Prosím o kontrolu logu

[Dymon]

ComboFix 10-08-30.02 - Petr 31.08.2010 11:33:42.9.1 - x86
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 07:00 . 2010-08-31 07:00 279712 ----a-w- e:\windows\system32\drivers\atksgt.sys
2010-08-31 07:00 . 2010-08-31 07:00 25888 ----a-w- e:\windows\system32\drivers\lirsgt.sys
2010-08-30 16:01 . 2010-08-30 16:01 -------- d-----w- e:\program files\kikin
2010-08-30 16:01 . 2010-08-30 16:07 -------- d-----w- e:\program files\JDownloader
2010-08-30 12:01 . 2010-04-29 13:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 12:01 . 2010-04-29 13:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-08-30 12:01 . 2010-08-30 12:01 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-08-30 11:57 . 2010-08-30 11:57 -------- d-----w- E:\rsit
2010-08-26 10:40 . 2010-08-26 10:40 -------- d-----w- e:\program files\Realtek
2010-08-26 10:40 . 2010-07-27 11:54 1251944 ----a-w- e:\windows\RtlExUpd.dll
2010-08-26 10:04 . 2010-08-04 01:27 143360 ----a-w- e:\windows\system32\atiapfxx.exe
2010-08-26 10:04 . 2010-08-04 01:15 65024 ----a-w- e:\windows\system32\atimpc32.dll
2010-08-26 10:04 . 2009-05-11 21:35 118784 ----a-w- e:\windows\system32\atibtmon.exe
2010-08-26 10:04 . 2010-08-26 11:21 -------- d-----w- e:\program files\ATI
2010-08-26 07:06 . 2010-08-26 07:06 -------- d-----w- e:\program files\2K Games
2010-08-22 14:14 . 2006-10-10 16:29 95232 ----a-w- e:\windows\system32\HPcam_01.dll
2010-08-22 14:06 . 2010-08-22 14:06 -------- d---a-w- e:\program files\HP PSE 9.0 SW
2010-08-22 13:57 . 2010-08-22 13:57 -------- d-----w- e:\program files\HP
2010-08-22 13:15 . 2004-07-13 13:19 0 ------w- e:\windows\hpimdl01.dat
2010-08-20 12:35 . 2010-06-02 02:55 74072 ----a-w- e:\windows\system32\XAPOFX1_5.dll
2010-08-20 12:35 . 2010-06-02 02:55 527192 ----a-w- e:\windows\system32\XAudio2_7.dll
2010-08-20 12:35 . 2010-06-02 02:55 239960 ----a-w- e:\windows\system32\xactengine3_7.dll
2010-08-20 12:35 . 2010-05-26 09:41 2106216 ----a-w- e:\windows\system32\D3DCompiler_43.dll
2010-08-20 12:35 . 2010-05-26 09:41 1868128 ----a-w- e:\windows\system32\d3dcsx_43.dll
2010-08-20 12:35 . 2010-05-26 09:41 248672 ----a-w- e:\windows\system32\d3dx11_43.dll
2010-08-20 12:35 . 2010-05-26 09:41 470880 ----a-w- e:\windows\system32\d3dx10_43.dll
2010-08-20 12:35 . 2010-05-26 09:41 1998168 ----a-w- e:\windows\system32\D3DX9_43.dll
2010-08-20 12:35 . 2010-02-04 08:01 74072 ----a-w- e:\windows\system32\XAPOFX1_4.dll
2010-08-20 12:35 . 2010-02-04 08:01 528216 ----a-w- e:\windows\system32\XAudio2_6.dll
2010-08-20 12:35 . 2010-02-04 08:01 238936 ----a-w- e:\windows\system32\xactengine3_6.dll
2010-08-20 12:35 . 2010-02-04 08:01 22360 ----a-w- e:\windows\system32\X3DAudio1_7.dll
2010-08-19 19:20 . 2010-08-19 21:38 -------- d-----w- e:\windows\SxsCaPendDel
2010-08-19 18:57 . 2009-12-30 10:20 27064 ----a-w- e:\windows\system32\drivers\revoflt.sys
2010-08-16 10:01 . 2010-08-16 10:04 -------- d-----w- e:\program files\DreamCom

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 09:12 . 2010-06-26 15:12 -------- d-----w- e:\program files\DAEMON Tools Lite
2010-08-31 09:11 . 2008-11-19 17:55 691696 ----a-w- e:\windows\system32\drivers\sptd.sys
2010-08-31 06:40 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-08-26 10:35 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2010-08-26 10:35 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2010-08-26 07:21 . 2009-08-08 12:33 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-08-25 15:55 . 2010-05-29 12:10 -------- d-----w- e:\program files\TrackMania Nations ESWC
2010-08-21 20:02 . 2010-02-27 20:31 -------- d-----w- e:\program files\ICQ7.0
2010-08-19 20:27 . 2009-07-05 16:18 -------- d-----w- e:\program files\VS Revo Group
2010-08-19 19:35 . 2010-04-06 14:18 -------- d-----w- e:\program files\Cenega Czech
2010-08-19 19:20 . 2009-08-31 12:58 -------- d-----w- e:\program files\Common Files\DivX Shared
2010-08-19 19:13 . 2008-12-14 14:22 -------- d-----w- e:\program files\Webteh
2010-08-19 19:09 . 2010-06-26 15:12 -------- d-----w- e:\program files\DAEMON Tools Toolbar
2010-08-19 18:38 . 2008-11-22 19:28 -------- d-----w- e:\program files\Common Files\Adobe
2010-08-14 07:10 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2010-08-04 02:20 . 2006-06-07 09:08 5243392 ----a-w- e:\windows\system32\drivers\ati2mtag.sys
2010-08-04 01:59 . 2009-02-25 20:32 53248 ----a-w- e:\windows\system32\aticalrt.dll
2010-08-04 01:59 . 2009-02-25 20:32 53248 ----a-w- e:\windows\system32\aticalcl.dll
2010-08-04 01:57 . 2009-02-25 20:30 4358144 ----a-w- e:\windows\system32\aticaldd.dll
2010-08-04 01:53 . 2006-06-07 08:43 15900672 ----a-w- e:\windows\system32\atioglxx.dll
2010-08-04 01:47 . 2009-03-27 17:31 311296 ----a-w- e:\windows\system32\atiiiexx.dll
2010-08-04 01:47 . 2009-02-25 21:42 450560 ----a-w- e:\windows\system32\ATIDEMGX.dll
2010-08-04 01:46 . 2009-02-25 21:41 300544 ----a-w- e:\windows\system32\ati2dvag.dll
2010-08-04 01:41 . 2009-02-25 21:16 3901280 ----a-w- e:\windows\system32\ati3duag.dll
2010-08-04 01:31 . 2006-06-07 09:04 208896 ----a-w- e:\windows\system32\atipdlxx.dll
2010-08-04 01:31 . 2006-06-07 09:04 155648 ----a-w- e:\windows\system32\Oemdspif.dll
2010-08-04 01:30 . 2006-06-07 09:04 26112 ----a-w- e:\windows\system32\Ati2mdxx.exe
2010-08-04 01:30 . 2006-06-07 09:04 43520 ----a-w- e:\windows\system32\ati2edxx.dll
2010-08-04 01:30 . 2009-02-25 21:29 159744 ----a-w- e:\windows\system32\ati2evxx.dll
2010-08-04 01:29 . 2006-06-07 09:03 606208 ----a-w- e:\windows\system32\ati2evxx.exe
2010-08-04 01:28 . 2006-06-07 09:02 53248 ----a-w- e:\windows\system32\ATIDDC.DLL
2010-08-04 01:28 . 2009-02-25 20:59 2537728 ----a-w- e:\windows\system32\ativvaxx.dll
2010-08-04 01:27 . 2009-02-25 20:58 887724 ----a-w- e:\windows\system32\ativva6x.dat
2010-08-04 01:27 . 2009-02-25 20:58 3 ----a-w- e:\windows\system32\ativva5x.dat
2010-08-04 01:24 . 2009-02-25 20:40 610304 ----a-w- e:\windows\system32\atikvmag.dll
2010-08-04 01:23 . 2009-02-25 20:35 393216 ----a-w- e:\windows\system32\atiok3x2.dll
2010-08-04 01:22 . 2009-02-25 20:38 188416 ----a-w- e:\windows\system32\atiadlxx.dll
2010-08-04 01:22 . 2006-06-07 08:39 17408 ----a-w- e:\windows\system32\atitvo32.dll
2010-08-04 01:16 . 2009-02-25 20:32 700416 ----a-w- e:\windows\system32\ati2cqag.dll
2010-08-04 01:15 . 2009-02-25 20:44 65024 ----a-w- e:\windows\system32\amdpcom32.dll
2010-08-04 01:14 . 2006-06-07 08:39 53248 ----a-w- e:\windows\system32\drivers\ati2erec.dll
2010-07-23 17:26 . 2008-12-04 18:32 2644 ----a-w- e:\windows\system32\d3d9caps.dat
2010-07-15 12:58 . 2010-07-15 12:58 -------- d-----w- e:\program files\SweetIM
2010-07-15 12:57 . 2010-07-15 12:57 -------- d-----w- e:\program files\Flash Player
2010-07-04 12:52 . 2010-07-04 12:33 -------- d-----w- e:\program files\TmUnitedForever
2010-07-04 12:31 . 2010-07-04 12:26 -------- d-----w- e:\program files\TrackMania United
2010-07-03 20:42 . 2009-12-20 15:49 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2010-07-03 20:16 . 2010-02-16 18:15 -------- d-----w- e:\program files\Rockstar Games
2010-07-03 10:55 . 2009-06-06 11:31 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2010-06-16 13:22 . 2009-03-27 17:31 219348 ----a-w- e:\windows\system32\atiicdxx.dat
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sha-r- e:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-30_22.02.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-31 09:26 . 2010-08-31 09:26 16384 e:\windows\temp\Perflib_Perfdata_bc.dat
+ 2010-08-31 06:57 . 2010-08-31 06:57 12800 e:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 12800 e:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 53248 e:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 53248 e:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-04-20 13:44 . 2010-04-20 13:44 5120 e:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2010-08-31 08:16 . 2010-08-31 08:16 5120 e:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-08-26 07:18 . 2010-08-26 07:18 223232 e:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 223232 e:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 178176 e:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 178176 e:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 364544 e:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 364544 e:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 159232 e:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 159232 e:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 145920 e:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 145920 e:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 578560 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 578560 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 578560 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 578560 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 577536 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 577536 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 577536 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 577536 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 577024 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 577024 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 576000 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 576000 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 567296 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 567296 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 563712 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 563712 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 473600 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 473600 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 2846720 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:18 . 2010-08-26 07:18 2846720 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-31 06:57 . 2010-08-31 06:57 2676224 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-08-26 07:17 . 2010-08-26 07:17 2676224 e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-06-24 00:17 782568 ----a-w- e:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"WheelMouse"="e:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=e:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=e:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^CurseClientStartup.ccip]
path=e:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\CurseClientStartup.ccip
backup=e:\windows\pss\CurseClientStartup.ccipStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
2006-06-05 21:24 118784 ----a-w- e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 14:50 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
2008-02-21 20:22 453936 ----a-w- e:\program files\Pošťák\Postak\Postak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-05-05 15:02 111928 ----a-r- e:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWL2]
2010-03-10 18:27 1223680 ----a-w- e:\documents and settings\Petr\Plocha\SWL2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- e:\program files\winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"e:\\Program Files\\ICQ7.0\\ICQ.exe"=
"e:\\Program Files\\ICQ7.0\\aolload.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"e:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Grand Theft Auto IV - Episodes From Liberty City\\EFLC.exe"=
"e:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R3 Revoflt;Revoflt;e:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 TVICHW32;TVICHW32;e:\windows\system32\DRIVERS\TVICHW32.SYS [2009-10-10 23600]
R4 sptd;sptd;e:\windows\system32\Drivers\sptd.sys [2010-08-31 691696]
S1 ehdrv;ehdrv;e:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 epfwtdir;epfwtdir;e:\windows\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
S2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S3 MouseCap;MouseCapture Driver;e:\windows\system32\Drivers\MouseCap.sys [2005-08-08 6640]

.
.
------- Doplňkový sken -------
.
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate with Babylon - e:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files\kikin\ie_kikin.dll
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 11:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(884)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

- - - - - - - > 'explorer.exe'(3476)
e:\windows\system32\msi.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-31 11:41:08
ComboFix-quarantined-files.txt 2010-08-31 09:40
ComboFix2.txt 2010-08-30 22:04

Před spuštěním: Volných bajtů: 10 685 865 984
Po spuštění: Volných bajtů: 10 659 147 776

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 61A43152A6A5E01223DCD73E22344F29

Chtěl bych taky podotknout, že vždy po použití combofixu se mi pokazí DAEMON Tools a musim to přeinstalovat

[Reklama]

[bledulka]

Combofix driver od Daemonu totiž odstaví, protože hákuje atapi a pak není jasné, jestli az to může daemon nebo havěť.

Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir





Odstranění konzole zotavení
-Stáhni T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-spusť T-Cleaner
- Zmačkni klavesu r a enter
-po restartu znova spusť T-Cleaner
-Zmáčkni klavesu a a Entr potvrď všechny volby na výmaz
-pak jej spust znova ˇ, klavesu p a enter
-restartuj pc


****************************

Poprosím Tě o nový log ze situ a napiš mi, co budeme ještě spravovat.

[Dymon]

Odkud že má byt ten další log?

[Dymon]

1) "Tento Počítáč" načíta neskutečně dlouho (objeví se taková baterka, jak kdyby to něco hledalo) - taktéž, dlouha doba otevírání souborů WINrar
2) Nejde hodit PC do Úsporného režimu
3) Když zapnu PC, tak mám na výběr že tři systemu (nevim jak to nazvat, prostě 2x windows xp a pak nějaky recovery - nevim co to je)... byl bych rad kdyby tam byl jen ten jeden, ze kterého spouštím PC
4) U hry Mafie 1 mi PC háže error při spuštění, nejspíš je to modifikacemi ktere sem tam kdysi stáhnul, ale nevim jak je plně odstranit

Nic z toho se nevyřešilo, navíc při erroru u mafie na mě vyskočila modrá smrt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:05:48, on 31.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\A4Tech\Mouse\Amoumain.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\sdasdas\Reader\Reader_sl.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - E:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\sdasdas\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-1482476501-329068152-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-329068152-725345543-1003\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-329068152-725345543-1003\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - E:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - E:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\WINDOWS\system32\wbsys.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8743 bytes

[bledulka]

Podívej se do složky E:\WINDOWS\minidump, pokud je tam soubor z toho dnešního BSODU, vlož ho zde jako přílohu.

Podívej se do správce zařízení, jestli tam nemáš nějaké otazníky-



Start -spustit - napiš msconfig enter
-vyber záložku boot.ini
-udělej z ní screen

[Dymon]

Jediné co v té složce je: Mini083110-01
Nejde to hodit do přílohy, jelikož Přípona dmp není povolena

- zde screen z boot.ini
nevlezl se tam první řádek, ovšem stojí tam jen "boot loader"

Jinak jestli myslíš v procesech jestli nemám otazníky, tak tam žádne nevidím

[bledulka]

Ten soubor z minidumpu dej do zipu nebo raru a dej do přílohy nebo upni na www.ulozto.cz

Který ten systém chceš v boot.ini nechat?

Konzoli zotavení odinstaluješ podle tohoto návodu
http://support.microsoft.com/kb/307654/cs najdi si odinstalaci.

[Dymon]

K PC se dostanu až o víkendu, jen ať si nemyslíš, že sem se na to vyprd :)

[bledulka]

Jasně, pak se ozvi.

[Dymon]

Konzole pro zotavení odinstalována.

Budu tam chtít nechat ten OS, který funguje a spouštím to přes něj, je to myslím ten první (pokud je to v pořadí v kterém to vidím při zapínání PC)

Minidump soubor přiložen

Mini083110-01.rar

(20.46 KiB) Staženo 12 x

[bledulka]

Za Bsod pravděpodobně může soubor Senfilt.sys.
Já si teď netroufnu Ti odmazat jeden řádek v boot.ini, raději bych na ty ostatní problémy zavolala někoho zkušenějšího, tohle už jsou problémy mimo tuto sekci a moje znalosti.
Vydrž, poprosím někoho z kolegů, zda se Tě ujme.

[MiliNess]

Ano, pravděpodobně bude chyba v ovladači Senfilt.sys (Sensaura WDM 3D audio driver )
Zaměřte se na ovladače zvukovky. Stáhněte a nainstalujte novější verzi.