Prosím o kontrolu logu

Dymon · Příspěvekod **Dymon** » 30 srp 2010 13:29

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:06, on 30.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\A4Tech\Mouse\Amoumain.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\Opera\opera.exe
E:\Documents and Settings\Petr\Plocha\SWL2.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\sdasdas\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1482476501-329068152-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-329068152-725345543-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\WINDOWS\system32\wbsys.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8075 bytes

Problémy, které teď mam a chtěl bych je tímto vyřešit jsou:
1) "Tento Počítáč" načíta neskutečně dlouho (objeví se taková baterka, jak kdyby to něco hledalo) - taktéž, dlouha doba otevírání souborů WINrar
2) Nejde hodit PC do Úsporného režimu
3) Když zapnu PC, tak mám na výběr že tři systemu (nevim jak to nazvat, prostě 2x windows xp a pak nějaky recovery - nevim co to je)... byl bych rad kdyby tam byl jen ten jeden, ze kterého spouštím PC
4) U hry Mafie 1 mi PC háže error při spuštění, nejspíš je to modifikacemi ktere sem tam kdysi stáhnul, ale nevim jak je plně odstranit

Reklama

bledulka · Příspěvekod **bledulka** » 30 srp 2010 13:51

Ahoj, tak půjdeme na to postupně

Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit

**********************

Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde

*********************

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

UnNamed · Příspěvekod **UnNamed** » 30 srp 2010 13:59

Dymon píše:4) U hry Mafie 1 mi PC háže error při spuštění, nejspíš je to modifikacemi ktere sem tam kdysi stáhnul, ale nevim jak je plně odstranit

Tak to se dá vyřešit tím že si tu mafii odinstaluješ a poté znova nainstaluješ ;-)

Na internetu se dá najít i uložené pozice takže to nemusíš znova hrát.

Dymon · Příspěvekod **Dymon** » 30 srp 2010 14:00

Logfile of random's system information tool 1.08 (written by random/random)
Run by Petr at 2010-08-30 14:00:00
WIN_XP Service Pack 3
System drive E: has 8 GB (16%) free of 53 GB
Total RAM: 3071 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:00:02, on 30.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\A4Tech\Mouse\Amoumain.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\Opera\opera.exe
E:\Documents and Settings\Petr\Plocha\SWL2.exe
C:\Program Files\3.3.5\Wow.exe
E:\Documents and Settings\Petr\Plocha\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home/?ai=13054
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\sdasdas\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1482476501-329068152-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-329068152-725345543-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\WINDOWS\system32\wbsys.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8116 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-20 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - E:\Program Files\Pošťák\Postak\SRank.dll [2007-05-16 269632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"WheelMouse"=E:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"SunJavaUpdateSched"=E:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=E:\Program Files\sdasdas\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe [2006-06-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
E:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
E:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
E:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
E:\Program Files\Pošťák\Postak\Postak.exe [2008-02-21 453936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Program Files\Steam\Steam.exe [2010-08-24 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
E:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-05-05 111928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWL2]
E:\Documents and Settings\Petr\Plocha\SWL2.exe [2010-03-10 1223680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
E:\Program Files\winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^CurseClientStartup.ccip]
E:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění\CurseClientStartup.ccip []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="E:\WINDOWS\system32\wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2010-08-04 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
E:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-21 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - E:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"E:\Program Files\BitSpirit\BitSpirit.exe"="E:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\WINDOWS\system32\PnkBstrA.exe"="E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"E:\WINDOWS\system32\PnkBstrB.exe"="E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\ICQ6.5\ICQ.exe"="E:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe"="E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe"="E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\WINDOWS\system32\dpvsetup.exe"="E:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"E:\Program Files\Skype\Plugin Manager\skypePM.exe"="E:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Program Files\Counter-Strike 1.6\hl.exe"="E:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\ICQ7.0\ICQ.exe"="E:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"E:\Program Files\ICQ7.0\aolload.exe"="E:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\World of Warcraft 3.3.2\Launcher.exe"="C:\Program Files\World of Warcraft 3.3.2\Launcher.exe:*:Enabled:Launcher.exe"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="E:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"E:\Program Files\TmUnitedForever\TmForever.exe"="E:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"E:\Documents and Settings\Petr\Plocha\FLVPlayer_Setup.exe"="E:\Documents and Settings\Petr\Plocha\FLVPlayer_Setup.exe:*:Enabled:Flash FLV Player"
"C:\Program Files\3.3.3a\Launcher.exe"="C:\Program Files\3.3.3a\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe"="C:\Program Files\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe:*:Enabled:Grand Theft Auto IV - Episodes From Liberty City"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe"="E:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe"="E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe"="E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\Program Files\ICQ7.0\ICQ.exe"="E:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"E:\Program Files\ICQ7.0\aolload.exe"="E:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-08-30 13:57:37 ----D---- E:\rsit
2010-08-26 12:40:34 ----D---- E:\Program Files\Realtek
2010-08-26 12:40:25 ----A---- E:\WINDOWS\RtlExUpd.dll
2010-08-26 12:26:29 ----N---- E:\WINDOWS\system32\spmsg.dll
2010-08-26 12:26:17 ----HDC---- E:\WINDOWS\$NtUninstallKB942288-v3$
2010-08-26 12:04:40 ----A---- E:\WINDOWS\system32\atimpc32.dll
2010-08-26 12:04:40 ----A---- E:\WINDOWS\system32\atibtmon.exe
2010-08-26 12:04:40 ----A---- E:\WINDOWS\system32\atiapfxx.exe
2010-08-26 12:04:27 ----D---- E:\Program Files\ATI
2010-08-26 09:06:08 ----D---- E:\Program Files\2K Games
2010-08-22 16:14:01 ----A---- E:\WINDOWS\system32\HPcam_01.dll
2010-08-22 16:06:38 ----AD---- E:\Program Files\HP PSE 9.0 SW
2010-08-22 15:57:17 ----D---- E:\Program Files\HP
2010-08-22 14:38:02 ----D---- E:\Documents and Settings\Petr\Data aplikací\Software Informer
2010-08-20 14:35:33 ----A---- E:\WINDOWS\system32\XAudio2_7.dll
2010-08-20 14:35:33 ----A---- E:\WINDOWS\system32\XAPOFX1_5.dll
2010-08-20 14:35:31 ----A---- E:\WINDOWS\system32\xactengine3_7.dll
2010-08-20 14:35:28 ----A---- E:\WINDOWS\system32\D3DCompiler_43.dll
2010-08-20 14:35:26 ----A---- E:\WINDOWS\system32\d3dcsx_43.dll
2010-08-20 14:35:25 ----A---- E:\WINDOWS\system32\d3dx11_43.dll
2010-08-20 14:35:23 ----A---- E:\WINDOWS\system32\d3dx10_43.dll
2010-08-20 14:35:22 ----A---- E:\WINDOWS\system32\D3DX9_43.dll
2010-08-20 14:35:20 ----A---- E:\WINDOWS\system32\XAudio2_6.dll
2010-08-20 14:35:20 ----A---- E:\WINDOWS\system32\XAPOFX1_4.dll
2010-08-20 14:35:17 ----A---- E:\WINDOWS\system32\xactengine3_6.dll
2010-08-20 14:35:13 ----A---- E:\WINDOWS\system32\X3DAudio1_7.dll
2010-08-20 13:55:09 ----D---- E:\Program Files\Steam
2010-08-19 21:20:11 ----D---- E:\WINDOWS\SxsCaPendDel
2010-08-19 20:57:15 ----A---- E:\WINDOWS\system32\drivers\revoflt.sys
2010-08-19 20:43:17 ----D---- E:\WINDOWS\pss
2010-08-16 12:01:17 ----D---- E:\Program Files\DreamCom
2010-08-15 11:31:21 ----SHD---- E:\Documents and Settings\All Users\Data aplikací\SecuROM

======List of files/folders modified in the last 1 months======

2010-08-30 13:59:48 ----D---- E:\WINDOWS\temp
2010-08-30 13:57:40 ----D---- E:\WINDOWS\Prefetch
2010-08-30 13:57:21 ----D---- E:\WINDOWS
2010-08-30 13:23:38 ----SHD---- E:\WINDOWS\Installer
2010-08-30 13:23:37 ----HD---- E:\Config.Msi
2010-08-29 22:57:13 ----N---- E:\WINDOWS\SchedLgU.Txt
2010-08-29 14:25:21 ----D---- E:\WINDOWS\system32\CatRoot2
2010-08-28 09:37:50 ----A---- E:\WINDOWS\win.ini
2010-08-28 09:37:50 ----A---- E:\WINDOWS\system.ini
2010-08-26 13:21:29 ----D---- E:\WINDOWS\system32
2010-08-26 13:21:05 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-08-26 13:21:00 ----D---- E:\WINDOWS\system32\drivers
2010-08-26 13:20:29 ----D---- E:\WINDOWS\WinSxS
2010-08-26 13:20:18 ----HD---- E:\WINDOWS\inf
2010-08-26 12:40:34 ----RD---- E:\Program Files
2010-08-26 12:40:33 ----HD---- E:\Program Files\InstallShield Installation Information
2010-08-26 12:35:16 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2010-08-26 12:04:40 ----DC---- E:\WINDOWS\system32\DRVSTORE
2010-08-26 09:21:59 ----D---- E:\Program Files\Common Files\Wise Installation Wizard
2010-08-26 09:20:30 ----D---- E:\WINDOWS\system32\DirectX
2010-08-26 09:18:08 ----RSD---- E:\WINDOWS\assembly
2010-08-26 09:17:17 ----D---- E:\WINDOWS\Logs
2010-08-25 17:55:10 ----D---- E:\Program Files\TrackMania Nations ESWC
2010-08-25 16:28:18 ----A---- E:\WINDOWS\NeroDigital.ini
2010-08-22 15:04:36 ----D---- E:\Program Files\Common Files
2010-08-21 22:02:22 ----D---- E:\Program Files\ICQ7.0
2010-08-19 22:29:10 ----D---- E:\Documents and Settings\Petr\Data aplikací\BSplayer Pro
2010-08-19 22:27:02 ----D---- E:\Program Files\VS Revo Group
2010-08-19 21:55:29 ----AD---- E:\Documents and Settings\All Users\Data aplikací\TEMP
2010-08-19 21:35:56 ----D---- E:\Program Files\Cenega Czech
2010-08-19 21:31:35 ----D---- E:\Documents and Settings\Petr\Data aplikací\Hamachi
2010-08-19 21:22:49 ----D---- E:\Documents and Settings\All Users\Data aplikací\DivX
2010-08-19 21:20:14 ----D---- E:\Program Files\Common Files\DivX Shared
2010-08-19 21:13:20 ----D---- E:\Program Files\Webteh
2010-08-19 21:12:43 ----A---- E:\WINDOWS\wincmd.ini
2010-08-19 21:09:06 ----D---- E:\Program Files\DAEMON Tools Toolbar
2010-08-19 20:50:46 ----D---- E:\WINDOWS\Minidump
2010-08-19 20:44:46 ----D---- E:\Program Files\Mozilla Firefox
2010-08-19 20:38:40 ----D---- E:\Program Files\Common Files\Adobe
2010-08-19 19:06:12 ----D---- E:\Program Files\Adobe
2010-08-19 18:59:58 ----D---- E:\Documents and Settings\Petr\Data aplikací\Adobe
2010-08-19 18:54:39 ----D---- E:\Documents and Settings\All Users\Data aplikací\Adobe
2010-08-17 20:19:59 ----D---- E:\WINDOWS\system32\config
2010-08-15 11:29:13 ----D---- E:\WINDOWS\system32\CatRoot
2010-08-14 09:10:07 ----D---- E:\Program Files\Opera
2010-08-13 19:51:55 ----D---- E:\WINDOWS\system32\Restore
2010-08-11 15:07:58 ----D---- E:\Documents and Settings\Petr\Data aplikací\ICQ
2010-08-04 03:59:10 ----A---- E:\WINDOWS\system32\aticalrt.dll
2010-08-04 03:59:00 ----A---- E:\WINDOWS\system32\aticalcl.dll
2010-08-04 03:57:40 ----A---- E:\WINDOWS\system32\aticaldd.dll
2010-08-04 03:53:22 ----A---- E:\WINDOWS\system32\atioglxx.dll
2010-08-04 03:47:50 ----A---- E:\WINDOWS\system32\atiiiexx.dll
2010-08-04 03:47:00 ----A---- E:\WINDOWS\system32\ATIDEMGX.dll
2010-08-04 03:46:04 ----A---- E:\WINDOWS\system32\ati2dvag.dll
2010-08-04 03:41:40 ----A---- E:\WINDOWS\system32\ati3duag.dll
2010-08-04 03:31:16 ----A---- E:\WINDOWS\system32\atipdlxx.dll
2010-08-04 03:31:04 ----A---- E:\WINDOWS\system32\Oemdspif.dll
2010-08-04 03:30:56 ----A---- E:\WINDOWS\system32\Ati2mdxx.exe
2010-08-04 03:30:50 ----A---- E:\WINDOWS\system32\ati2edxx.dll
2010-08-04 03:30:38 ----A---- E:\WINDOWS\system32\ati2evxx.dll
2010-08-04 03:29:26 ----A---- E:\WINDOWS\system32\ati2evxx.exe
2010-08-04 03:28:12 ----A---- E:\WINDOWS\system32\ATIDDC.DLL
2010-08-04 03:28:06 ----A---- E:\WINDOWS\system32\ativvaxx.dll
2010-08-04 03:24:04 ----A---- E:\WINDOWS\system32\atikvmag.dll
2010-08-04 03:23:52 ----A---- E:\WINDOWS\system32\atiok3x2.dll
2010-08-04 03:22:28 ----A---- E:\WINDOWS\system32\atiadlxx.dll
2010-08-04 03:22:08 ----A---- E:\WINDOWS\system32\atitvo32.dll
2010-08-04 03:16:50 ----A---- E:\WINDOWS\system32\ati2cqag.dll
2010-08-04 03:15:20 ----A---- E:\WINDOWS\system32\amdpcom32.dll
2010-08-04 03:14:38 ----A---- E:\WINDOWS\system32\drivers\ati2erec.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; E:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 prosync1;StarForce Protection Synchronization Driver v1; E:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; E:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); E:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp01;StarForce Protection Helper Driver; E:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); E:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); E:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; E:\WINDOWS\System32\Drivers\sptd.sys [2010-04-21 691696]
R0 timounter;Acronis True Image Backup Archive Explorer; E:\WINDOWS\system32\DRIVERS\timntr.sys [2009-06-09 441760]
R1 AmdK8;Ovladač procesoru AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Amfilter;A4Tech Mouse Filter Driver; E:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 ehdrv;ehdrv; E:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; E:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 prodrv06;StarForce Protection Environment Driver v6; E:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R2 eamon;eamon; E:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 tifsfilter;Acronis True Image FS Filter; E:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-06-09 44384]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; E:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-26 247808]
R3 AEAudio;AE Audio Service; E:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-27 93824]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; E:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-08-04 5243392]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; E:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MouseCap;MouseCapture Driver; E:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 MTsensor;ATK0110 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-12 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-12 20480]
R3 SenFiltService;SenFilt Service; E:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-18 392960]
R3 tapvpn;TAP VPN Adapter; E:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 a691bn3q;a691bn3q; E:\WINDOWS\system32\drivers\a691bn3q.sys []
S3 ATIAVAIW;ATI T200 Unified AVStream service; E:\WINDOWS\system32\DRIVERS\atinavt2.sys [2006-05-02 166528]
S3 CCDECODE;Dekodér Closed Caption; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ENTECH;ENTECH; \??\E:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; E:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-07-03 25280]
S3 Moufiltr;Mouse Test Driver; E:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 9661]
S3 mouhid;Ovladač myši standardu HID; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; E:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Revoflt;Revoflt; E:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TVICHW32;TVICHW32; \??\E:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;Adaptér USB RNDIS; E:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2010-08-04 606208]
R2 ekrn;ESET Service; E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 ForcewareWebInterface;Forceware Web Interface; E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 HssSrv;Hotspot Shield Helper Service; E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-22 328752]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2010-04-20 153376]
R2 nSvcIp;ForceWare IP service; E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 SQLBrowser;SQL Server Browser; E:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S2 ATI Smart;ATI Smart; E:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
S3 aspnet_state;Stavová služba ASP.NET; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HssTrayService;Hotspot Shield Tray Service; E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-04-22 34352]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; E:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; E:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Druhý sken dodám hned jakmile se dokončí

Dymon · Příspěvekod **Dymon** » 30 srp 2010 14:03

UnNamed píše:
Dymon píše:4) U hry Mafie 1 mi PC háže error při spuštění, nejspíš je to modifikacemi ktere sem tam kdysi stáhnul, ale nevim jak je plně odstranit

Tak to se dá vyřešit tím že si tu mafii odinstaluješ a poté znova nainstaluješ
Na internetu se dá najít i uložené pozice takže to nemusíš znova hrát.

Věř mi, že kdyby se to tak dalo vyřešit, tak se s tím netrápím...

bledulka · Příspěvekod **bledulka** » 30 srp 2010 14:10

Dobře. Ta konzole se Ti tam musela objevit po použití combofixu, kdy jsi ho použil? v logu ho nikde nevidím

Dymon · Příspěvekod **Dymon** » 30 srp 2010 16:12

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4505

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.8.2010 16:11:54
mbam-log-2010-08-30 (16-11-54).txt

Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 264457
Uplynulý čas: 2 hodina(y), 8 minuta(y), 9 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\System Volume Information\_restore{18274F00-F9A6-4B40-8C80-4C02FDEE85F6}\RP375\A0357762.exe (Rootkit.Dropper) -> No action taken.
C:\System Volume Information\_restore{18274F00-F9A6-4B40-8C80-4C02FDEE85F6}\RP375\A0357763.exe (Rootkit.Dropper) -> No action taken.
C:\System Volume Information\_restore{18274F00-F9A6-4B40-8C80-4C02FDEE85F6}\RP375\A0357764.exe (Rootkit.Dropper) -> No action taken.
C:\System Volume Information\_restore{18274F00-F9A6-4B40-8C80-4C02FDEE85F6}\RP408\A0385649.exe (Rogue.Installer) -> No action taken.

Zde je druhý log

Combofix sem naposledy používal před zhruba půl rokem, ale jelikož mi nečekaně selhal PC tak se to nedokončilo a combofix sem nedavno smazal

bledulka · Příspěvekod **bledulka** » 30 srp 2010 19:09

V mbamu vše smaž.
Můžeme spustit combofix?

Dymon · Příspěvekod **Dymon** » 30 srp 2010 20:30

Všechno smazáno. Můžeš sem hodit link a combofix?

bledulka · Příspěvekod **bledulka** » 30 srp 2010 20:57

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

Dymon · Příspěvekod **Dymon** » 31 srp 2010 00:07

ComboFix 10-08-29.04 - Petr 30.08.2010 23:56:54.8.1 - x86
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\Petr\Dokumenty\cc_20100830_135937.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 16:01 . 2010-08-30 16:01 -------- d-----w- e:\program files\kikin
2010-08-30 16:01 . 2010-08-30 16:07 -------- d-----w- e:\program files\JDownloader
2010-08-30 12:01 . 2010-04-29 13:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 12:01 . 2010-04-29 13:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-08-30 12:01 . 2010-08-30 12:01 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-08-30 11:57 . 2010-08-30 11:57 -------- d-----w- E:\rsit
2010-08-26 10:40 . 2010-08-26 10:40 -------- d-----w- e:\program files\Realtek
2010-08-26 10:40 . 2010-07-27 11:54 1251944 ----a-w- e:\windows\RtlExUpd.dll
2010-08-26 10:04 . 2010-08-04 01:27 143360 ----a-w- e:\windows\system32\atiapfxx.exe
2010-08-26 10:04 . 2010-08-04 01:15 65024 ----a-w- e:\windows\system32\atimpc32.dll
2010-08-26 10:04 . 2009-05-11 21:35 118784 ----a-w- e:\windows\system32\atibtmon.exe
2010-08-26 10:04 . 2010-08-26 11:21 -------- d-----w- e:\program files\ATI
2010-08-26 07:06 . 2010-08-26 07:06 -------- d-----w- e:\program files\2K Games
2010-08-22 14:14 . 2006-10-10 16:29 95232 ----a-w- e:\windows\system32\HPcam_01.dll
2010-08-22 14:06 . 2010-08-22 14:06 -------- d---a-w- e:\program files\HP PSE 9.0 SW
2010-08-22 13:57 . 2010-08-22 13:57 -------- d-----w- e:\program files\HP
2010-08-22 13:15 . 2004-07-13 13:19 0 ------w- e:\windows\hpimdl01.dat
2010-08-20 12:35 . 2010-06-02 02:55 74072 ----a-w- e:\windows\system32\XAPOFX1_5.dll
2010-08-20 12:35 . 2010-06-02 02:55 527192 ----a-w- e:\windows\system32\XAudio2_7.dll
2010-08-20 12:35 . 2010-06-02 02:55 239960 ----a-w- e:\windows\system32\xactengine3_7.dll
2010-08-20 12:35 . 2010-05-26 09:41 2106216 ----a-w- e:\windows\system32\D3DCompiler_43.dll
2010-08-20 12:35 . 2010-05-26 09:41 1868128 ----a-w- e:\windows\system32\d3dcsx_43.dll
2010-08-20 12:35 . 2010-05-26 09:41 248672 ----a-w- e:\windows\system32\d3dx11_43.dll
2010-08-20 12:35 . 2010-05-26 09:41 470880 ----a-w- e:\windows\system32\d3dx10_43.dll
2010-08-20 12:35 . 2010-05-26 09:41 1998168 ----a-w- e:\windows\system32\D3DX9_43.dll
2010-08-20 12:35 . 2010-02-04 08:01 74072 ----a-w- e:\windows\system32\XAPOFX1_4.dll
2010-08-20 12:35 . 2010-02-04 08:01 528216 ----a-w- e:\windows\system32\XAudio2_6.dll
2010-08-20 12:35 . 2010-02-04 08:01 238936 ----a-w- e:\windows\system32\xactengine3_6.dll
2010-08-20 12:35 . 2010-02-04 08:01 22360 ----a-w- e:\windows\system32\X3DAudio1_7.dll
2010-08-19 19:20 . 2010-08-19 21:38 -------- d-----w- e:\windows\SxsCaPendDel
2010-08-19 18:57 . 2009-12-30 10:20 27064 ----a-w- e:\windows\system32\drivers\revoflt.sys
2010-08-16 10:01 . 2010-08-16 10:04 -------- d-----w- e:\program files\DreamCom

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 10:40 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-08-26 10:35 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2010-08-26 10:35 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2010-08-26 07:21 . 2009-08-08 12:33 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-08-25 15:55 . 2010-05-29 12:10 -------- d-----w- e:\program files\TrackMania Nations ESWC
2010-08-21 20:02 . 2010-02-27 20:31 -------- d-----w- e:\program files\ICQ7.0
2010-08-19 20:27 . 2009-07-05 16:18 -------- d-----w- e:\program files\VS Revo Group
2010-08-19 19:35 . 2010-04-06 14:18 -------- d-----w- e:\program files\Cenega Czech
2010-08-19 19:20 . 2009-08-31 12:58 -------- d-----w- e:\program files\Common Files\DivX Shared
2010-08-19 19:13 . 2008-12-14 14:22 -------- d-----w- e:\program files\Webteh
2010-08-19 19:09 . 2010-06-26 15:12 -------- d-----w- e:\program files\DAEMON Tools Toolbar
2010-08-19 18:38 . 2008-11-22 19:28 -------- d-----w- e:\program files\Common Files\Adobe
2010-08-14 07:10 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2010-08-04 02:20 . 2006-06-07 09:08 5243392 ----a-w- e:\windows\system32\drivers\ati2mtag.sys
2010-08-04 01:59 . 2009-02-25 20:32 53248 ----a-w- e:\windows\system32\aticalrt.dll
2010-08-04 01:59 . 2009-02-25 20:32 53248 ----a-w- e:\windows\system32\aticalcl.dll
2010-08-04 01:57 . 2009-02-25 20:30 4358144 ----a-w- e:\windows\system32\aticaldd.dll
2010-08-04 01:53 . 2006-06-07 08:43 15900672 ----a-w- e:\windows\system32\atioglxx.dll
2010-08-04 01:47 . 2009-03-27 17:31 311296 ----a-w- e:\windows\system32\atiiiexx.dll
2010-08-04 01:47 . 2009-02-25 21:42 450560 ----a-w- e:\windows\system32\ATIDEMGX.dll
2010-08-04 01:46 . 2009-02-25 21:41 300544 ----a-w- e:\windows\system32\ati2dvag.dll
2010-08-04 01:41 . 2009-02-25 21:16 3901280 ----a-w- e:\windows\system32\ati3duag.dll
2010-08-04 01:31 . 2006-06-07 09:04 208896 ----a-w- e:\windows\system32\atipdlxx.dll
2010-08-04 01:31 . 2006-06-07 09:04 155648 ----a-w- e:\windows\system32\Oemdspif.dll
2010-08-04 01:30 . 2006-06-07 09:04 26112 ----a-w- e:\windows\system32\Ati2mdxx.exe
2010-08-04 01:30 . 2006-06-07 09:04 43520 ----a-w- e:\windows\system32\ati2edxx.dll
2010-08-04 01:30 . 2009-02-25 21:29 159744 ----a-w- e:\windows\system32\ati2evxx.dll
2010-08-04 01:29 . 2006-06-07 09:03 606208 ----a-w- e:\windows\system32\ati2evxx.exe
2010-08-04 01:28 . 2006-06-07 09:02 53248 ----a-w- e:\windows\system32\ATIDDC.DLL
2010-08-04 01:28 . 2009-02-25 20:59 2537728 ----a-w- e:\windows\system32\ativvaxx.dll
2010-08-04 01:27 . 2009-02-25 20:58 887724 ----a-w- e:\windows\system32\ativva6x.dat
2010-08-04 01:27 . 2009-02-25 20:58 3 ----a-w- e:\windows\system32\ativva5x.dat
2010-08-04 01:24 . 2009-02-25 20:40 610304 ----a-w- e:\windows\system32\atikvmag.dll
2010-08-04 01:23 . 2009-02-25 20:35 393216 ----a-w- e:\windows\system32\atiok3x2.dll
2010-08-04 01:22 . 2009-02-25 20:38 188416 ----a-w- e:\windows\system32\atiadlxx.dll
2010-08-04 01:22 . 2006-06-07 08:39 17408 ----a-w- e:\windows\system32\atitvo32.dll
2010-08-04 01:16 . 2009-02-25 20:32 700416 ----a-w- e:\windows\system32\ati2cqag.dll
2010-08-04 01:15 . 2009-02-25 20:44 65024 ----a-w- e:\windows\system32\amdpcom32.dll
2010-08-04 01:14 . 2006-06-07 08:39 53248 ----a-w- e:\windows\system32\drivers\ati2erec.dll
2010-07-23 17:26 . 2008-12-04 18:32 2644 ----a-w- e:\windows\system32\d3d9caps.dat
2010-07-15 12:58 . 2010-07-15 12:58 -------- d-----w- e:\program files\SweetIM
2010-07-15 12:57 . 2010-07-15 12:57 -------- d-----w- e:\program files\Flash Player
2010-07-04 12:52 . 2010-07-04 12:33 -------- d-----w- e:\program files\TmUnitedForever
2010-07-04 12:31 . 2010-07-04 12:26 -------- d-----w- e:\program files\TrackMania United
2010-07-03 20:42 . 2009-12-20 15:49 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2010-07-03 20:16 . 2010-02-16 18:15 -------- d-----w- e:\program files\Rockstar Games
2010-07-03 10:55 . 2009-06-06 11:31 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2010-06-16 13:22 . 2009-03-27 17:31 219348 ----a-w- e:\windows\system32\atiicdxx.dat
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sha-r- e:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-06-24 00:17 782568 ----a-w- e:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"WheelMouse"="e:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=e:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=e:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^CurseClientStartup.ccip]
path=e:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\CurseClientStartup.ccip
backup=e:\windows\pss\CurseClientStartup.ccipStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
2006-06-05 21:24 118784 ----a-w- e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 14:50 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
2008-02-21 20:22 453936 ----a-w- e:\program files\Pošťák\Postak\Postak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-05-05 15:02 111928 ----a-r- e:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWL2]
2010-03-10 18:27 1223680 ----a-w- e:\documents and settings\Petr\Plocha\SWL2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- e:\program files\winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"e:\\Program Files\\ICQ7.0\\ICQ.exe"=
"e:\\Program Files\\ICQ7.0\\aolload.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"e:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Grand Theft Auto IV - Episodes From Liberty City\\EFLC.exe"=
"e:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R3 Revoflt;Revoflt;e:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 TVICHW32;TVICHW32;e:\windows\system32\DRIVERS\TVICHW32.SYS [2009-10-10 23600]
R4 sptd;sptd;e:\windows\system32\Drivers\sptd.sys [2010-04-21 691696]
S1 ehdrv;ehdrv;e:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 epfwtdir;epfwtdir;e:\windows\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
S2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S3 MouseCap;MouseCapture Driver;e:\windows\system32\Drivers\MouseCap.sys [2005-08-08 6640]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/home/?ai=13054
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate with Babylon - e:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files\kikin\ie_kikin.dll
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home/?ai=13054
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Babylon Client - e:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-DivXUpdate - e:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-HP Component Manager - e:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-Steam - e:\program files\Steam\Steam.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 00:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(884)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-08-31 00:04:33
ComboFix-quarantined-files.txt 2010-08-30 22:04

Před spuštěním: 9 733 365 760
Po spuštění: Volných bajtů: 11 105 619 968

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2B8DF2893F3FDEF8E7D7EBC9755C26FC

bledulka · Příspěvekod **bledulka** » 31 srp 2010 10:52

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

DDS::
uStart Page = hxxp://search.babylon.com/home/?ai=13054

Firefox::
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home/?ai=13054

-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online