w C:\Documents and Settings\RedFisch\Data aplikací\Hamachi
2008-09-24 16:11 --------- d-----w C:\Program Files\Hamachi
2008-09-24 15:41 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-20 11:10 --------- d-----w C:\Program Files\Quake III Arena
2008-09-14 12:46 --------- d-----w C:\Program Files\Trillian
2008-09-14 07:18 --------- d-----w C:\Program Files\ESET
2008-08-29 15:52 --------- d-----w C:\Documents and Settings\RedFisch\Data aplikací\teamspeak2
2008-08-26 09:31 --------- d-----w C:\Program Files\Outbreak
2008-08-26 09:06 53,248 ----a-w C:\WINDOWS\unrar.dll
2008-08-24 14:37 --------- d-----w C:\Documents and Settings\RedFisch\Data aplikací\XnView
2008-08-21 09:30 167,936 ----a-w C:\WINDOWS\vc.scr
2008-08-21 09:30 166,912 ----a-w C:\WINDOWS\novc.exe
2008-08-21 09:30 --------- d-----w C:\Program Files\Virtual Creatures
2008-08-21 09:09 14,320 ----a-w C:\WINDOWS\MOPYFISH.SCR
2008-08-21 09:09 10,944 ----a-w C:\WINDOWS\BYEFISH.EXE
2008-08-16 19:04 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-08-16 16:14 --------- d-----w C:\Program Files\ICQLite
2008-08-16 12:55 --------- d-----w C:\Program Files\Cool CENZURA
2008-08-13 08:57 --------- d-----w C:\Program Files\Java
2008-08-13 08:57 --------- d-----w C:\Program Files\Common Files\Java
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-10 14:42 51,200 ----a-w C:\WINDOWS\inf.exe
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-08 15:04 22,328 ----a-w C:\Documents and Settings\RedFisch\Data aplikací\PnkBstrK.sys
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Steam"="C:\PROGRA~1\Valve\Steam\Steam.exe" [2008-06-12 1271032]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"nodenable"="C:\Program Files\eset\nodenable.exe" [2008-08-22 359639]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-07-29 358448]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-11 949376]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"CM-SmWizard"="C:\WINDOWS\System\SmWizard.exe" [2003-08-29 1454080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

C:\Documents and Settings\RedFisch\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Disk Cleaner.lnk - C:\Program Files\Disk Cleaner\dclean.exe [2005-11-20 209920]
Mopy Points Collector.lnk - C:\MOPYFISH\GETPOINT.EXE [2008-08-21 39612]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-09-01 12:17 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\martas007\\counter-strike\\hl.exe"=
"D:\\BitComet(torrent)\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\martas007\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\martas007\\condition zero\\hl.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Empire Interactive\\FlatOut 2\\flatout2.exe"=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Miranda IM\\Miranda IM\\miranda32.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\RpcSandraSrv.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\MultiProxy\\MProxy.exe"=
"D:\\CS 1.6v19\\Counter-Strike 1.6\\cstrike.exe"=
"D:\\CS 1.6v19 zaloha\\Counter-Strike 1.6\\cstrike.exe"=
"E:\\bulanci.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21845:TCP"= 21845:TCP:BitComet 21845 TCP
"21845:UDP"= 21845:UDP:BitComet 21845 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-11-20 9216]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2005-06-10 25088]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 69120]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\RedFisch\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [ ]
S3 leafnets;Leaf Networks Adapter;C:\WINDOWS\system32\DRIVERS\leafnets.sys [2007-05-03 55296]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys [2005-11-21 13824]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);C:\WINDOWS\system32\drivers\WPRO_40_1123.sys [ ]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2007-06-25 500736]

*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.seznam.cz/
R1 -: HKCU-Internet Settings,ProxyServer = 127.0.0.1:8080
R1 -: HKCU-Internet Settings,ProxyOverride = local
O8 -: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: Stáhnout odkaz s použitím BitCometu - D:\BitComet(torrent)\BitComet\BitComet.exe/AddLink.htm
O8 -: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 -: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Stáhnout všechna videa s použitím BitCometu - D:\BitComet(torrent)\BitComet\BitComet.exe/AddVideo.htm
O8 -: Stáhnout všechny odkazy s použitím BitCometu - D:\BitComet(torrent)\BitComet\BitComet.exe/AddAllLink.htm
O9 -: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 16:50:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Celkový čas: 2008-09-28 16:51:35
ComboFix-quarantined-files.txt 2008-09-28 14:51:32

Před spuštěním: Volněch bajt…: 16˙869˙281˙792
Po spuštění: Volněch bajt…: 16,855,908,352

271 --- E O F --- 2008-09-16 18:43:31

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\003306_.tmp


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený přejmenovaný program ComboFix.exe a když se oba soubory překryjí, skript upusť
Toto dej na Virustotal:
návod:
viewtopic.php?f=70&t=5121

Kód: Vybrat vše

C:\win32.sys   

Pak sem vlož výsledek.
Koukni zda je toto update windows:
C:\e9388ec93fabcec0540e