Poprosim o kontrolu logu Vyřešeno

[Kobra.svk]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:01, on 5. 5. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Settings\Kobra\LOCALS~1\Temp\srcmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,\s,
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 92.240.237.20 l2authd.lineage2.com # Forbidden Lands Lineage 2 Server
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [System Resource Monitor] C:\Settings\Kobra\LOCALS~1\Temp\srcmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-1482476501-1085031214-725345543-1003\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-21-1482476501-1085031214-725345543-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: okAobuVsokVL - {EC403D40-46EA-97EA-70AC-BE80BFB62172} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8812 bytes

[Reklama]

[Damned]

Stáhni si CCleaner http://www.filehippo.com/download_ccleaner/ vyčisti sním počítač a pak jsem dej znovu log z HJT

[Kobra.svk]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:53, on 5. 5. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Settings\Kobra\LOCALS~1\Temp\srcmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,\s,
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 92.240.237.20 l2authd.lineage2.com # Forbidden Lands Lineage 2 Server
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [System Resource Monitor] C:\Settings\Kobra\LOCALS~1\Temp\srcmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-1482476501-1085031214-725345543-1003\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-21-1482476501-1085031214-725345543-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: okAobuVsokVL - {EC403D40-46EA-97EA-70AC-BE80BFB62172} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8851 bytes

[Damned]

Spusť si HJT a fixni:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKCU\..\Run: [System Resource Monitor] C:\Settings\Kobra\LOCALS~1\Temp\srcmon.exe

Potom:

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Co ti to vůbec dělá/nedělá?

[Kobra.svk]

Nejde mi windows installer a nefunguje mi GP klient a cely windows sa po instalacii Service packu 3 sprava trocha inak... je pomalsi,,,sem tam sa sekne nejaky program...atd... skusal som vsetko okrem tohoto a formatovanim (ani reinstal windowsu nepomohlo...hadzalo vtipnu hlasku o chybajucom subore VIAAGP1.sys)
a dufam ze toto ma zachrani pred formatovanim.. =)

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2078
Windows 5.1.2600 Service Pack 3

5. 5. 2009 20:39:06
mbam-log-2009-05-05 (20-39-00).txt

Typ skenu: Rychlý sken
Objektu skenováno: 102734
Uplynulý cas: 7 minute(s), 0 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Ovladač by měl být tuná http://www.dynamiclink.nl/htmfiles/rfra ... o_v/11.htm , a popis zas tu http://www.file.net/process/viaagp1.sys.html .

Vypni rez. ochrany u avastu, ukonči všechny programy.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Kobra.svk]

tak ten prvy link mi nefunguje...spojenie prerusene a ten druhy link to je vlastne program registrybooster ktori mi nejde nainstalovat kvoli windows installeru
prvy log som omylom zmazal bo som zabudol vypnut rezidentnu ochranu avastu, ale nieco mazal a musel som restartovat pc. tu je druhy log hned potom
ComboFix 09-05-04.A3 - Kobra . 05. 2009 21:18.5 - NTFSx86
Running from: c:\settings\Kobra\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-02 20:02 . 2008-04-13 20:57 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll
2009-05-02 20:02 . 2008-04-14 03:42 1306624 -c----w c:\windows\system32\dllcache\msxml6.dll
2009-05-02 20:02 . 2007-06-26 09:30 22060 -c----w c:\windows\system32\dllcache\npds.zip
2009-05-02 20:02 . 2007-06-26 09:26 403 -c----w c:\windows\system32\dllcache\npdrmv2.zip
2009-05-02 20:02 . 2008-04-14 03:40 102912 -c----w c:\windows\system32\dllcache\dpcdll.dll
2009-05-02 20:00 . 2008-04-14 03:42 294912 -c----w c:\windows\system32\dllcache\dlimport.exe
2009-05-02 15:48 . 2009-05-02 15:48 -------- d-----w c:\program files\Sophos
2009-05-02 15:21 . 2003-07-02 02:42 27904 ----a-w c:\windows\system32\drivers\VIAAGP1.SYS
2009-05-02 14:21 . 2001-08-17 20:36 26112 -c--a-w c:\windows\system32\dllcache\EXCH_seos.dll
2009-05-02 14:20 . 2001-08-23 12:00 36864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
2009-05-02 14:19 . 2001-08-23 12:00 19968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll
2009-05-02 14:19 . 2001-08-23 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-05-02 14:19 . 2001-08-23 12:00 169984 -c--a-w c:\windows\system32\dllcache\iisui.dll
2009-05-02 14:19 . 2001-08-23 12:00 5632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll
2009-05-02 14:19 . 2001-08-23 12:00 14336 -c--a-w c:\windows\system32\dllcache\iisreset.exe
2009-05-02 14:19 . 2001-08-23 12:00 6144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll
2009-05-02 14:18 . 2001-08-23 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-02 13:51 . 2001-08-23 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-02 13:51 . 2001-08-23 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-02 13:51 . 2001-08-23 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-02 13:51 . 2001-08-23 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-01 19:25 . 2009-05-02 13:37 -------- d-----w c:\program files\nLite
2009-04-30 16:08 . 2009-05-03 10:07 -------- dc----w c:\windows\system32\DllCache
2009-04-30 14:39 . 2001-08-23 11:00 77824 -c--a-w c:\windows\system32\dllcache\spcommon.dll
2009-04-30 14:39 . 2001-08-23 11:00 774144 -c--a-w c:\windows\system32\dllcache\spttseng.dll
2009-04-30 14:39 . 2001-08-23 11:00 36864 -c--a-w c:\windows\system32\dllcache\sapisvr.exe
2009-04-30 14:38 . 2009-04-30 13:01 -------- d-----w C:\Documents and Settings
2009-04-30 12:53 . 2001-08-23 11:00 42577 -c--a-w c:\windows\system32\dllcache\bckgzm.exe
2009-04-30 07:17 . 2009-04-30 07:17 -------- d-----w c:\settings\Kobra\Local Settings\Application Data\Downloaded Installations
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-29 18:49 . 2009-04-29 19:29 -------- d-----w c:\program files\RegCure
2009-04-29 18:40 . 2009-04-30 16:57 -------- dc-h--w c:\settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-04-29 18:14 . 2009-04-29 18:14 -------- d-----w c:\settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-29 17:53 . 2005-01-28 11:44 18944 ----a-w c:\windows\system32\drivers\wpdusb.sys
2009-04-29 17:07 . 2009-03-09 13:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-29 17:06 . 2008-03-05 14:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2009-04-28 17:18 . 2008-04-14 03:41 4255 ----a-w c:\windows\system32\drivers\adv01nt5.dll
2009-04-28 15:57 . 2009-04-29 16:50 1100 ----a-w c:\windows\system32\d3d8caps.dat
2009-04-28 15:16 . 2009-05-01 18:24 -------- d-----w c:\program files\GamePark
2009-04-26 18:43 . 2009-04-26 18:43 -------- d-----w c:\program files\DjVuZone
2009-04-26 17:01 . 2009-04-26 17:01 -------- d-----w c:\settings\Kobra\Application Data\VitySoft
2009-04-26 16:40 . 2009-04-26 16:40 -------- d-----w c:\settings\Kobra\Application Data\GrabPro
2009-04-26 16:25 . 2009-04-26 16:25 -------- d-----w c:\windows\system32\xircom
2009-04-26 16:25 . 2009-04-26 16:25 -------- d-----w c:\program files\microsoft frontpage
2009-04-25 20:15 . 2009-04-25 20:15 -------- d-----w c:\program files\Windows Resource Kits
2009-04-25 19:29 . 2004-08-03 21:00 71040 ----a-w c:\windows\system32\drivers\_003315_.tmp.dll
2009-04-25 18:54 . 2009-04-25 18:54 -------- d-----w c:\settings\Kobra\Local Settings\Application Data\Gas Powered Games
2009-04-21 20:27 . 2009-04-24 20:32 -------- d-----w c:\program files\TC PowerPack
2009-04-21 17:14 . 2009-04-21 20:26 -------- d-----w c:\program files\Quake III Arena
2009-04-21 17:12 . 2009-04-21 17:12 -------- d-----w c:\settings\Kobra\WINDOWS
2009-04-17 21:37 . 2009-04-17 21:37 -------- d-----w c:\settings\Kobra\Application Data\DivX
2009-04-16 06:50 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
2009-04-16 06:50 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 17:03 . 2009-04-14 17:03 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-06 15:48 . 2009-04-06 16:03 -------- d-----w c:\program files\ICQ6.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 18:05 . 2008-03-31 19:26 -------- d-----w c:\program files\Winamp
2009-05-05 17:58 . 2008-04-24 16:14 -------- d-----w c:\program files\Xfire
2009-05-05 14:16 . 2007-10-29 17:15 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-05 14:16 . 2007-10-29 17:14 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-05 10:08 . 2008-10-07 13:26 -------- d-----w c:\program files\Rainlendar2
2009-05-03 10:07 . 2009-05-03 10:07 -------- d-----w c:\program files\Razer
2009-05-03 10:07 . 2007-10-27 14:53 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-03 09:21 . 2009-05-03 09:21 -------- d-----w c:\program files\xp-AntiSpy
2009-05-02 21:26 . 2009-01-07 22:29 -------- d-----w c:\program files\MSECache
2009-05-02 14:39 . 2001-08-23 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-02 14:17 . 2007-10-27 14:27 23348 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-02 11:57 . 2008-01-31 20:05 7480 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-02 07:52 . 2007-10-27 14:29 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-01 12:16 . 2009-03-03 17:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 16:56 . 2007-10-27 14:40 114168 ----a-w c:\settings\Kobra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 14:16 . 2008-04-30 14:02 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-28 10:26 . 2007-10-31 08:24 155503 -c--a-w c:\windows\War3Unin.dat
2009-04-25 14:24 . 2007-12-05 17:35 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-04-25 07:09 . 2009-04-03 18:57 -------- d-----w c:\program files\Ray Adams
2009-04-24 19:47 . 2008-11-29 14:41 -------- d-----w c:\program files\Common Files\Real
2009-04-06 13:32 . 2009-03-03 17:18 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-03-03 17:18 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 22:06 . 2009-04-02 20:14 -------- d-----w c:\program files\ATITool
2009-03-31 20:38 . 2008-05-12 10:52 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-17 21:15 . 2008-11-03 17:01 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-16 12:18 . 2009-04-29 17:07 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-29 17:07 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-29 17:07 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-29 17:07 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-15 18:58 . 2007-12-03 16:25 -------- d-----w c:\program files\DivX
2009-03-15 18:58 . 2009-03-15 18:58 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-09 13:27 . 2009-04-29 17:07 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-29 17:07 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-01 09:41 . 2007-10-29 17:14 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-25 22:58 . 2005-01-20 03:25 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2007-09-29 03:07 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2005-01-20 03:25 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2005-01-20 03:46 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2005-01-20 03:21 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2005-01-20 03:21 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2005-01-20 03:21 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2005-01-20 03:21 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2005-01-20 03:21 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2005-01-20 03:20 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2005-01-20 03:19 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2005-01-20 03:12 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2005-02-21 23:23 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2005-01-20 03:06 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:44 . 2007-12-21 02:24 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2007-09-29 02:22 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2008-06-03 02:28 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2005-01-20 03:01 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2005-01-20 03:01 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2007-09-29 02:47 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2005-01-20 02:55 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 13:15 . 2007-10-27 14:53 593920 ----a-w c:\windows\system32\ati2sgag.exe
2009-02-24 16:55 . 2007-11-18 11:48 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-21 17:24 . 2007-10-28 18:01 114168 ----a-w c:\settings\Miroslav\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
2007-12-24 19:30 . 2007-12-24 19:05 952 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-05_19.08.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 11:00 . 2009-05-05 18:03 89728 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2009-05-05 19:11 89728 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2009-05-05 19:11 490296 c:\windows\system32\perfh009.dat
- 2001-08-23 11:00 . 2009-05-05 18:03 490296 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"Ptipbmf"="ptipbmf.dll" - c:\windows\system32\ptipbmf.dll [2003-06-20 118784]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2004-02-26 65024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\settings\Kobra\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-4-29 3145552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-03 14:18 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\h:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"d:\\Program Files\\Eidos Interactive\\Pyro Studios\\Praetorians\\Praetorians.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\13.tmp [2007-08-14 5760]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 pmxscan;USB Flatbed Scanner Driver;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2005-12-21 14592]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-10-31 77312]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-31 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-07-24 55024]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]
S3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2006-10-23 27776]
S3 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]


--- Other Services/Drivers In Memory ---

*Deregistered* - 6to4
*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Amfilter
*Deregistered* - Apache2.2
*Deregistered* - Arp1394
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - ATITool
*Deregistered* - atksgt
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CCALib8
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - gagp30kx
*Deregistered* - Gpc
*Deregistered* - hamachi
*Deregistered* - Hardlock
*Deregistered* - Haspnt
*Deregistered* - helpsvc
*Deregistered* - Ip6Fw
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - lirsgt
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - mysql
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - Nero BackItUp Scheduler 4.0
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - NwSapAgent
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - SCDEmu
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfsync02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Schedule
*Deregistered* - Spooler
*Deregistered* - SQLBrowser
*Deregistered* - SQLWriter
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Tcpip6
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - tunmp
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 19:19]

2009-04-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.daemonsearch.com/intl/
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
FF - ProfilePath - c:\settings\Kobra\Application Data\Mozilla\Firefox\Profiles\default.z5u\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\settings\Kobra\Application Data\Mozilla\Firefox\Profiles\default.z5u\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\settings\Kobra\Application Data\Mozilla\Firefox\Profiles\default.z5u\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\cs.js - pref("browser.search.mode", 1);
c:\program files\Mozilla Firefox\defaults\pref\cs.js - pref("browser.downloadmanager.behavior", 1);
c:\program files\Mozilla Firefox\defaults\pref\cs.js - pref("browser.search.opensidebarsearchpanel", false);
c:\program files\Mozilla Firefox\defaults\pref\cs.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\cs.js - pref("sidebar.customize.all_panels.url", "http://www.czilla.cz/sidebars/panels/all-panels.rdf");
c:\program files\Mozilla Firefox\defaults\pref\cs.js - pref("sidebar.customize.directory.url", "http://www.czilla.cz/sidebars/");
c:\program files\Mozilla Firefox\defaults\pref\cs.js - pref("sidebar.customize.more_panels.url", "http://www.czilla.cz/sidebars/");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 21:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\13.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1085031214-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1482476501-1085031214-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a9,ee,0f,b8,5a,b9,2e,22,01,bb,88,98,0b,74,03,2c,61,38,eb,bf,b5,e2,b2,
2b,07,a8,5d,0c,8d,73,9f,30,1c,0a,a2,a6,00,f5,40,50,b7,73,c0,e7,92,cd,99,10,\
"??"=hex:bb,db,c3,a1,fb,fe,eb,b3,62,30,65,5a,71,3b,e1,54

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2013a4c1-47e7-44c8-b3dc-8ae5da91bbc5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000007
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6e,0b,ec,f4,b5,a6,7d,9f,01,b9,56,28,7b,0a,a2,91,8b,7b,d7,da,79,
c9,23,4e,ca,6d,09,0f,9b,3b,51,52,b4,46,5c,54,47,fe,d6,ad,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-05-05 21:22
ComboFix-quarantined-files.txt 2009-05-05 19:21
ComboFix2.txt 2009-05-05 19:13

Pre-Run: 10 043 822 080 bytes free
Post-Run: 10 025 746 432 bytes free

Current=12 Default=12 Failed=0 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
449 --- E O F --- 2009-04-16 20:54

[Damned]

Ovladač tam máš: c:\windows\system32\drivers\VIAAGP1.SYS

Je vidět, že ComboFix něco smáznul, tak prosím tě spusť ještě jednou ten Malwarebytes' Anti-Malware a dej sem z něho opět log.

[Kobra.svk]

ano, teraz tam je ale pri instalacii ho pyta...ked dam cancel tak instalacia pojde dalej, ale po dokonceni instalacie Pc hadze modre obrazovky o stosest a restartuje sa potom pc... jedine v nudzovom rezime nainstalovat znova service pack 3 a potom to pojde tak ako trz...
to je ten log...
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2078
Windows 5.1.2600 Service Pack 3

5. 5. 2009 21:49:28
mbam-log-2009-05-05 (21-49-24).txt

Typ skenu: Rychlý sken
Objektu skenováno: 94657
Uplynulý cas: 5 minute(s), 56 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Pokud chce ten ovladač měl by ti nabídnout i úložiště.Buď z HDD nebo (mám takový tušení) z i386.

[Kobra.svk]

mno hladal som ho na HDD ale nenasiel (c:\WINDOWS\system32\drivers\ kde by sa mohol nachadzat a dokonca som si aj ulozil pred reinstal na disketu, a ked som to potom pouzil tak neprotestoval, ale ze by mu to prospelo....to tiez asi nie..bo som musel znova dat SP3....na logu sa pracuje....uz je hotov:

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2078
Windows 5.1.2600 Service Pack 3

6. 5. 2009 0:05:00
mbam-log-2009-05-06 (00-04-57).txt

Typ skenu: Úplný sken (C:\|D:\|)
Objektu skenováno: 267816
Uplynulý cas: 1 hour(s), 33 minute(s), 55 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Podívej se ještě do služeb na Službu Windows Installer zda jí máš zapnutou na ruční spouštění.

Červený soubor otestuj na virustotal a dej sem pak výsledek.
C:\Settings\Kobra\LOCALS~1\Temp\srcmon.exe

Spusť si regedit a tuto hodnotu vyhledej a smaž: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer\ForceClassicControlPanel