Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

problemovy chod PC - prosba o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Ivi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 20 úno 2010 14:28

problemovy chod PC - prosba o kontrolu logu

#1 Příspěvek od Ivi »

Zdravím a prosím o pomoc: PC je pomalejší, už nějakou dobu mi nejdou stahovat updaty pro Windows, přestal fungovat Avast i NOD32, při pokusech o instalaci zkušební verze ESET Smart Security to vyhazuje hlášku "Službu ESET SERVICE (ekrn) nelze spustit".. asi je jisté, že mám v PC nějaké mrchy, jen si s nimi neumím poradit. Předem díky a prosím o shovívavost, nejsem zrovna zkušená PC uživatelka.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Pavel at 2010-02-20 14:25:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (7%) free of 238 GB
Total RAM: 3582 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:10, on 20.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pavel\My Documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: netuza32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6153284265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6659499218
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Alerter AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\system32\wpv661237470773.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Image Acquisition (WIA) stisvcNetman (stisvcNetman) - Unknown owner - C:\WINDOWS\system32\a3dl.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 14773 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-03-24 1194496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
iWin Toolbar - C:\Program Files\iWin\tbiWi1.dll [2010-02-14 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-03-24 1194496]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{ce0c2586-da36-452b-acdb-320d9bcb19bf} - iWin Toolbar - C:\Program Files\iWin\tbiWi1.dll [2010-02-14 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-03-15 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-03-15 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-03-15 455168]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"GBB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-07-12 356352]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]
"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-11-10 406016]
"Pinnacle WebUpdater"=C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe [2006-08-24 385024]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-09-29 49152]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-03-20 331776]
"CnxDslTaskBar"=C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe [2004-04-29 462848]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2003-01-30 196608]
"HPHmon03"=C:\WINDOWS\system32\hphmon03.exe [2003-01-30 311296]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-02 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2009-06-14 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe [2004-08-17 143360]
"PMCS"=C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe [2006-07-25 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-03-04 171448]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-02-20 1217872]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

C:\Documents and Settings\Pavel\Start Menu\Programs\Startup
netuza32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PSST.exe"="C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Disabled:WinDVD"
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe"="C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW"
"C:\Games\Neverwinter Nights 2\nwn2main.exe"="C:\Games\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Games\Neverwinter Nights 2\nwupdate.exe"="C:\Games\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Games\Neverwinter Nights 2\nwn2server.exe"="C:\Games\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Games\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Games\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Games\iWinGames.exe"="C:\Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Games\WebUpdater.exe"="C:\Games\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Games\Mass Effect\Binaries\MassEffect.exe"="C:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Games\Mass Effect\MassEffectLauncher.exe"="C:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{808463de-8f92-11db-8301-0016e68ceb81}]
shell\AutoRun\command - InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2010-02-20 14:25:55 ----D---- C:\rsit
2010-02-20 14:25:55 ----D---- C:\Program Files\trend micro
2010-02-20 14:14:44 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2010-02-20 14:04:47 ----A---- C:\WINDOWS\system32\atimpc32.dll
2010-02-20 14:04:47 ----A---- C:\WINDOWS\system32\aticalrt.dll
2010-02-20 14:04:47 ----A---- C:\WINDOWS\system32\aticaldd.dll
2010-02-20 14:04:47 ----A---- C:\WINDOWS\system32\aticalcl.dll
2010-02-20 14:04:47 ----A---- C:\WINDOWS\system32\atibtmon.exe
2010-02-20 14:04:47 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2010-02-20 14:04:25 ----D---- C:\Program Files\ATI
2010-02-19 15:36:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-19 15:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-18 19:32:18 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-02-13 11:11:12 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-02-09 21:04:12 ----D---- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
2010-02-04 19:48:19 ----D---- C:\Program Files\iPod
2010-02-04 19:48:14 ----D---- C:\Program Files\iTunes
2010-01-28 22:18:05 ----D---- C:\Program Files\Realore

======List of files/folders modified in the last 1 months======

2010-02-20 14:25:55 ----RD---- C:\Program Files
2010-02-20 14:16:42 ----D---- C:\WINDOWS
2010-02-20 14:15:56 ----SD---- C:\WINDOWS\Tasks
2010-02-20 14:15:29 ----D---- C:\Program Files\Steam
2010-02-20 14:15:12 ----D---- C:\WINDOWS\Temp
2010-02-20 14:14:48 ----A---- C:\checkrun.txt
2010-02-20 14:13:51 ----HD---- C:\WINDOWS\inf
2010-02-20 14:13:44 ----D---- C:\WINDOWS\Registration
2010-02-20 14:13:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-20 14:12:29 ----D---- C:\WINDOWS\system32
2010-02-20 14:11:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-20 14:11:04 ----A---- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-10081102}.BAK
2010-02-20 14:08:57 ----SHD---- C:\WINDOWS\Installer
2010-02-20 14:08:10 ----RSD---- C:\WINDOWS\assembly
2010-02-20 14:07:48 ----D---- C:\WINDOWS\WinSxS
2010-02-20 14:07:10 ----D---- C:\Program Files\ATI Technologies
2010-02-20 14:05:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-20 14:04:55 ----D---- C:\WINDOWS\system32\drivers
2010-02-20 14:04:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-20 14:04:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-20 13:47:40 ----A---- C:\WINDOWS\wincmd.ini
2010-02-20 11:48:55 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-20 10:52:22 ----D---- C:\WINDOWS\Help
2010-02-20 10:52:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-20 09:14:30 ----D---- C:\Program Files\Mozilla Firefox
2010-02-20 09:08:50 ----D---- C:\WINDOWS\system32\config
2010-02-19 20:12:55 ----D---- C:\Program Files\Spyware Terminator
2010-02-19 20:12:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-02-19 19:09:41 ----D---- C:\Documents and Settings\Pavel\Application Data\Spyware Terminator
2010-02-19 18:58:59 ----D---- C:\Program Files\EMCO Malware Destroyer
2010-02-19 14:56:24 ----D---- C:\Program Files\ESET
2010-02-17 20:31:43 ----D---- C:\Program Files\Games
2010-02-17 18:43:27 ----D---- C:\Program Files\iWin.com
2010-02-17 18:42:36 ----D---- C:\Program Files\iWin Games
2010-02-17 18:41:55 ----D---- C:\WINDOWS\Prefetch
2010-02-13 17:01:49 ----D---- C:\Documents and Settings\Pavel\Application Data\ZoomBrowser EX
2010-02-13 17:01:49 ----D---- C:\Documents and Settings\Pavel\Application Data\CameraWindowDC
2010-02-09 20:59:37 ----D---- C:\Program Files\LeeGTs Games
2010-02-09 20:14:42 ----D---- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
2010-02-09 20:13:50 ----D---- C:\Program Files\Alawar
2010-02-04 19:48:16 ----D---- C:\Program Files\Common Files\Apple
2010-02-04 19:44:14 ----D---- C:\Program Files\QuickTime
2010-02-03 17:42:19 ----D---- C:\Program Files\ICQ6.5
2010-02-03 05:07:36 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2010-02-03 05:02:40 ----A---- C:\WINDOWS\system32\atioglxx.dll
2010-02-03 04:50:38 ----A---- C:\WINDOWS\system32\ati3duag.dll
2010-02-03 04:40:36 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2010-02-03 04:39:38 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2010-02-03 04:35:14 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2010-02-03 04:32:50 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2010-02-03 04:23:42 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2010-02-03 04:23:24 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2010-02-03 04:23:10 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2010-02-03 04:23:00 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2010-02-03 04:22:44 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2010-02-03 04:21:20 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2010-02-03 04:19:52 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2010-02-03 04:18:04 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2010-02-03 04:15:06 ----A---- C:\WINDOWS\system32\atikvmag.dll
2010-02-03 04:12:54 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2010-02-03 04:12:24 ----A---- C:\WINDOWS\system32\atitvo32.dll
2010-02-03 04:06:08 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2010-01-28 21:22:31 ----D---- C:\GameHouse Games
2010-01-28 21:22:29 ----D---- C:\Program Files\RealArcade
2010-01-22 19:21:29 ----D---- C:\Program Files\Farm Mania 2
2010-01-21 22:23:42 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2009-12-26 3033200]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-11-13 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-11-13 25888]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-05-26 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 12160]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\system32\DRIVERS\hphid409.sys [2003-01-30 50800]
R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\system32\DRIVERS\hphipr09.sys [2003-01-30 16112]
R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2003-01-30 50211]
R3 Dot4Usb HPH09;Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [2003-01-30 18864]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-15 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-12-14 223128]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-12 248192]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 646400]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 108771]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Razerlow;Razer Copperhead Driver; C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-08-12 19020]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-15 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2010-01-21 78104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2005-05-04 9150464]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-22 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-31 487424]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-01 217600]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
R3 Pml Driver;Pml Driver; C:\WINDOWS\system32\HPHipm09.exe [2003-01-30 77824]
S2 AlerterALG;Alerter AlerterALG; C:\WINDOWS\system32\wpv661237470773.exe run []
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2009-12-26 316816]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 stisvcNetman;Windows Image Acquisition (WIA) stisvcNetman; C:\WINDOWS\system32\a3dl.exe [2009-05-17 50176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-04 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119402
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: problemovy chod PC - prosba o kontrolu logu

#2 Příspěvek od Rudy »

Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
V tento okamžik máte zcela nechráněný PC. Antivir není nainstalován.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Ivi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 20 úno 2010 14:28

Re: problemovy chod PC - prosba o kontrolu logu

#3 Příspěvek od Ivi »

Díky že se mi věnujete. :) Ad antiviráky: ano, vím, všechny (Avast, Eset SS) jsem odinstalovala jelikož přestaly fungovat nebo se mi je ani nepovedlo nainstalovat, právě asi kvůli zavirování PC.
Konečně mi vyskočila nabídka automických updatů pro Windows, ta se už dlouho neobjevovala - zdá se, že se něco hnulo k lepšímu.. že bych se mohla opatrně začít radovat? :) Mohu updaty rovnou nechat nainstalovat nebo mám ještě počkat dokud to tu pod vaším vedením nedočistím..?

Log z ComboFix zde:

ComboFix 10-02-20.01 - Pavel 20.02.2010 20:03:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3582.3079 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pavel\Application Data\avdrn.dat
c:\documents and settings\Pavel\Application Data\wiaserva.log
c:\documents and settings\Pavel\Start Menu\Programs\Startup\netuza32.exe
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\iWin\tbiWi1.dll
C:\toolbar.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\2353304385.dat
c:\windows\system32\a3dl.exe
c:\windows\system32\drivers\bvsrn.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_stisvcnetman
-------\Service_stisvcNetman
-------\Legacy_bvsrn
-------\Service_bvsrn


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-20 do 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-20 13:25 . 2010-02-20 13:26 -------- d-----w- C:\rsit
2010-02-20 13:25 . 2010-02-20 13:26 -------- d-----w- c:\program files\trend micro
2010-02-20 13:14 . 2010-02-20 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-20 13:04 . 2010-02-03 04:12 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-20 13:04 . 2010-02-03 04:12 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-20 13:04 . 2010-02-03 04:10 3633152 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-20 13:04 . 2010-02-03 03:19 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-20 13:04 . 2010-02-03 03:18 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-20 13:04 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-02-20 13:04 . 2010-02-20 13:08 -------- d-----w- c:\program files\ATI
2010-02-19 14:36 . 2010-02-19 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-19 14:36 . 2010-02-19 14:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-18 18:38 . 2010-02-18 18:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-18 18:32 . 2010-02-18 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-17 19:33 . 2010-02-17 19:33 -------- d-----w- c:\documents and settings\Pavel\Maximize Games
2010-02-13 10:11 . 2010-02-13 10:11 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-09 20:04 . 2010-02-09 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2010-02-04 18:48 . 2010-02-04 18:48 -------- d-----w- c:\program files\iPod
2010-02-04 18:48 . 2010-02-04 18:49 -------- d-----w- c:\program files\iTunes
2010-01-28 21:18 . 2010-01-28 21:18 -------- d-----w- c:\program files\Realore

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 19:13 . 2008-05-26 21:18 -------- d-----w- c:\program files\Steam
2010-02-20 19:07 . 2009-09-15 19:39 -------- d-----w- c:\program files\iWin Games
2010-02-20 19:07 . 2009-08-16 17:34 -------- d-----w- c:\program files\iWin
2010-02-20 18:53 . 2009-03-31 19:34 -------- d-----w- c:\documents and settings\Pavel\Application Data\Spyware Terminator
2010-02-20 18:53 . 2009-03-31 19:34 -------- d-----w- c:\program files\Spyware Terminator
2010-02-20 18:30 . 2009-11-21 16:12 -------- d-----w- c:\program files\Common Files\BioWare
2010-02-20 15:09 . 2007-02-11 14:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-20 13:07 . 2008-12-12 23:00 -------- d-----w- c:\program files\ATI Technologies
2010-02-19 19:12 . 2009-03-31 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-19 17:58 . 2009-03-31 14:40 -------- d-----w- c:\program files\EMCO Malware Destroyer
2010-02-19 13:56 . 2006-12-14 11:39 -------- d-----w- c:\program files\ESET
2010-02-17 19:31 . 2009-09-28 19:27 -------- d-----w- c:\program files\Games
2010-02-17 17:43 . 2007-02-14 23:32 -------- d-----w- c:\program files\iWin.com
2010-02-13 16:01 . 2007-10-07 14:04 -------- d-----w- c:\documents and settings\Pavel\Application Data\ZoomBrowser EX
2010-02-13 16:01 . 2007-10-07 13:57 -------- d-----w- c:\documents and settings\Pavel\Application Data\CameraWindowDC
2010-02-13 10:11 . 2010-02-13 10:11 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\sgcpom.dat
2010-02-09 19:59 . 2009-08-16 18:23 -------- d-----w- c:\program files\LeeGTs Games
2010-02-09 19:14 . 2009-11-06 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-02-09 19:13 . 2009-11-06 21:16 -------- d-----w- c:\program files\Alawar
2010-02-04 18:48 . 2009-08-20 18:12 -------- d-----w- c:\program files\Common Files\Apple
2010-02-04 18:44 . 2008-06-30 18:59 -------- d-----w- c:\program files\QuickTime
2010-02-03 16:42 . 2009-07-19 18:09 -------- d-----w- c:\program files\ICQ6.5
2010-02-03 04:52 . 2008-05-11 10:02 4605952 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:07 . 2008-12-01 20:19 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-03 04:02 . 2008-12-01 20:46 14188544 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2008-05-11 10:02 3566048 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-03 03:40 . 2008-12-01 20:52 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-03 03:39 . 2008-05-11 10:02 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2008-05-11 10:02 2176640 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-03 03:34 . 2008-12-01 20:11 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-03 03:34 . 2008-12-01 20:11 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-03 03:32 . 2008-12-01 19:50 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2008-12-01 20:41 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2008-12-01 20:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2008-12-01 20:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2008-12-01 20:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2008-12-01 20:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2008-12-01 20:38 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2008-12-01 20:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-03 03:18 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2008-12-01 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2008-12-01 19:53 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2008-12-01 19:52 180224 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2008-12-01 19:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2008-05-11 10:02 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-01-28 20:22 . 2009-08-16 17:43 -------- d-----w- c:\program files\RealArcade
2010-01-22 18:21 . 2010-01-09 22:07 -------- d-----w- c:\program files\Farm Mania 2
2010-01-20 19:25 . 2009-03-01 16:34 -------- d-----w- c:\program files\Delicious Deluxe
2010-01-10 19:47 . 2006-12-14 19:24 -------- d-----w- c:\documents and settings\Pavel\Application Data\Corel
2010-01-10 19:47 . 2006-12-14 19:19 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-09 21:58 . 2008-10-07 19:04 -------- d-----w- c:\documents and settings\Pavel\Application Data\PlayFirst
2010-01-09 21:58 . 2010-01-09 21:58 -------- d-----w- c:\program files\Avenue Flo
2010-01-03 15:24 . 2006-12-14 11:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 20:09 . 2009-12-26 20:09 3033200 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2009-12-26 20:09 . 2009-12-26 20:09 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2009-12-26 19:10 . 2009-12-26 19:10 -------- d-----w- c:\program files\Common Files\DirectX
2009-12-26 18:51 . 2007-09-23 14:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 18:50 . 2006-12-18 10:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-26 18:49 . 2009-12-26 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Divinity 2
2009-12-04 21:17 . 2008-10-30 14:45 198341 ----a-w- c:\windows\system32\atiicdxx.dat
2006-12-14 19:29 . 2006-12-14 19:19 88 --sh--r- c:\windows\system32\D6B12AA3A4.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2004-08-17 143360]
"PMCS"="c:\program files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-07-25 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-03-04 171448]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-20 1217872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"Pinnacle WebUpdater"="c:\program files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" [2006-08-24 385024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2004-04-29 462848]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2003-01-30 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 14:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Games\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Games\\iWinGames.exe"=
"c:\\Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.12.2006 19:43 642560]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26.12.2009 21:09 3033200]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [31.3.2009 20:34 142592]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [21.1.2010 20:12 78104]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [27.5.2005 12:51 1121536]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [30.12.2002 10:53 12160]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [23.12.2006 15:20 18864]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [14.12.2006 19:44 223128]
S2 AlerterALG;Alerter AlerterALG;c:\windows\system32\wpv661237470773.exe run --> c:\windows\system32\wpv661237470773.exe run [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [23.12.2006 15:50 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [23.12.2006 15:50 646400]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [23.12.2006 15:50 108771]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [21.11.2009 17:21 25832]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [23.12.2006 16:53 19020]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-02-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
FF - ProfilePath - c:\documents and settings\Pavel\Application Data\Mozilla\Firefox\Profiles\rk02r6yj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://mikrocony.avari.cz/new
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iWin\tbiWi1.dll
BHO-{ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iWin\tbiWi1.dll
Toolbar-{ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iWin\tbiWi1.dll
WebBrowser-{CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - c:\program files\iWin\tbiWi1.dll
AddRemove-AGEIA PhysX v2.3.3 - c:\program files\AGEIA Technologies\uninstall.exe
AddRemove-Bejeweled 2 Deluxe_is1 - c:\games\Bejeweled 2 Deluxe\ReflexiveArcade\unins000.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Tumblebugs - c:\progra~1\SHOCKW~1.COM\TUMBLE~1\UNWISE.EXE
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 20:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\TEMP\TMP000000604ECACA8154CDC3DF 524288 bytes
c:\windows\system32\cdm.dll.wusetup.270734.bak 92696 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.280078.bak 51224 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.286093.bak 1809944 bytes executable

sken byl úspešně dokončen
skryté soubory: 4

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8B7833D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8b7833d0
\Driver\ACPI -> ACPI.sys @ 0xb9e97cb8
\Driver\atapi -> prosync1.sys @ 0xba5b06c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9beebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9bfba21
SendHandler -> NDIS.sys @ 0xb9bd987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-515967899-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fd,f3,58,be,87,46,5c,b9,d1,63,85,bd,c5,d1,4d,7b,65,49,be,0a,72,03,7c,
90,e0,b3,21,82,21,dc,6c,e2,da,d2,03,12,8a,7c,e1,70,48,da,7e,81,e1,3a,aa,06,\
"??"=hex:d2,eb,f2,dc,4d,da,43,cc,15,fc,b2,41,aa,a0,de,b4

[HKEY_USERS\S-1-5-21-776561741-515967899-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ec,23,fa,27,cd,a9,00,d2,52,b6,87,d3,31,14,4b,9b,4d,1a,0f,3d,c7,
dc,a9,c3,b8,42,ab,26,59,16,aa,c7,06,70,7f,e1,cb,13,42,17,15,08,7c,c0,d4,b3,\
"rkeysecu"=hex:2e,aa,ec,34,a3,2c,00,69,ee,d5,b1,97,e4,ae,32,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(212)
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\HPHipm09.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
.
**************************************************************************
.
Celkový čas: 2010-02-20 20:21:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-20 19:21

Před spuštěním: 27 192 930 304 bytes free
Po spuštění: 27 376 328 704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - AA57443B42B62070FDB7DF89E056DF62

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119402
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: problemovy chod PC - prosba o kontrolu logu

#4 Příspěvek od Rudy »

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\D6B12AA3A4.sys
c:\windows\system32\wpv661237470773.exe

Driver::
AlerterALG
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Ivi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 20 úno 2010 14:28

Re: problemovy chod PC - prosba o kontrolu logu

#5 Příspěvek od Ivi »

Hotovo. Jak to vypadá..?

ComboFix 10-02-20.03 - Pavel 20.02.2010 22:16:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3582.2836 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

file zipped: c:\windows\system32\D6B12AA3A4.sys
file zipped: c:\windows\system32\fjhdyfhsn.bat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\D6B12AA3A4.sys
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALERTERALG
-------\Service_AlerterALG


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-20 do 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-20 21:12 . 2010-02-20 21:12 -------- d-sh--w- c:\documents and settings\Pavel\IETldCache
2010-02-20 20:16 . 2010-02-20 20:16 -------- d-----w- c:\documents and settings\Pavel\Application Data\ESET
2010-02-20 20:15 . 2010-02-20 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-02-20 19:58 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-20 19:57 . 2010-02-20 19:58 -------- d-----w- c:\windows\ie8updates
2010-02-20 19:57 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-20 19:57 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-20 19:56 . 2010-02-20 19:57 -------- dc-h--w- c:\windows\ie8
2010-02-20 19:28 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-20 19:27 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-20 19:27 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-20 19:27 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-20 19:25 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 19:25 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-20 13:25 . 2010-02-20 13:26 -------- d-----w- C:\rsit
2010-02-20 13:25 . 2010-02-20 13:26 -------- d-----w- c:\program files\trend micro
2010-02-20 13:14 . 2010-02-20 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-20 13:04 . 2010-02-03 04:12 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-20 13:04 . 2010-02-03 04:12 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-20 13:04 . 2010-02-03 04:10 3633152 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-20 13:04 . 2010-02-03 03:19 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-20 13:04 . 2010-02-03 03:18 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-20 13:04 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-02-20 13:04 . 2010-02-20 13:08 -------- d-----w- c:\program files\ATI
2010-02-19 14:36 . 2010-02-19 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-19 14:36 . 2010-02-19 14:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-18 18:38 . 2010-02-18 18:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-18 18:32 . 2010-02-18 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-17 19:33 . 2010-02-17 19:33 -------- d-----w- c:\documents and settings\Pavel\Maximize Games
2010-02-09 20:04 . 2010-02-09 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2010-02-04 18:48 . 2010-02-04 18:48 -------- d-----w- c:\program files\iPod
2010-02-04 18:48 . 2010-02-04 18:49 -------- d-----w- c:\program files\iTunes
2010-01-28 21:18 . 2010-01-28 21:18 -------- d-----w- c:\program files\Realore

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 21:30 . 2008-05-26 21:18 -------- d-----w- c:\program files\Steam
2010-02-20 21:08 . 2008-05-11 10:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-20 19:07 . 2009-09-15 19:39 -------- d-----w- c:\program files\iWin Games
2010-02-20 19:07 . 2009-08-16 17:34 -------- d-----w- c:\program files\iWin
2010-02-20 18:53 . 2009-03-31 19:34 -------- d-----w- c:\documents and settings\Pavel\Application Data\Spyware Terminator
2010-02-20 18:53 . 2009-03-31 19:34 -------- d-----w- c:\program files\Spyware Terminator
2010-02-20 18:30 . 2009-11-21 16:12 -------- d-----w- c:\program files\Common Files\BioWare
2010-02-20 15:09 . 2007-02-11 14:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-20 13:07 . 2008-12-12 23:00 -------- d-----w- c:\program files\ATI Technologies
2010-02-19 19:12 . 2009-03-31 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-19 17:58 . 2009-03-31 14:40 -------- d-----w- c:\program files\EMCO Malware Destroyer
2010-02-19 13:56 . 2006-12-14 11:39 -------- d-----w- c:\program files\ESET
2010-02-17 19:31 . 2009-09-28 19:27 -------- d-----w- c:\program files\Games
2010-02-17 17:43 . 2007-02-14 23:32 -------- d-----w- c:\program files\iWin.com
2010-02-13 16:01 . 2007-10-07 14:04 -------- d-----w- c:\documents and settings\Pavel\Application Data\ZoomBrowser EX
2010-02-13 16:01 . 2007-10-07 13:57 -------- d-----w- c:\documents and settings\Pavel\Application Data\CameraWindowDC
2010-02-13 10:11 . 2010-02-13 10:11 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\sgcpom.dat
2010-02-09 19:59 . 2009-08-16 18:23 -------- d-----w- c:\program files\LeeGTs Games
2010-02-09 19:14 . 2009-11-06 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-02-09 19:13 . 2009-11-06 21:16 -------- d-----w- c:\program files\Alawar
2010-02-04 18:48 . 2009-08-20 18:12 -------- d-----w- c:\program files\Common Files\Apple
2010-02-04 18:44 . 2008-06-30 18:59 -------- d-----w- c:\program files\QuickTime
2010-02-03 16:42 . 2009-07-19 18:09 -------- d-----w- c:\program files\ICQ6.5
2010-02-03 04:52 . 2008-05-11 10:02 4605952 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:07 . 2008-12-01 20:19 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-03 04:02 . 2008-12-01 20:46 14188544 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2008-05-11 10:02 3566048 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-03 03:40 . 2008-12-01 20:52 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-03 03:39 . 2008-05-11 10:02 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2008-05-11 10:02 2176640 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-03 03:34 . 2008-12-01 20:11 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-03 03:34 . 2008-12-01 20:11 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-03 03:32 . 2008-12-01 19:50 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2008-12-01 20:41 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2008-12-01 20:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2008-12-01 20:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2008-12-01 20:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2008-12-01 20:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2008-12-01 20:38 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2008-12-01 20:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-03 03:18 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2008-12-01 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2008-12-01 19:53 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2008-12-01 19:52 180224 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2008-12-01 19:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2008-05-11 10:02 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-01-28 20:22 . 2009-08-16 17:43 -------- d-----w- c:\program files\RealArcade
2010-01-22 18:21 . 2010-01-09 22:07 -------- d-----w- c:\program files\Farm Mania 2
2010-01-20 19:25 . 2009-03-01 16:34 -------- d-----w- c:\program files\Delicious Deluxe
2010-01-10 19:47 . 2006-12-14 19:24 -------- d-----w- c:\documents and settings\Pavel\Application Data\Corel
2010-01-10 19:47 . 2006-12-14 19:19 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-09 21:58 . 2008-10-07 19:04 -------- d-----w- c:\documents and settings\Pavel\Application Data\PlayFirst
2010-01-09 21:58 . 2010-01-09 21:58 -------- d-----w- c:\program files\Avenue Flo
2010-01-08 07:13 . 2010-01-08 07:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-05 10:00 . 2010-01-05 10:00 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-03 15:24 . 2006-12-14 11:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 16:50 . 2006-03-15 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 20:09 . 2009-12-26 20:09 3033200 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2009-12-26 20:09 . 2009-12-26 20:09 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2009-12-26 19:10 . 2009-12-26 19:10 -------- d-----w- c:\program files\Common Files\DirectX
2009-12-26 18:51 . 2007-09-23 14:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 18:50 . 2006-12-18 10:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-26 18:49 . 2009-12-26 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Divinity 2
2009-12-21 19:14 . 2006-03-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 14:02 . 2009-12-18 14:02 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-12-16 18:43 . 2006-12-14 11:05 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-03-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 21:17 . 2008-10-30 14:45 198341 ----a-w- c:\windows\system32\atiicdxx.dat
2009-12-04 18:22 . 2006-03-15 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-03-15 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-03-15 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-03-15 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-03-15 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2004-08-17 143360]
"PMCS"="c:\program files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-07-25 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-03-04 171448]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-20 1217872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"Pinnacle WebUpdater"="c:\program files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" [2006-08-24 385024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2004-04-29 462848]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2003-01-30 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 14:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Games\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Games\\iWinGames.exe"=
"c:\\Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.12.2006 19:43 642560]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26.12.2009 21:09 3033200]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [31.3.2009 20:34 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [21.1.2010 20:12 78104]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [27.5.2005 12:51 1121536]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [30.12.2002 10:53 12160]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [23.12.2006 15:20 18864]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [14.12.2006 19:44 223128]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [23.12.2006 15:50 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [23.12.2006 15:50 646400]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [23.12.2006 15:50 108771]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [21.11.2009 17:21 25832]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [23.12.2006 16:53 19020]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-02-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
FF - ProfilePath - c:\documents and settings\Pavel\Application Data\Mozilla\Firefox\Profiles\rk02r6yj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://mikrocony.avari.cz/new
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 22:27
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8B744B78]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8b744b78
\Driver\ACPI -> ACPI.sys @ 0xb9e97cb8
\Driver\atapi -> prosync1.sys @ 0xba5b06c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d1dbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d2aa21
SendHandler -> NDIS.sys @ 0xb9d0887b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-515967899-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fd,f3,58,be,87,46,5c,b9,d1,63,85,bd,c5,d1,4d,7b,65,49,be,0a,72,03,7c,
90,e0,b3,21,82,21,dc,6c,e2,da,d2,03,12,8a,7c,e1,70,48,da,7e,81,e1,3a,aa,06,\
"??"=hex:d2,eb,f2,dc,4d,da,43,cc,15,fc,b2,41,aa,a0,de,b4

[HKEY_USERS\S-1-5-21-776561741-515967899-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ec,23,fa,27,cd,a9,00,d2,52,b6,87,d3,31,14,4b,9b,4d,1a,0f,3d,c7,
dc,a9,c3,b8,42,ab,26,59,16,aa,c7,06,70,7f,e1,cb,13,42,17,15,08,7c,c0,d4,b3,\
"rkeysecu"=hex:2e,aa,ec,34,a3,2c,00,69,ee,d5,b1,97,e4,ae,32,31
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(5760)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\HPHipm09.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
.
**************************************************************************
.
Celkový čas: 2010-02-20 22:38:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-20 21:38
ComboFix2.txt 2010-02-20 19:21

Před spuštěním: 25 723 187 200 bytes free
Po spuštění: 25 607 938 048 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 16197C324B785C67AE3A5C234D0E9E0F

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119402
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: problemovy chod PC - prosba o kontrolu logu

#6 Příspěvek od Rudy »

Vše bylo smazáno. Ještě poprosím o kontrolu MBR: http://www2.gmer.net/mbr/mbr.exe . Dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Ivi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 20 úno 2010 14:28

Re: problemovy chod PC - prosba o kontrolu logu

#7 Příspěvek od Ivi »

Tak nevím, jestli vše proběhlo jak mělo - bylo to strašně rychlý, jen probliknutí černé obrazovky a pak než jsem si všimla, že se mi na ploše objevil mbr.log to jaksi taky chvíli trvalo, ehm. :) Má to takto vypadat..?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Jinak PC je v pohodě - běhá o dost rychleji než v poslední době, vše co nešlo už pěkně šlape (updaty Windows, spustil se antivir od ESETu..). Děkuji!!
Mohu se zeptat, co za potvory jsme vlastně v PC měli?

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119402
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: problemovy chod PC - prosba o kontrolu logu

#8 Příspěvek od Rudy »

MBR je OK. V PC byl rootkit a několik trojanů. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Ivi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 20 úno 2010 14:28

Re: problemovy chod PC - prosba o kontrolu logu

#9 Příspěvek od Ivi »

Jednoznačně mám zač - ještě jednou díky, jste anděl, opravdu. :)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119402
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: problemovy chod PC - prosba o kontrolu logu

#10 Příspěvek od Rudy »

:bye:
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět