Ahoj, poslední dobou mam problém s internetem, nabíhá strašně pomalu oproti normálu, navíc to neni jen internet, i hry, složky prostě vše nabíhá pomalu, když zapínam počítač trvá to taky o dost dlouho oproti normálu, log z HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:35:05, on 11.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LGAutorunService.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LG SCSI Commander - Unknown owner - C:\WINDOWS\system32\LGAutorunService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
--
End of file - 10446 bytes
A log z Malwarebytes:
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11.8.2011 23:42:44
mbam-log-2011-08-11 (23-42-44).txt
Typ: Rychlá kontrola
Kontrolované objekty: 160424
Uplynulý čas: 5 minut, 16 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Zpomalený internet a chod počítače Vyřešeno
Re: Zpomalený internet a chod počítače
Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
Re: Zpomalený internet a chod počítače
ComboFix 11-08-12.01 - Admin 12.08.2011 21:05:53.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1412 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\WINDOWS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-12 do 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-17 11:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-10 09:55 . 2011-08-10 09:55 5182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-08-09 00:04 . 2011-08-09 00:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2011-08-09 00:00 . 2011-08-09 00:02 -------- d-----w- c:\program files\TmNationsForever
2011-08-08 10:56 . 2011-08-08 10:56 -------- d-----w- C:\gPotato
2011-08-07 21:27 . 2011-08-08 10:56 2760410632 ----a-w- c:\program files\PriusClient20110613.exe
2011-08-02 20:39 . 2003-03-18 23:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-02 20:39 . 2006-04-29 12:25 40960 ----a-w- c:\windows\system32\psfind.dll
2011-08-01 17:36 . 2011-08-01 17:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Turbine
2011-08-01 17:14 . 2011-08-01 17:14 -------- d-----w- c:\program files\Turbine
2011-08-01 14:07 . 2011-08-01 17:13 -------- d-----w- c:\program files\DDO High Res Install Files
2011-08-01 14:05 . 2011-08-12 19:11 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2011-08-01 14:05 . 2011-08-08 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2011-07-31 18:03 . 2011-07-31 18:03 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pando
2011-07-31 17:36 . 2011-07-31 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-31 17:30 . 2011-07-31 17:30 -------- d-----w- c:\program files\AMD APP
2011-07-31 17:28 . 2011-07-08 03:15 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 17:28 . 2011-07-08 03:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 17:27 . 2011-07-31 17:27 -------- d-----w- c:\program files\ATI
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\eSupport.com
2011-07-31 17:23 . 2011-07-31 17:23 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-31 16:53 . 2011-07-31 16:53 -------- d-----w- c:\program files\TeamViewer
2011-07-31 14:23 . 2011-07-31 16:27 -------- d-----w- c:\program files\LOTRO Standard Res Install Files EN
2011-07-31 13:37 . 2011-07-31 13:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 09:49 . 2011-08-01 12:55 -------- d-----w- C:\Nexon
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\BandiMPEG1
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\Vindictus
2011-07-31 09:36 . 2011-08-01 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NexonUS
2011-07-27 15:46 . 2011-07-27 15:46 -------- d-----w- C:\games
2011-07-23 19:06 . 2011-07-23 19:28 -------- d-----w- c:\documents and settings\Admin\Data aplikací\TeamViewer
2011-07-22 20:02 . 2005-01-14 07:32 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2011-07-22 20:02 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-22 20:02 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\windows\PixArt
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Common Files\PCCamera
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Trust
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- c:\windows\Downloaded Installations
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- C:\download
2011-07-21 19:53 . 2011-07-21 21:10 -------- d-----w- c:\program files\Runes_of_Magic_4.0.0.2360_slim_eu
2011-07-21 19:53 . 2011-07-21 19:53 -------- d-----w- c:\documents and settings\Admin\Data aplikací\FOG Downloader
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\Admin\Data aplikací\f-secure
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\F-Secure
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Common Files\Java
2011-07-18 13:48 . 2011-07-18 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-18 13:48 . 2011-07-18 13:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Java
2011-07-18 13:41 . 2011-07-18 13:41 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-18 13:38 . 2011-07-18 13:38 -------- d-----w- C:\$AVG
2011-07-18 13:34 . 2011-07-18 13:34 -------- d-----w- c:\documents and settings\Admin\Data aplikací\AVG10
2011-07-18 13:34 . 2011-07-18 13:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-18 13:33 . 2011-08-12 18:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-07-18 13:33 . 2011-08-12 18:55 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-18 13:32 . 2011-07-18 13:32 -------- d-----w- c:\program files\AVG
2011-07-18 13:29 . 2011-08-12 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-14 21:08 . 2011-07-14 21:38 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SLAnticheat
2011-07-14 21:07 . 2011-07-14 21:07 -------- d-----w- c:\program files\SPEEDLINK ANTICHEAT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 18:59 . 2011-05-29 07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 18:13 . 2010-12-03 22:26 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-11 18:13 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-11 18:13 . 2009-07-09 15:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-11 18:07 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-18 13:48 . 2010-11-12 16:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 04:12 . 2009-04-29 03:30 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2009-04-29 01:18 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2009-04-29 02:18 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2009-04-29 01:56 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:05 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2009-04-29 01:42 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 02:56 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2009-04-29 01:17 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2009-04-29 01:20 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2009-04-29 01:13 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:37 . 2011-07-07 21:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 09:43 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-07-07 09:43 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-06 17:52 . 2011-04-11 20:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-04-11 20:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 17:54 . 2011-06-30 17:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-24 14:10 . 2009-06-18 09:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 13:26 . 2009-07-10 19:47 138056 ----a-w- c:\documents and settings\Admin\Data aplikací\PnkBstrK.sys
2011-06-05 13:26 . 2010-12-03 22:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-26 14:17 . 2009-06-18 11:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-29 14:29 . 2011-03-29 16:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-19 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-07 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="c:\program files\Steam\steam.exe" -silent
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" silent loginmode=4
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57104:TCP"= 57104:TCP:Pando Media Booster
"57104:UDP"= 57104:UDP:Pando Media Booster
"58692:TCP"= 58692:TCP:Pando Media Booster
"58692:UDP"= 58692:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"56730:TCP"= 56730:TCP:Pando Media Booster
"56730:UDP"= 56730:UDP:Pando Media Booster
"57294:TCP"= 57294:TCP:Pando Media Booster
"57294:UDP"= 57294:UDP:Pando Media Booster
"58056:TCP"= 58056:TCP:Pando
"58056:UDP"= 58056:UDP:Pando
"56101:TCP"= 56101:TCP:Pando Media Booster
"56101:UDP"= 56101:UDP:Pando Media Booster
"57783:TCP"= 57783:TCP:Pando Media Booster
"57783:UDP"= 57783:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2009 11:41 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.2.2011 18:25 218688]
R2 LG SCSI Commander;LG SCSI Commander;c:\windows\system32\LGAutorunService.exe [21.11.2009 13:52 135168]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23.11.2010 18:13 1483072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [18.6.2009 11:17 38176]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 bdlkqker;bdlkqker;\??\c:\windows\System32\Drivers\bdlkqker.sys --> c:\windows\System32\Drivers\bdlkqker.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [31.7.2011 19:23 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [12.3.2011 14:55 24504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.2.2010 12:27 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp --> c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 jngfvmax;jngfvmax;\??\c:\windows\System32\Drivers\jngfvmax.sys --> c:\windows\System32\Drivers\jngfvmax.sys [?]
S3 lpanfplg;lpanfplg;\??\c:\windows\System32\Drivers\lpanfplg.sys --> c:\windows\System32\Drivers\lpanfplg.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\Admin\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\Admin\LOCALS~1\Temp\oflpydin.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [24.7.2009 19:19 19020]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24.2.2010 12:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24.2.2010 12:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24.2.2010 12:27 121856]
S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys --> c:\windows\system32\XDva317.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jktgzui
wbmuky
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\gprnrxxf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-TNod - c:\program files\TNod User & Password Finder\uninst-TNod.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 21:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-117609710-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,25,3c,37,60,2e,9f,4c,6d,ef,dc,94,c4,d9,34,37,de,b3,06,55,cb,
37,b6,fa,47,f4,e7,0e,45,64,71,04,60,62,81,af,e7,8f,23,cc,d2,a9,89,f2,2c,c8,\
"rkeysecu"=hex:ea,51,8b,3d,f9,7e,2e,15,6d,6e,c3,6c,67,c5,28,38
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-08-12 21:12:57
ComboFix-quarantined-files.txt 2011-08-12 19:12
.
Před spuštěním: Volných bajtů: 191 098 314 752
Po spuštění: Volných bajtů: 191 377 973 248
.
- - End Of File - - A4E40C950CBECB9AB2ACD7B574CD8DA6
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1412 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\WINDOWS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-12 do 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-17 11:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-10 09:55 . 2011-08-10 09:55 5182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-08-09 00:04 . 2011-08-09 00:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2011-08-09 00:00 . 2011-08-09 00:02 -------- d-----w- c:\program files\TmNationsForever
2011-08-08 10:56 . 2011-08-08 10:56 -------- d-----w- C:\gPotato
2011-08-07 21:27 . 2011-08-08 10:56 2760410632 ----a-w- c:\program files\PriusClient20110613.exe
2011-08-02 20:39 . 2003-03-18 23:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-02 20:39 . 2006-04-29 12:25 40960 ----a-w- c:\windows\system32\psfind.dll
2011-08-01 17:36 . 2011-08-01 17:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Turbine
2011-08-01 17:14 . 2011-08-01 17:14 -------- d-----w- c:\program files\Turbine
2011-08-01 14:07 . 2011-08-01 17:13 -------- d-----w- c:\program files\DDO High Res Install Files
2011-08-01 14:05 . 2011-08-12 19:11 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2011-08-01 14:05 . 2011-08-08 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2011-07-31 18:03 . 2011-07-31 18:03 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pando
2011-07-31 17:36 . 2011-07-31 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-31 17:30 . 2011-07-31 17:30 -------- d-----w- c:\program files\AMD APP
2011-07-31 17:28 . 2011-07-08 03:15 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 17:28 . 2011-07-08 03:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 17:27 . 2011-07-31 17:27 -------- d-----w- c:\program files\ATI
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\eSupport.com
2011-07-31 17:23 . 2011-07-31 17:23 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-31 16:53 . 2011-07-31 16:53 -------- d-----w- c:\program files\TeamViewer
2011-07-31 14:23 . 2011-07-31 16:27 -------- d-----w- c:\program files\LOTRO Standard Res Install Files EN
2011-07-31 13:37 . 2011-07-31 13:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 09:49 . 2011-08-01 12:55 -------- d-----w- C:\Nexon
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\BandiMPEG1
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\Vindictus
2011-07-31 09:36 . 2011-08-01 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NexonUS
2011-07-27 15:46 . 2011-07-27 15:46 -------- d-----w- C:\games
2011-07-23 19:06 . 2011-07-23 19:28 -------- d-----w- c:\documents and settings\Admin\Data aplikací\TeamViewer
2011-07-22 20:02 . 2005-01-14 07:32 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2011-07-22 20:02 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-22 20:02 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\windows\PixArt
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Common Files\PCCamera
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Trust
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- c:\windows\Downloaded Installations
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- C:\download
2011-07-21 19:53 . 2011-07-21 21:10 -------- d-----w- c:\program files\Runes_of_Magic_4.0.0.2360_slim_eu
2011-07-21 19:53 . 2011-07-21 19:53 -------- d-----w- c:\documents and settings\Admin\Data aplikací\FOG Downloader
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\Admin\Data aplikací\f-secure
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\F-Secure
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Common Files\Java
2011-07-18 13:48 . 2011-07-18 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-18 13:48 . 2011-07-18 13:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Java
2011-07-18 13:41 . 2011-07-18 13:41 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-18 13:38 . 2011-07-18 13:38 -------- d-----w- C:\$AVG
2011-07-18 13:34 . 2011-07-18 13:34 -------- d-----w- c:\documents and settings\Admin\Data aplikací\AVG10
2011-07-18 13:34 . 2011-07-18 13:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-18 13:33 . 2011-08-12 18:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-07-18 13:33 . 2011-08-12 18:55 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-18 13:32 . 2011-07-18 13:32 -------- d-----w- c:\program files\AVG
2011-07-18 13:29 . 2011-08-12 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-14 21:08 . 2011-07-14 21:38 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SLAnticheat
2011-07-14 21:07 . 2011-07-14 21:07 -------- d-----w- c:\program files\SPEEDLINK ANTICHEAT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 18:59 . 2011-05-29 07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 18:13 . 2010-12-03 22:26 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-11 18:13 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-11 18:13 . 2009-07-09 15:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-11 18:07 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-18 13:48 . 2010-11-12 16:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 04:12 . 2009-04-29 03:30 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2009-04-29 01:18 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2009-04-29 02:18 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2009-04-29 01:56 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:05 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2009-04-29 01:42 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 02:56 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2009-04-29 01:17 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2009-04-29 01:20 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2009-04-29 01:13 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:37 . 2011-07-07 21:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 09:43 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-07-07 09:43 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-06 17:52 . 2011-04-11 20:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-04-11 20:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 17:54 . 2011-06-30 17:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-24 14:10 . 2009-06-18 09:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 13:26 . 2009-07-10 19:47 138056 ----a-w- c:\documents and settings\Admin\Data aplikací\PnkBstrK.sys
2011-06-05 13:26 . 2010-12-03 22:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-26 14:17 . 2009-06-18 11:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-29 14:29 . 2011-03-29 16:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-19 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-07 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="c:\program files\Steam\steam.exe" -silent
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" silent loginmode=4
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57104:TCP"= 57104:TCP:Pando Media Booster
"57104:UDP"= 57104:UDP:Pando Media Booster
"58692:TCP"= 58692:TCP:Pando Media Booster
"58692:UDP"= 58692:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"56730:TCP"= 56730:TCP:Pando Media Booster
"56730:UDP"= 56730:UDP:Pando Media Booster
"57294:TCP"= 57294:TCP:Pando Media Booster
"57294:UDP"= 57294:UDP:Pando Media Booster
"58056:TCP"= 58056:TCP:Pando
"58056:UDP"= 58056:UDP:Pando
"56101:TCP"= 56101:TCP:Pando Media Booster
"56101:UDP"= 56101:UDP:Pando Media Booster
"57783:TCP"= 57783:TCP:Pando Media Booster
"57783:UDP"= 57783:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2009 11:41 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.2.2011 18:25 218688]
R2 LG SCSI Commander;LG SCSI Commander;c:\windows\system32\LGAutorunService.exe [21.11.2009 13:52 135168]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23.11.2010 18:13 1483072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [18.6.2009 11:17 38176]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 bdlkqker;bdlkqker;\??\c:\windows\System32\Drivers\bdlkqker.sys --> c:\windows\System32\Drivers\bdlkqker.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [31.7.2011 19:23 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [12.3.2011 14:55 24504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.2.2010 12:27 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp --> c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 jngfvmax;jngfvmax;\??\c:\windows\System32\Drivers\jngfvmax.sys --> c:\windows\System32\Drivers\jngfvmax.sys [?]
S3 lpanfplg;lpanfplg;\??\c:\windows\System32\Drivers\lpanfplg.sys --> c:\windows\System32\Drivers\lpanfplg.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\Admin\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\Admin\LOCALS~1\Temp\oflpydin.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [24.7.2009 19:19 19020]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24.2.2010 12:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24.2.2010 12:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24.2.2010 12:27 121856]
S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys --> c:\windows\system32\XDva317.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jktgzui
wbmuky
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\gprnrxxf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-TNod - c:\program files\TNod User & Password Finder\uninst-TNod.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 21:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-117609710-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,25,3c,37,60,2e,9f,4c,6d,ef,dc,94,c4,d9,34,37,de,b3,06,55,cb,
37,b6,fa,47,f4,e7,0e,45,64,71,04,60,62,81,af,e7,8f,23,cc,d2,a9,89,f2,2c,c8,\
"rkeysecu"=hex:ea,51,8b,3d,f9,7e,2e,15,6d,6e,c3,6c,67,c5,28,38
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-08-12 21:12:57
ComboFix-quarantined-files.txt 2011-08-12 19:12
.
Před spuštěním: Volných bajtů: 191 098 314 752
Po spuštění: Volných bajtů: 191 377 973 248
.
- - End Of File - - A4E40C950CBECB9AB2ACD7B574CD8DA6
Re: Zpomalený internet a chod počítače
Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka
-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš
-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka
Kód: Vybrat vše
Driver::
jngfvmax
lpanfplg
oflpydin
XDva317
XDva321
XDva359
bdlkqker
Netsvc::
jngfvmax
wbmuky
File::
c:\windows\system32\XDva317.sys
c:\windows\system32\XDva321.sys
c:\windows\system32\XDva359.sys
c:\docume~1\Admin\LOCALS~1\Temp\oflpydin.sys
c:\windows\System32\Drivers\jngfvmax.sys
c:\windows\System32\Drivers\lpanfplg.sys
c:\windows\System32\Drivers\bdlkqker.sys
-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš
-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Re: Zpomalený internet a chod počítače
ComboFix 11-08-12.01 - Admin 13.08.2011 0:07.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1395 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\docume~1\Admin\LOCALS~1\Temp\oflpydin.sys"
"c:\windows\System32\Drivers\bdlkqker.sys"
"c:\windows\System32\Drivers\jngfvmax.sys"
"c:\windows\System32\Drivers\lpanfplg.sys"
"c:\windows\system32\XDva317.sys"
"c:\windows\system32\XDva321.sys"
"c:\windows\system32\XDva359.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OFLPYDIN
-------\Legacy_XDVA317
-------\Legacy_XDVA321
-------\Legacy_XDVA359
-------\Service_bdlkqker
-------\Service_jngfvmax
-------\Service_lpanfplg
-------\Service_oflpydin
-------\Service_XDva317
-------\Service_XDva321
-------\Service_XDva359
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-12 do 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-17 11:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-10 09:55 . 2011-08-10 09:55 5182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-08-09 00:04 . 2011-08-09 00:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2011-08-09 00:00 . 2011-08-09 00:02 -------- d-----w- c:\program files\TmNationsForever
2011-08-08 10:56 . 2011-08-08 10:56 -------- d-----w- C:\gPotato
2011-08-07 21:27 . 2011-08-08 10:56 2760410632 ----a-w- c:\program files\PriusClient20110613.exe
2011-08-02 20:39 . 2003-03-18 23:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-02 20:39 . 2006-04-29 12:25 40960 ----a-w- c:\windows\system32\psfind.dll
2011-08-01 17:36 . 2011-08-01 17:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Turbine
2011-08-01 17:14 . 2011-08-01 17:14 -------- d-----w- c:\program files\Turbine
2011-08-01 14:07 . 2011-08-01 17:13 -------- d-----w- c:\program files\DDO High Res Install Files
2011-08-01 14:05 . 2011-08-12 22:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2011-08-01 14:05 . 2011-08-08 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2011-07-31 18:03 . 2011-07-31 18:03 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pando
2011-07-31 17:36 . 2011-07-31 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-31 17:30 . 2011-07-31 17:30 -------- d-----w- c:\program files\AMD APP
2011-07-31 17:28 . 2011-07-08 03:15 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 17:28 . 2011-07-08 03:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 17:27 . 2011-07-31 17:27 -------- d-----w- c:\program files\ATI
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\eSupport.com
2011-07-31 17:23 . 2011-07-31 17:23 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-31 16:53 . 2011-07-31 16:53 -------- d-----w- c:\program files\TeamViewer
2011-07-31 14:23 . 2011-07-31 16:27 -------- d-----w- c:\program files\LOTRO Standard Res Install Files EN
2011-07-31 13:37 . 2011-07-31 13:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 09:49 . 2011-08-01 12:55 -------- d-----w- C:\Nexon
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\BandiMPEG1
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\Vindictus
2011-07-31 09:36 . 2011-08-01 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NexonUS
2011-07-27 15:46 . 2011-07-27 15:46 -------- d-----w- C:\games
2011-07-23 19:06 . 2011-07-23 19:28 -------- d-----w- c:\documents and settings\Admin\Data aplikací\TeamViewer
2011-07-22 20:02 . 2005-01-14 07:32 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2011-07-22 20:02 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-22 20:02 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\windows\PixArt
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Common Files\PCCamera
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Trust
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- c:\windows\Downloaded Installations
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- C:\download
2011-07-21 19:53 . 2011-07-21 21:10 -------- d-----w- c:\program files\Runes_of_Magic_4.0.0.2360_slim_eu
2011-07-21 19:53 . 2011-07-21 19:53 -------- d-----w- c:\documents and settings\Admin\Data aplikací\FOG Downloader
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\Admin\Data aplikací\f-secure
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\F-Secure
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Common Files\Java
2011-07-18 13:48 . 2011-07-18 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-18 13:48 . 2011-07-18 13:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Java
2011-07-18 13:41 . 2011-07-18 13:41 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-18 13:38 . 2011-07-18 13:38 -------- d-----w- C:\$AVG
2011-07-18 13:34 . 2011-07-18 13:34 -------- d-----w- c:\documents and settings\Admin\Data aplikací\AVG10
2011-07-18 13:34 . 2011-07-18 13:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-18 13:33 . 2011-08-12 18:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-07-18 13:33 . 2011-08-12 18:55 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-18 13:32 . 2011-07-18 13:32 -------- d-----w- c:\program files\AVG
2011-07-18 13:29 . 2011-08-12 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-14 21:08 . 2011-07-14 21:38 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SLAnticheat
2011-07-14 21:07 . 2011-07-14 21:07 -------- d-----w- c:\program files\SPEEDLINK ANTICHEAT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 18:59 . 2011-05-29 07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 18:13 . 2010-12-03 22:26 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-11 18:13 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-11 18:13 . 2009-07-09 15:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-11 18:07 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-18 13:48 . 2010-11-12 16:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 04:12 . 2009-04-29 03:30 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2009-04-29 01:18 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2009-04-29 02:18 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2009-04-29 01:56 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:05 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2009-04-29 01:42 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 02:56 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2009-04-29 01:17 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2009-04-29 01:20 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2009-04-29 01:13 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:37 . 2011-07-07 21:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 09:43 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-07-07 09:43 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-06 17:52 . 2011-04-11 20:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-04-11 20:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 17:54 . 2011-06-30 17:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-24 14:10 . 2009-06-18 09:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 13:26 . 2009-07-10 19:47 138056 ----a-w- c:\documents and settings\Admin\Data aplikací\PnkBstrK.sys
2011-06-05 13:26 . 2010-12-03 22:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-26 14:17 . 2009-06-18 11:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-29 14:29 . 2011-03-29 16:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_19.11.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-12 22:15 . 2011-08-12 22:15 16384 c:\windows\Temp\Perflib_Perfdata_468.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-19 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-07 3077528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="c:\program files\Steam\steam.exe" -silent
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" silent loginmode=4
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57104:TCP"= 57104:TCP:Pando Media Booster
"57104:UDP"= 57104:UDP:Pando Media Booster
"58692:TCP"= 58692:TCP:Pando Media Booster
"58692:UDP"= 58692:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"56730:TCP"= 56730:TCP:Pando Media Booster
"56730:UDP"= 56730:UDP:Pando Media Booster
"57294:TCP"= 57294:TCP:Pando Media Booster
"57294:UDP"= 57294:UDP:Pando Media Booster
"58056:TCP"= 58056:TCP:Pando
"58056:UDP"= 58056:UDP:Pando
"56101:TCP"= 56101:TCP:Pando Media Booster
"56101:UDP"= 56101:UDP:Pando Media Booster
"57783:TCP"= 57783:TCP:Pando Media Booster
"57783:UDP"= 57783:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2009 11:41 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.2.2011 18:25 218688]
R2 LG SCSI Commander;LG SCSI Commander;c:\windows\system32\LGAutorunService.exe [21.11.2009 13:52 135168]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23.11.2010 18:13 1483072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [18.6.2009 11:17 38176]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [31.7.2011 19:23 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [12.3.2011 14:55 24504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.2.2010 12:27 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp --> c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [24.7.2009 19:19 19020]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24.2.2010 12:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24.2.2010 12:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24.2.2010 12:27 121856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jktgzui
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\gprnrxxf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 00:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-117609710-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,25,3c,37,60,2e,9f,4c,6d,ef,dc,94,c4,d9,34,37,de,b3,06,55,cb,
37,b6,fa,47,f4,e7,0e,45,64,71,04,60,62,81,af,e7,8f,23,cc,d2,a9,89,f2,2c,c8,\
"rkeysecu"=hex:ea,51,8b,3d,f9,7e,2e,15,6d,6e,c3,6c,67,c5,28,38
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-13 00:18:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-12 22:18
ComboFix2.txt 2011-08-12 19:12
.
Před spuštěním: Volných bajtů: 191 383 732 224
Po spuštění: Volných bajtů: 191 259 815 936
.
- - End Of File - - 91FBDB6B9E782AC588DBDCDA1142BCDE
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1395 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\docume~1\Admin\LOCALS~1\Temp\oflpydin.sys"
"c:\windows\System32\Drivers\bdlkqker.sys"
"c:\windows\System32\Drivers\jngfvmax.sys"
"c:\windows\System32\Drivers\lpanfplg.sys"
"c:\windows\system32\XDva317.sys"
"c:\windows\system32\XDva321.sys"
"c:\windows\system32\XDva359.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OFLPYDIN
-------\Legacy_XDVA317
-------\Legacy_XDVA321
-------\Legacy_XDVA359
-------\Service_bdlkqker
-------\Service_jngfvmax
-------\Service_lpanfplg
-------\Service_oflpydin
-------\Service_XDva317
-------\Service_XDva321
-------\Service_XDva359
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-12 do 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-17 11:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-10 09:55 . 2011-08-10 09:55 5182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-08-09 00:04 . 2011-08-09 00:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2011-08-09 00:00 . 2011-08-09 00:02 -------- d-----w- c:\program files\TmNationsForever
2011-08-08 10:56 . 2011-08-08 10:56 -------- d-----w- C:\gPotato
2011-08-07 21:27 . 2011-08-08 10:56 2760410632 ----a-w- c:\program files\PriusClient20110613.exe
2011-08-02 20:39 . 2003-03-18 23:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-02 20:39 . 2006-04-29 12:25 40960 ----a-w- c:\windows\system32\psfind.dll
2011-08-01 17:36 . 2011-08-01 17:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Turbine
2011-08-01 17:14 . 2011-08-01 17:14 -------- d-----w- c:\program files\Turbine
2011-08-01 14:07 . 2011-08-01 17:13 -------- d-----w- c:\program files\DDO High Res Install Files
2011-08-01 14:05 . 2011-08-12 22:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2011-08-01 14:05 . 2011-08-08 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2011-07-31 18:03 . 2011-07-31 18:03 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pando
2011-07-31 17:36 . 2011-07-31 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-31 17:30 . 2011-07-31 17:30 -------- d-----w- c:\program files\AMD APP
2011-07-31 17:28 . 2011-07-08 03:15 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 17:28 . 2011-07-08 03:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 17:27 . 2011-07-31 17:27 -------- d-----w- c:\program files\ATI
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\eSupport.com
2011-07-31 17:23 . 2011-07-31 17:23 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-31 16:53 . 2011-07-31 16:53 -------- d-----w- c:\program files\TeamViewer
2011-07-31 14:23 . 2011-07-31 16:27 -------- d-----w- c:\program files\LOTRO Standard Res Install Files EN
2011-07-31 13:37 . 2011-07-31 13:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 09:49 . 2011-08-01 12:55 -------- d-----w- C:\Nexon
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\BandiMPEG1
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\Vindictus
2011-07-31 09:36 . 2011-08-01 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NexonUS
2011-07-27 15:46 . 2011-07-27 15:46 -------- d-----w- C:\games
2011-07-23 19:06 . 2011-07-23 19:28 -------- d-----w- c:\documents and settings\Admin\Data aplikací\TeamViewer
2011-07-22 20:02 . 2005-01-14 07:32 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2011-07-22 20:02 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-22 20:02 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\windows\PixArt
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Common Files\PCCamera
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Trust
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- c:\windows\Downloaded Installations
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- C:\download
2011-07-21 19:53 . 2011-07-21 21:10 -------- d-----w- c:\program files\Runes_of_Magic_4.0.0.2360_slim_eu
2011-07-21 19:53 . 2011-07-21 19:53 -------- d-----w- c:\documents and settings\Admin\Data aplikací\FOG Downloader
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\Admin\Data aplikací\f-secure
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\F-Secure
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Common Files\Java
2011-07-18 13:48 . 2011-07-18 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-18 13:48 . 2011-07-18 13:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Java
2011-07-18 13:41 . 2011-07-18 13:41 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-18 13:38 . 2011-07-18 13:38 -------- d-----w- C:\$AVG
2011-07-18 13:34 . 2011-07-18 13:34 -------- d-----w- c:\documents and settings\Admin\Data aplikací\AVG10
2011-07-18 13:34 . 2011-07-18 13:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-18 13:33 . 2011-08-12 18:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-07-18 13:33 . 2011-08-12 18:55 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-18 13:32 . 2011-07-18 13:32 -------- d-----w- c:\program files\AVG
2011-07-18 13:29 . 2011-08-12 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-14 21:08 . 2011-07-14 21:38 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SLAnticheat
2011-07-14 21:07 . 2011-07-14 21:07 -------- d-----w- c:\program files\SPEEDLINK ANTICHEAT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 18:59 . 2011-05-29 07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 18:13 . 2010-12-03 22:26 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-11 18:13 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-11 18:13 . 2009-07-09 15:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-11 18:07 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-18 13:48 . 2010-11-12 16:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 04:12 . 2009-04-29 03:30 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2009-04-29 01:18 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2009-04-29 02:18 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2009-04-29 01:56 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:05 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2009-04-29 01:42 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 02:56 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2009-04-29 01:17 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2009-04-29 01:20 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2009-04-29 01:13 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:37 . 2011-07-07 21:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 09:43 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-07-07 09:43 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-06 17:52 . 2011-04-11 20:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-04-11 20:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 17:54 . 2011-06-30 17:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-24 14:10 . 2009-06-18 09:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 13:26 . 2009-07-10 19:47 138056 ----a-w- c:\documents and settings\Admin\Data aplikací\PnkBstrK.sys
2011-06-05 13:26 . 2010-12-03 22:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-26 14:17 . 2009-06-18 11:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-29 14:29 . 2011-03-29 16:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_19.11.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-12 22:15 . 2011-08-12 22:15 16384 c:\windows\Temp\Perflib_Perfdata_468.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-19 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-07 3077528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="c:\program files\Steam\steam.exe" -silent
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" silent loginmode=4
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57104:TCP"= 57104:TCP:Pando Media Booster
"57104:UDP"= 57104:UDP:Pando Media Booster
"58692:TCP"= 58692:TCP:Pando Media Booster
"58692:UDP"= 58692:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"56730:TCP"= 56730:TCP:Pando Media Booster
"56730:UDP"= 56730:UDP:Pando Media Booster
"57294:TCP"= 57294:TCP:Pando Media Booster
"57294:UDP"= 57294:UDP:Pando Media Booster
"58056:TCP"= 58056:TCP:Pando
"58056:UDP"= 58056:UDP:Pando
"56101:TCP"= 56101:TCP:Pando Media Booster
"56101:UDP"= 56101:UDP:Pando Media Booster
"57783:TCP"= 57783:TCP:Pando Media Booster
"57783:UDP"= 57783:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2009 11:41 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.2.2011 18:25 218688]
R2 LG SCSI Commander;LG SCSI Commander;c:\windows\system32\LGAutorunService.exe [21.11.2009 13:52 135168]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23.11.2010 18:13 1483072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [18.6.2009 11:17 38176]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [31.7.2011 19:23 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [12.3.2011 14:55 24504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.2.2010 12:27 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp --> c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [24.7.2009 19:19 19020]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24.2.2010 12:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24.2.2010 12:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24.2.2010 12:27 121856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jktgzui
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\gprnrxxf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 00:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-117609710-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,25,3c,37,60,2e,9f,4c,6d,ef,dc,94,c4,d9,34,37,de,b3,06,55,cb,
37,b6,fa,47,f4,e7,0e,45,64,71,04,60,62,81,af,e7,8f,23,cc,d2,a9,89,f2,2c,c8,\
"rkeysecu"=hex:ea,51,8b,3d,f9,7e,2e,15,6d,6e,c3,6c,67,c5,28,38
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-13 00:18:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-12 22:18
ComboFix2.txt 2011-08-12 19:12
.
Před spuštěním: Volných bajtů: 191 383 732 224
Po spuštění: Volných bajtů: 191 259 815 936
.
- - End Of File - - 91FBDB6B9E782AC588DBDCDA1142BCDE
Re: Zpomalený internet a chod počítače
Jak to ted vypadá s počítačem?
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
Re: Zpomalený internet a chod počítače
Ten log je zde: http://www.edisk.cz/stahni/87095/kasper ... .83KB.html
Počítač už vypadá o moc lépe, Děkuji, ještě něco mam udělat nebo už můžu dát zelenou fajfku?
Počítač už vypadá o moc lépe, Děkuji, ještě něco mam udělat nebo už můžu dát zelenou fajfku?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zpomalený internet a chod počítače
AVP --OK
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Vlož nový log z HJT.
Používáš antivir AVG nebo F-Secure? Nejspíš jsou to oba jen zbytky...
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\ativpsrm.bin
c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp
c:\windows\system32\GameMon.des
Driver::
EagleXNt
GarenaPEngine
GGSAFERDriver
npggsvc
jktgzui
NetSvcs::
jktgzui
Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\gprnrxxf.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Vlož nový log z HJT.
Používáš antivir AVG nebo F-Secure? Nejspíš jsou to oba jen zbytky...
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Zpomalený internet a chod počítače
ComboFix 11-08-12.01 - Admin 13.08.2011 15:46:55.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1364 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp"
"c:\windows\ativpsrm.bin"
"c:\windows\system32\GameMon.des"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ativpsrm.bin
c:\windows\system32\GameMon.des
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Legacy_GARENAPENGINE
-------\Legacy_GGSAFERDRIVER
-------\Service_EagleXNt
-------\Service_GarenaPEngine
-------\Service_GGSAFERDriver
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-13 do 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-17 11:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-10 09:55 . 2011-08-10 09:55 5182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-08-09 00:04 . 2011-08-09 00:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2011-08-09 00:00 . 2011-08-09 00:02 -------- d-----w- c:\program files\TmNationsForever
2011-08-08 10:56 . 2011-08-08 10:56 -------- d-----w- C:\gPotato
2011-08-07 21:27 . 2011-08-08 10:56 2760410632 ----a-w- c:\program files\PriusClient20110613.exe
2011-08-02 20:39 . 2003-03-18 23:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-02 20:39 . 2006-04-29 12:25 40960 ----a-w- c:\windows\system32\psfind.dll
2011-08-01 17:36 . 2011-08-01 17:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Turbine
2011-08-01 17:14 . 2011-08-01 17:14 -------- d-----w- c:\program files\Turbine
2011-08-01 14:07 . 2011-08-01 17:13 -------- d-----w- c:\program files\DDO High Res Install Files
2011-08-01 14:05 . 2011-08-13 13:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2011-08-01 14:05 . 2011-08-08 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2011-07-31 18:03 . 2011-07-31 18:03 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pando
2011-07-31 17:36 . 2011-07-31 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-31 17:30 . 2011-07-31 17:30 -------- d-----w- c:\program files\AMD APP
2011-07-31 17:28 . 2011-07-08 03:15 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 17:28 . 2011-07-08 03:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 17:27 . 2011-07-31 17:27 -------- d-----w- c:\program files\ATI
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\eSupport.com
2011-07-31 17:23 . 2011-07-31 17:23 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-31 16:53 . 2011-07-31 16:53 -------- d-----w- c:\program files\TeamViewer
2011-07-31 14:23 . 2011-07-31 16:27 -------- d-----w- c:\program files\LOTRO Standard Res Install Files EN
2011-07-31 13:37 . 2011-07-31 13:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 09:49 . 2011-08-01 12:55 -------- d-----w- C:\Nexon
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\BandiMPEG1
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\Vindictus
2011-07-31 09:36 . 2011-08-01 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NexonUS
2011-07-27 15:46 . 2011-07-27 15:46 -------- d-----w- C:\games
2011-07-23 19:06 . 2011-07-23 19:28 -------- d-----w- c:\documents and settings\Admin\Data aplikací\TeamViewer
2011-07-22 20:02 . 2005-01-14 07:32 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2011-07-22 20:02 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-22 20:02 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\windows\PixArt
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Common Files\PCCamera
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Trust
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- c:\windows\Downloaded Installations
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- C:\download
2011-07-21 19:53 . 2011-07-21 21:10 -------- d-----w- c:\program files\Runes_of_Magic_4.0.0.2360_slim_eu
2011-07-21 19:53 . 2011-07-21 19:53 -------- d-----w- c:\documents and settings\Admin\Data aplikací\FOG Downloader
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\Admin\Data aplikací\f-secure
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\F-Secure
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Common Files\Java
2011-07-18 13:48 . 2011-07-18 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-18 13:48 . 2011-07-18 13:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Java
2011-07-18 13:38 . 2011-07-18 13:38 -------- d-----w- C:\$AVG
2011-07-18 13:34 . 2011-07-18 13:34 -------- d-----w- c:\documents and settings\Admin\Data aplikací\AVG10
2011-07-18 13:34 . 2011-07-18 13:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-18 13:33 . 2011-08-12 18:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-07-18 13:33 . 2011-08-12 18:55 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-18 13:32 . 2011-07-18 13:32 -------- d-----w- c:\program files\AVG
2011-07-18 13:29 . 2011-08-12 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-14 21:08 . 2011-07-14 21:38 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SLAnticheat
2011-07-14 21:07 . 2011-07-14 21:07 -------- d-----w- c:\program files\SPEEDLINK ANTICHEAT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 12:18 . 2010-12-03 22:26 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-13 12:17 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-13 12:17 . 2009-07-09 15:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-13 11:16 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-12 18:59 . 2011-05-29 07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 13:48 . 2010-11-12 16:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 04:12 . 2009-04-29 03:30 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2009-04-29 01:18 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2009-04-29 02:18 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2009-04-29 01:56 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:05 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2009-04-29 01:42 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 02:56 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2009-04-29 01:17 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2009-04-29 01:20 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2009-04-29 01:13 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:37 . 2011-07-07 21:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 09:43 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-07-07 09:43 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-06 17:52 . 2011-04-11 20:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-04-11 20:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 17:54 . 2011-06-30 17:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-24 14:10 . 2009-06-18 09:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 13:26 . 2009-07-10 19:47 138056 ----a-w- c:\documents and settings\Admin\Data aplikací\PnkBstrK.sys
2011-06-05 13:26 . 2010-12-03 22:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-26 14:17 . 2009-06-18 11:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-29 14:29 . 2011-03-29 16:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_19.11.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-13 13:55 . 2011-08-13 13:55 16384 c:\windows\temp\Perflib_Perfdata_44c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-19 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-07 3077528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="c:\program files\Steam\steam.exe" -silent
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" silent loginmode=4
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57104:TCP"= 57104:TCP:Pando Media Booster
"57104:UDP"= 57104:UDP:Pando Media Booster
"58692:TCP"= 58692:TCP:Pando Media Booster
"58692:UDP"= 58692:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"56730:TCP"= 56730:TCP:Pando Media Booster
"56730:UDP"= 56730:UDP:Pando Media Booster
"57294:TCP"= 57294:TCP:Pando Media Booster
"57294:UDP"= 57294:UDP:Pando Media Booster
"58056:TCP"= 58056:TCP:Pando
"58056:UDP"= 58056:UDP:Pando
"56101:TCP"= 56101:TCP:Pando Media Booster
"56101:UDP"= 56101:UDP:Pando Media Booster
"57783:TCP"= 57783:TCP:Pando Media Booster
"57783:UDP"= 57783:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2009 11:41 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.2.2011 18:25 218688]
R2 LG SCSI Commander;LG SCSI Commander;c:\windows\system32\LGAutorunService.exe [21.11.2009 13:52 135168]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23.11.2010 18:13 1483072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [18.6.2009 11:17 38176]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [31.7.2011 19:23 23456]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [12.3.2011 14:55 24504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.2.2010 12:27 36608]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [24.7.2009 19:19 19020]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24.2.2010 12:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24.2.2010 12:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24.2.2010 12:27 121856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\gprnrxxf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.facebook.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-117609710-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,25,3c,37,60,2e,9f,4c,6d,ef,dc,94,c4,d9,34,37,de,b3,06,55,cb,
37,b6,fa,47,f4,e7,0e,45,64,71,04,60,62,81,af,e7,8f,23,cc,d2,a9,89,f2,2c,c8,\
"rkeysecu"=hex:ea,51,8b,3d,f9,7e,2e,15,6d,6e,c3,6c,67,c5,28,38
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-13 15:58:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-13 13:58
ComboFix2.txt 2011-08-12 22:18
ComboFix3.txt 2011-08-12 19:12
.
Před spuštěním: Volných bajtů: 191 155 789 824
Po spuštění: Volných bajtů: 191 142 334 464
.
- - End Of File - - 00516BE56EF5F3BB76CC13065DF8C8C0
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1364 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\docume~1\Admin\LOCALS~1\Temp\XTU1490.tmp"
"c:\windows\ativpsrm.bin"
"c:\windows\system32\GameMon.des"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ativpsrm.bin
c:\windows\system32\GameMon.des
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Legacy_GARENAPENGINE
-------\Legacy_GGSAFERDRIVER
-------\Service_EagleXNt
-------\Service_GarenaPEngine
-------\Service_GGSAFERDriver
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-13 do 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-17 11:31 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-10 09:55 . 2011-08-10 09:55 5182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-08-09 00:04 . 2011-08-09 00:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2011-08-09 00:00 . 2011-08-09 00:02 -------- d-----w- c:\program files\TmNationsForever
2011-08-08 10:56 . 2011-08-08 10:56 -------- d-----w- C:\gPotato
2011-08-07 21:27 . 2011-08-08 10:56 2760410632 ----a-w- c:\program files\PriusClient20110613.exe
2011-08-02 20:39 . 2003-03-18 23:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-02 20:39 . 2006-04-29 12:25 40960 ----a-w- c:\windows\system32\psfind.dll
2011-08-01 17:36 . 2011-08-01 17:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Turbine
2011-08-01 17:14 . 2011-08-01 17:14 -------- d-----w- c:\program files\Turbine
2011-08-01 14:07 . 2011-08-01 17:13 -------- d-----w- c:\program files\DDO High Res Install Files
2011-08-01 14:05 . 2011-08-13 13:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2011-08-01 14:05 . 2011-08-08 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2011-07-31 18:03 . 2011-07-31 18:03 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pando
2011-07-31 17:36 . 2011-07-31 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-31 17:30 . 2011-07-31 17:30 -------- d-----w- c:\program files\AMD APP
2011-07-31 17:28 . 2011-07-08 03:15 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-31 17:28 . 2011-07-08 03:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-31 17:27 . 2011-07-31 17:27 -------- d-----w- c:\program files\ATI
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\eSupport.com
2011-07-31 17:23 . 2011-07-31 17:23 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-31 16:53 . 2011-07-31 16:53 -------- d-----w- c:\program files\TeamViewer
2011-07-31 14:23 . 2011-07-31 16:27 -------- d-----w- c:\program files\LOTRO Standard Res Install Files EN
2011-07-31 13:37 . 2011-07-31 13:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 09:49 . 2011-08-01 12:55 -------- d-----w- C:\Nexon
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\BandiMPEG1
2011-07-31 09:43 . 2011-07-31 09:43 -------- d-----w- c:\program files\Vindictus
2011-07-31 09:36 . 2011-08-01 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NexonUS
2011-07-27 15:46 . 2011-07-27 15:46 -------- d-----w- C:\games
2011-07-23 19:06 . 2011-07-23 19:28 -------- d-----w- c:\documents and settings\Admin\Data aplikací\TeamViewer
2011-07-22 20:02 . 2005-01-14 07:32 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2011-07-22 20:02 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-07-22 20:02 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\windows\PixArt
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Common Files\PCCamera
2011-07-22 20:02 . 2011-07-22 20:02 -------- d-----w- c:\program files\Trust
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- c:\windows\Downloaded Installations
2011-07-22 20:01 . 2011-07-22 20:01 -------- d-----w- C:\download
2011-07-21 19:53 . 2011-07-21 21:10 -------- d-----w- c:\program files\Runes_of_Magic_4.0.0.2360_slim_eu
2011-07-21 19:53 . 2011-07-21 19:53 -------- d-----w- c:\documents and settings\Admin\Data aplikací\FOG Downloader
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\Admin\Data aplikací\f-secure
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\F-Secure
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Common Files\Java
2011-07-18 13:48 . 2011-07-18 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-18 13:48 . 2011-07-18 13:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\program files\Java
2011-07-18 13:38 . 2011-07-18 13:38 -------- d-----w- C:\$AVG
2011-07-18 13:34 . 2011-07-18 13:34 -------- d-----w- c:\documents and settings\Admin\Data aplikací\AVG10
2011-07-18 13:34 . 2011-07-18 13:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-18 13:33 . 2011-08-12 18:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-07-18 13:33 . 2011-08-12 18:55 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-18 13:32 . 2011-07-18 13:32 -------- d-----w- c:\program files\AVG
2011-07-18 13:29 . 2011-08-12 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-14 21:08 . 2011-07-14 21:38 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SLAnticheat
2011-07-14 21:07 . 2011-07-14 21:07 -------- d-----w- c:\program files\SPEEDLINK ANTICHEAT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 12:18 . 2010-12-03 22:26 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-13 12:17 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-13 12:17 . 2009-07-09 15:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-13 11:16 . 2010-12-03 22:26 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-12 18:59 . 2011-05-29 07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 13:48 . 2010-11-12 16:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 04:12 . 2009-04-29 03:30 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2009-04-29 01:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2009-04-29 01:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2009-04-29 01:18 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2009-04-29 01:45 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2009-04-29 02:18 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2009-04-29 02:17 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2009-04-29 01:56 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:05 . 2009-04-29 02:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2009-04-29 02:06 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2009-04-29 02:04 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2009-04-29 01:42 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 02:56 . 2009-04-29 01:22 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2009-04-29 01:17 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2009-04-29 01:20 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2009-04-29 01:13 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2009-04-29 01:26 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:37 . 2011-07-07 21:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 09:43 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-07-07 09:43 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-06 17:52 . 2011-04-11 20:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-04-11 20:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 17:54 . 2011-06-30 17:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-24 14:10 . 2009-06-18 09:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 13:26 . 2009-07-10 19:47 138056 ----a-w- c:\documents and settings\Admin\Data aplikací\PnkBstrK.sys
2011-06-05 13:26 . 2010-12-03 22:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-26 14:17 . 2009-06-18 11:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-29 14:29 . 2011-03-29 16:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_19.11.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-13 13:55 . 2011-08-13 13:55 16384 c:\windows\temp\Perflib_Perfdata_44c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-19 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-07 3077528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="c:\program files\Steam\steam.exe" -silent
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" silent loginmode=4
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\Pando.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\brink\\brink.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57104:TCP"= 57104:TCP:Pando Media Booster
"57104:UDP"= 57104:UDP:Pando Media Booster
"58692:TCP"= 58692:TCP:Pando Media Booster
"58692:UDP"= 58692:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"56730:TCP"= 56730:TCP:Pando Media Booster
"56730:UDP"= 56730:UDP:Pando Media Booster
"57294:TCP"= 57294:TCP:Pando Media Booster
"57294:UDP"= 57294:UDP:Pando Media Booster
"58056:TCP"= 58056:TCP:Pando
"58056:UDP"= 58056:UDP:Pando
"56101:TCP"= 56101:TCP:Pando Media Booster
"56101:UDP"= 56101:UDP:Pando Media Booster
"57783:TCP"= 57783:TCP:Pando Media Booster
"57783:UDP"= 57783:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.7.2009 11:41 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.2.2011 18:25 218688]
R2 LG SCSI Commander;LG SCSI Commander;c:\windows\system32\LGAutorunService.exe [21.11.2009 13:52 135168]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23.11.2010 18:13 1483072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [18.6.2009 11:17 38176]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [31.7.2011 19:23 23456]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [12.3.2011 14:55 24504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.2.2010 12:27 36608]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [24.7.2009 19:19 19020]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24.2.2010 12:27 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24.2.2010 12:27 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24.2.2010 12:27 121856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\gprnrxxf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.facebook.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-117609710-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,25,3c,37,60,2e,9f,4c,6d,ef,dc,94,c4,d9,34,37,de,b3,06,55,cb,
37,b6,fa,47,f4,e7,0e,45,64,71,04,60,62,81,af,e7,8f,23,cc,d2,a9,89,f2,2c,c8,\
"rkeysecu"=hex:ea,51,8b,3d,f9,7e,2e,15,6d,6e,c3,6c,67,c5,28,38
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-13 15:58:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-13 13:58
ComboFix2.txt 2011-08-12 22:18
ComboFix3.txt 2011-08-12 19:12
.
Před spuštěním: Volných bajtů: 191 155 789 824
Po spuštění: Volných bajtů: 191 142 334 464
.
- - End Of File - - 00516BE56EF5F3BB76CC13065DF8C8C0
Re: Zpomalený internet a chod počítače
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:00:09, on 13.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LGAutorunService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\bin32\nSvcIp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LG SCSI Commander - Unknown owner - C:\WINDOWS\system32\LGAutorunService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
--
End of file - 8825 bytes
Momentálně nepoužívám žádny, používal jsem AVG, ale to jsem smazal kvuli Combofixu, pak zase nainstaluju
Scan saved at 16:00:09, on 13.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LGAutorunService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\bin32\nSvcIp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LG SCSI Commander - Unknown owner - C:\WINDOWS\system32\LGAutorunService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
--
End of file - 8825 bytes
Momentálně nepoužívám žádny, používal jsem AVG, ale to jsem smazal kvuli Combofixu, pak zase nainstaluju
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Zpomalený internet a chod počítače
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
HJT je ok
Z free antivirů ti doporučím AVAST
Jak se chová PC?
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
HJT je ok
Z free antivirů ti doporučím AVAST
Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Zpomalený internet a chod počítače
PC už je nejspíše v pořádku, chod se opět zrychlil, dík moc :)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 41 hostů