win32:Bubnix-I[Rtk], modrá smrt

Zpráva

Svitiplyn · #1 Příspěvek od **Svitiplyn** » 15 srp 2010 09:19

Dobrý den, včera z ničeho nic Avast vyskočil a nahlásil vir, dal jsem smazat, poté hned vyskočil druhý, opět jsem dal smazat a vyskočil ještě třetí, to už jsem nezmohl nic, protože se mi počítač začal šíleně sekat, tak jsem resetoval pc. Jakmile se mi počítač spouštěl a nabíhala obrazovka, kde projíždí ten modrý váleček a startuje se windows, mi vyskočila modrá smrt. Modrá smrt mi vyskakuje vždycky když se pokouším počítač spustit normálně, po skončení nabíhání windows. Počítač mi jde spustit v nouzovém režimu, zapl jsem avasta a našel mi Rootkit Win32:Bubnix-I [Rtk]. Byl bych rád kdyby jste mi prohlídli můj log a pomohli mi vyřešit problém. Předem dík

Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin at 2010-08-15 10:11:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (9%) free of 305 GB
Total RAM: 3070 MB (89% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:11, on 15.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://secure.lavasoft.com/single/redi ... NewVersion
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 190.210.56.155 taleworlds.com
O1 - Hosts: 190.210.56.155 http://www.taleworlds.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Breakpoint Manager(system32)] C:\WINDOWS\ws2dll.exe
O4 - HKLM\..\Run: [Config] C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S274.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: updpxe32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7040 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Breakpoint Manager(system32)"=C:\WINDOWS\ws2dll.exe []
"Config"=C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe [2006-07-06 151552]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"GAINWARD"=C:\Program Files\EXPERTool\TBPanel.exe [2008-10-21 2177576]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe [2008-06-20 153856]
"EPSON Stylus DX8400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [2007-04-12 182272]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění
updpxe32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoInternetIcon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoInternetIcon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe"="C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\PlayLogic\Ancient Wars - Sparta\AWE.exe"="C:\Program Files\PlayLogic\Ancient Wars - Sparta\AWE.exe:*:Enabled:AWE"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW_LANFixed.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW_LANFixed.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Codemasters\Operation Flashpoint\FlashpointResistance.exe"="C:\Program Files\Codemasters\Operation Flashpoint\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\Program Files\Codemasters\Operace Flashpoint\FlashpointResistance.exe"="C:\Program Files\Codemasters\Operace Flashpoint\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\worms armageddon\WA.exe"="C:\Program Files\worms armageddon\WA.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\PacSteamT\SteamApps\svitiplyn\half-life\hl.exe"="C:\Program Files\PacSteamT\SteamApps\svitiplyn\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\PacSteamT\SteamApps\svitiplyn\half-life 2 deathmatch\hl2.exe"="C:\Program Files\PacSteamT\SteamApps\svitiplyn\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\PacSteamT\SteamApps\svitiplyn\garrysmod\hl2.exe"="C:\Program Files\PacSteamT\SteamApps\svitiplyn\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\PacSteamT\SteamApps\svitiplyn\team fortress 2\hl2.exe"="C:\Program Files\PacSteamT\SteamApps\svitiplyn\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\MARTIN\Games\Heroes of newerth\1 Verze\hon.exe"="C:\MARTIN\Games\Heroes of newerth\1 Verze\hon.exe:*:Enabled:Heroes of Newerth"
"C:\WINDOWS\alg.exe"="C:\WINDOWS\alg.exe:*:Enabled:alg"
"C:\MARTIN\Games\GRID\GRID.exe"="C:\MARTIN\Games\GRID\GRID.exe:*:Enabled:GRID Executable"
"C:\MARTIN\Downloads\GRID\GRID.exe"="C:\MARTIN\Downloads\GRID\GRID.exe:*:Enabled:GRID Executable"
"C:\MARTIN\Downloads\Heroes of newerth\1 Verze\hon.exe"="C:\MARTIN\Downloads\Heroes of newerth\1 Verze\hon.exe:*:Enabled:Heroes of Newerth"
"đţC:\WINDOWS\cmd.exe"="C:\WINDOWS\cmd.exe:*:Enabled:ErrorReporting"
"C:\WINDOWS\system32\winupdater.exe"="winu"
"C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\S2DNG.exe"="C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\S2DNG.exe:*:Enabled:S2DNG"
"C:\WINDOWS\ws2dll.exe"="C:\WINDOWS\ws2dll.exe:*:Enabled:ErrorReporting"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\MARTIN\Downloads\Age of Empires 2 + Conquerors [CZ] - no instal, full, no pass\aoe2\age2_x1.exe"="C:\MARTIN\Downloads\Age of Empires 2 + Conquerors [CZ] - no instal, full, no pass\aoe2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Age of Empires II\Age2_x1\Age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\Age2_x1\Age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Mount&Blade Warband\mb_warband.exe"="C:\Program Files\Mount&Blade Warband\mb_warband.exe:*:Enabled:Mount&Blade: Warband"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\League of Legends\Air\LolClient.exe"="C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Program Files\League of Legends\Game\League of Legends.exe"="C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2010-08-15 10:11:46 ----D---- C:\Program Files\trend micro
2010-08-15 10:11:45 ----D---- C:\rsit
2010-08-14 16:18:12 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-14 16:13:06 ----A---- C:\WINDOWS\system32\drivers\Changer.sys
2010-08-12 00:07:03 ----D---- C:\Program Files\Mafia2
2010-08-11 23:55:37 ----D---- C:\Program Files\Steam
2010-08-04 17:01:16 ----A---- C:\WINDOWS\WORDPAD.INI
2010-08-04 01:23:20 ----A---- C:\WINDOWS\game.ini
2010-08-03 23:27:09 ----D---- C:\Documents and Settings\Martin\Data aplikací\My Battle for Middle-earth(tm) II Files
2010-08-03 23:04:08 ----D---- C:\Program Files\Electronic Arts
2010-08-03 12:02:02 ----D---- C:\Program Files\Common Files\Akamai
2010-07-31 11:59:46 ----D---- C:\Program Files\Hamachi
2010-07-31 10:41:02 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2010-07-31 10:40:57 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2010-07-20 14:11:43 ----D---- C:\Documents and Settings\Martin\Data aplikací\LolClient
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-07-20 02:35:06 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-07-20 02:35:05 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-07-20 02:18:53 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-20 02:16:03 ----D---- C:\Program Files\League of Legends
2010-07-20 02:04:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2010-07-20 02:03:52 ----D---- C:\Program Files\Pando Networks

======List of files/folders modified in the last 1 months======

2010-08-15 10:11:46 ----RD---- C:\Program Files
2010-08-15 10:09:33 ----D---- C:\WINDOWS\Temp
2010-08-14 16:43:08 ----D---- C:\MARTIN
2010-08-14 16:26:52 ----D---- C:\WINDOWS\system32
2010-08-14 16:25:19 ----SHD---- C:\WINDOWS\CSC
2010-08-14 16:18:12 ----D---- C:\WINDOWS
2010-08-14 16:13:06 ----D---- C:\WINDOWS\system32\drivers
2010-08-14 16:13:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-14 16:12:30 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-08-14 12:20:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-14 11:45:07 ----D---- C:\Program Files\Warcraft III
2010-08-14 11:18:10 ----D---- C:\WINDOWS\Prefetch
2010-08-14 10:32:24 ----SHD---- C:\WINDOWS\Installer
2010-08-13 23:21:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-13 21:31:21 ----D---- C:\Documents and Settings\Martin\Data aplikací\Hamachi
2010-08-12 16:52:57 ----D---- C:\Documents and Settings\Martin\Data aplikací\vlc
2010-08-12 10:57:49 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-12 10:57:33 ----D---- C:\WINDOWS\system32\DirectX
2010-08-12 10:57:32 ----HD---- C:\WINDOWS\inf
2010-08-12 10:57:05 ----RSD---- C:\WINDOWS\assembly
2010-08-12 00:12:48 ----D---- C:\Program Files\Common Files
2010-08-11 13:49:57 ----D---- C:\Program Files\Garena
2010-08-05 14:33:51 ----D---- C:\Program Files\Heroes of Newerth
2010-08-04 22:09:19 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-08-04 21:04:37 ----D---- C:\Program Files\Activision
2010-08-04 01:32:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 00:14:32 ----D---- C:\WINDOWS\Help
2010-08-04 00:12:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-03 12:03:48 ----D---- C:\WINDOWS\WinSxS
2010-07-31 19:08:25 ----D---- C:\Program Files\DIFX
2010-07-31 10:41:28 ----D---- C:\WINDOWS\RegisteredPackages
2010-07-31 10:33:49 ----A---- C:\WINDOWS\avisplitter.INI
2010-07-31 02:22:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-30 22:36:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-30 17:22:28 ----D---- C:\Program Files\Mozilla Firefox
2010-07-20 02:35:00 ----HD---- C:\WINDOWS\msdownld.tmp
2010-07-20 02:22:09 ----D---- C:\Documents and Settings\Martin\Data aplikací\Adobe
2010-07-20 02:22:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2006-08-11 59776]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-19 691696]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-07-31 17480]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
S1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
S1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
S3 a6m3pxgk;a6m3pxgk; C:\WINDOWS\system32\drivers\a6m3pxgk.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\KIWBD.tmp []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-10 10604128]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-19 47360]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-08-04 75064]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-08-14 214520]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-19 355584]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Svitiplyn · #2 Příspěvek od **Svitiplyn** » 15 srp 2010 11:55

Vyčistil jsem pc CClenerem a udělal nový log, snad to usnadní práci.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin at 2010-08-15 12:53:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (10%) free of 305 GB
Total RAM: 3070 MB (89% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:10, on 15.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://secure.lavasoft.com/single/redi ... NewVersion
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 190.210.56.155 taleworlds.com
O1 - Hosts: 190.210.56.155 http://www.taleworlds.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Breakpoint Manager(system32)] C:\WINDOWS\ws2dll.exe
O4 - HKLM\..\Run: [Config] C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S274.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: updpxe32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7024 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Breakpoint Manager(system32)"=C:\WINDOWS\ws2dll.exe []
"Config"=C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe [2006-07-06 151552]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"GAINWARD"=C:\Program Files\EXPERTool\TBPanel.exe [2008-10-21 2177576]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe [2008-06-20 153856]
"EPSON Stylus DX8400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [2007-04-12 182272]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění
updpxe32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoInternetIcon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoInternetIcon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe"="C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\PlayLogic\Ancient Wars - Sparta\AWE.exe"="C:\Program Files\PlayLogic\Ancient Wars - Sparta\AWE.exe:*:Enabled:AWE"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW_LANFixed.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW_LANFixed.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Codemasters\Operation Flashpoint\FlashpointResistance.exe"="C:\Program Files\Codemasters\Operation Flashpoint\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\Program Files\Codemasters\Operace Flashpoint\FlashpointResistance.exe"="C:\Program Files\Codemasters\Operace Flashpoint\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\worms armageddon\WA.exe"="C:\Program Files\worms armageddon\WA.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\PacSteamT\SteamApps\svitiplyn\half-life\hl.exe"="C:\Program Files\PacSteamT\SteamApps\svitiplyn\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\PacSteamT\SteamApps\svitiplyn\half-life 2 deathmatch\hl2.exe"="C:\Program Files\PacSteamT\SteamApps\svitiplyn\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\PacSteamT\SteamApps\svitiplyn\garrysmod\hl2.exe"="C:\Program Files\PacSteamT\SteamApps\svitiplyn\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\PacSteamT\SteamApps\svitiplyn\team fortress 2\hl2.exe"="C:\Program Files\PacSteamT\SteamApps\svitiplyn\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\MARTIN\Games\Heroes of newerth\1 Verze\hon.exe"="C:\MARTIN\Games\Heroes of newerth\1 Verze\hon.exe:*:Enabled:Heroes of Newerth"
"C:\WINDOWS\alg.exe"="C:\WINDOWS\alg.exe:*:Enabled:alg"
"C:\MARTIN\Games\GRID\GRID.exe"="C:\MARTIN\Games\GRID\GRID.exe:*:Enabled:GRID Executable"
"C:\MARTIN\Downloads\GRID\GRID.exe"="C:\MARTIN\Downloads\GRID\GRID.exe:*:Enabled:GRID Executable"
"C:\MARTIN\Downloads\Heroes of newerth\1 Verze\hon.exe"="C:\MARTIN\Downloads\Heroes of newerth\1 Verze\hon.exe:*:Enabled:Heroes of Newerth"
"đţC:\WINDOWS\cmd.exe"="C:\WINDOWS\cmd.exe:*:Enabled:ErrorReporting"
"C:\WINDOWS\system32\winupdater.exe"="winu"
"C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\S2DNG.exe"="C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\S2DNG.exe:*:Enabled:S2DNG"
"C:\WINDOWS\ws2dll.exe"="C:\WINDOWS\ws2dll.exe:*:Enabled:ErrorReporting"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\MARTIN\Downloads\Age of Empires 2 + Conquerors [CZ] - no instal, full, no pass\aoe2\age2_x1.exe"="C:\MARTIN\Downloads\Age of Empires 2 + Conquerors [CZ] - no instal, full, no pass\aoe2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Age of Empires II\Age2_x1\Age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\Age2_x1\Age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Mount&Blade Warband\mb_warband.exe"="C:\Program Files\Mount&Blade Warband\mb_warband.exe:*:Enabled:Mount&Blade: Warband"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\League of Legends\Air\LolClient.exe"="C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Program Files\League of Legends\Game\League of Legends.exe"="C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2010-08-15 12:50:52 ----D---- C:\Program Files\CCleaner
2010-08-15 10:11:46 ----D---- C:\Program Files\trend micro
2010-08-15 10:11:45 ----D---- C:\rsit
2010-08-14 16:13:06 ----A---- C:\WINDOWS\system32\drivers\Changer.sys
2010-08-12 00:07:03 ----D---- C:\Program Files\Mafia2
2010-08-11 23:55:37 ----D---- C:\Program Files\Steam
2010-08-04 17:01:16 ----A---- C:\WINDOWS\WORDPAD.INI
2010-08-04 01:23:20 ----A---- C:\WINDOWS\game.ini
2010-08-03 23:27:09 ----D---- C:\Documents and Settings\Martin\Data aplikací\My Battle for Middle-earth(tm) II Files
2010-08-03 23:04:08 ----D---- C:\Program Files\Electronic Arts
2010-08-03 12:02:02 ----D---- C:\Program Files\Common Files\Akamai
2010-07-31 11:59:46 ----D---- C:\Program Files\Hamachi
2010-07-31 10:41:02 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2010-07-31 10:40:57 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2010-07-20 14:11:43 ----D---- C:\Documents and Settings\Martin\Data aplikací\LolClient
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-07-20 02:35:06 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-07-20 02:35:05 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-07-20 02:18:53 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-20 02:16:03 ----D---- C:\Program Files\League of Legends
2010-07-20 02:04:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2010-07-20 02:03:52 ----D---- C:\Program Files\Pando Networks

======List of files/folders modified in the last 1 months======

2010-08-15 12:51:48 ----D---- C:\WINDOWS\Debug
2010-08-15 12:51:48 ----D---- C:\WINDOWS
2010-08-15 12:51:47 ----D---- C:\WINDOWS\Temp
2010-08-15 12:50:52 ----RD---- C:\Program Files
2010-08-15 12:50:29 ----D---- C:\MARTIN
2010-08-15 12:29:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-15 11:39:19 ----D---- C:\WINDOWS\system32
2010-08-14 16:25:19 ----SHD---- C:\WINDOWS\CSC
2010-08-14 16:13:06 ----D---- C:\WINDOWS\system32\drivers
2010-08-14 16:13:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-14 16:12:30 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-08-14 11:45:07 ----D---- C:\Program Files\Warcraft III
2010-08-14 11:18:10 ----D---- C:\WINDOWS\Prefetch
2010-08-14 10:32:24 ----SHD---- C:\WINDOWS\Installer
2010-08-13 21:31:21 ----D---- C:\Documents and Settings\Martin\Data aplikací\Hamachi
2010-08-12 16:52:57 ----D---- C:\Documents and Settings\Martin\Data aplikací\vlc
2010-08-12 10:57:49 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-12 10:57:33 ----D---- C:\WINDOWS\system32\DirectX
2010-08-12 10:57:32 ----HD---- C:\WINDOWS\inf
2010-08-12 10:57:05 ----RSD---- C:\WINDOWS\assembly
2010-08-12 00:12:48 ----D---- C:\Program Files\Common Files
2010-08-11 13:49:57 ----D---- C:\Program Files\Garena
2010-08-05 14:33:51 ----D---- C:\Program Files\Heroes of Newerth
2010-08-04 22:09:19 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-08-04 21:04:37 ----D---- C:\Program Files\Activision
2010-08-04 01:32:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 00:14:32 ----D---- C:\WINDOWS\Help
2010-08-04 00:12:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-03 12:03:48 ----D---- C:\WINDOWS\WinSxS
2010-07-31 19:08:25 ----D---- C:\Program Files\DIFX
2010-07-31 10:41:28 ----D---- C:\WINDOWS\RegisteredPackages
2010-07-31 10:33:49 ----A---- C:\WINDOWS\avisplitter.INI
2010-07-31 02:22:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-30 22:36:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-30 17:22:28 ----D---- C:\Program Files\Mozilla Firefox
2010-07-20 02:35:00 ----HD---- C:\WINDOWS\msdownld.tmp
2010-07-20 02:22:09 ----D---- C:\Documents and Settings\Martin\Data aplikací\Adobe
2010-07-20 02:22:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2006-08-11 59776]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-19 691696]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-07-31 17480]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
S1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
S1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
S3 a6m3pxgk;a6m3pxgk; C:\WINDOWS\system32\drivers\a6m3pxgk.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\KIWBD.tmp []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-10 10604128]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-19 47360]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-08-04 75064]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-08-14 214520]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-19 355584]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 15 srp 2010 16:08

Zdravim a pekny podvecer preji

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

Svitiplyn · #4 Příspěvek od **Svitiplyn** » 15 srp 2010 17:36

ComboFix 10-08-14.06 - Martin 15.08.2010 16:39:35.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2649 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100808-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\cmd.exe
c:\windows\system32\xudps.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-15 do 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 10:50 . 2010-08-15 10:50 -------- d-----w- c:\program files\CCleaner
2010-08-15 08:11 . 2010-08-15 10:53 -------- d-----w- c:\program files\trend micro
2010-08-15 08:11 . 2010-08-15 08:12 -------- d-----w- C:\rsit
2010-08-14 14:26 . 2010-08-15 09:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-14 14:13 . 2010-08-15 14:41 755200 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-08-11 22:07 . 2010-08-11 22:08 -------- d-----w- c:\program files\Mafia2
2010-08-11 21:55 . 2010-08-14 10:20 -------- d-----w- c:\program files\Steam
2010-08-03 22:13 . 2010-08-11 22:20 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-03 22:13 . 2010-08-11 22:20 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-03 22:13 . 2010-08-11 22:15 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-03 21:04 . 2010-08-03 21:04 -------- d-----w- c:\program files\Electronic Arts
2010-08-03 10:02 . 2010-08-14 13:28 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-31 09:59 . 2010-07-31 09:59 -------- d-----w- c:\program files\Hamachi
2010-07-31 08:41 . 2002-12-11 22:14 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-31 08:41 . 2002-12-11 22:14 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2010-07-31 08:40 . 2005-12-05 16:07 63696 ----a-w- c:\windows\system32\dxdllreg.exe
2010-07-31 08:40 . 2002-08-29 01:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll
2010-07-20 00:35 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-20 00:35 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-20 00:35 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-20 00:35 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-20 00:35 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-20 00:35 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-20 00:35 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-20 00:35 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-20 00:18 . 2010-07-20 00:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 00:16 . 2010-08-06 20:06 -------- d-----w- c:\program files\League of Legends
2010-07-20 00:04 . 2010-07-20 00:04 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-07-20 00:03 . 2010-07-20 00:03 -------- d-----w- c:\program files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 14:41 . 2010-08-14 14:13 755200 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-08-15 10:58 . 2009-12-18 20:10 98304 ----a-w- c:\windows\DUMP54c7.tmp
2010-08-14 14:13 . 2009-12-19 09:36 0 ----a-w- c:\windows\system32\drivers\tbpanel.sys
2010-08-14 14:12 . 2009-12-20 09:44 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-14 14:12 . 2009-12-20 09:44 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-14 09:45 . 2009-12-19 12:35 -------- d-----w- c:\program files\Warcraft III
2010-08-12 08:57 . 2009-12-19 16:50 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-11 11:49 . 2010-03-25 20:01 -------- d-----w- c:\program files\Garena
2010-08-05 12:33 . 2010-07-04 19:36 -------- d-----w- c:\program files\Heroes of Newerth
2010-08-04 20:09 . 2009-12-20 09:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-04 19:04 . 2009-12-20 08:49 -------- d-----w- c:\program files\Activision
2010-08-03 23:32 . 2009-12-19 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-31 17:08 . 2009-12-19 09:48 -------- d-----w- c:\program files\DIFX
2010-07-31 09:59 . 2009-12-19 10:08 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-31 00:22 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-07-31 00:22 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-07-11 16:57 . 2010-04-14 10:43 -------- d-----w- c:\program files\DivX
2010-07-11 16:55 . 2010-07-11 16:55 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-10 08:22 . 2009-12-19 09:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-10 08:22 . 2010-07-10 08:06 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-07 11:46 . 2009-12-19 09:37 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-06 12:50 . 2010-02-15 22:32 -------- d-----w- c:\program files\WoW
2010-06-29 07:12 . 2009-12-19 10:05 -------- d-----w- c:\program files\FlashGet
2010-06-27 09:56 . 2010-06-14 13:29 -------- d-----w- c:\program files\WoW Classic
2010-06-27 09:06 . 2010-06-27 09:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-27 07:40 . 2009-12-19 14:44 -------- d-----w- c:\program files\Rockstar Games
2010-06-24 20:03 . 2010-06-14 17:04 -------- d-----w- c:\program files\Cheat Engine
2010-06-09 23:01 . 2010-07-11 16:57 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-11 16:57 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2010-05-30 17:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-05-30 17:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-05-30 17:20 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-05-30 17:20 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 16:20 . 2010-07-14 20:49 2444656 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-05-29 16:16 . 2009-12-19 09:52 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-05-29 16:16 . 2009-12-19 09:52 2398 ----a-w- c:\windows\mozver.dat
2010-04-25 08:25 . 2010-04-25 08:25 16896 --sh--w- c:\windows\aceimh.exe
2010-05-06 18:37 . 2010-05-06 18:37 32768 --sh--w- c:\windows\dkggzr.exe
2010-05-06 13:03 . 2010-05-06 13:03 32768 --sh--w- c:\windows\fnvbvy.exe
2010-05-07 18:57 . 2010-05-07 18:57 32768 --sh--w- c:\windows\jolbsa.exe
2010-05-06 13:42 . 2010-05-06 13:42 32768 --sh--w- c:\windows\ooncdk.exe
2010-05-06 18:36 . 2010-05-06 18:36 32768 --sh--w- c:\windows\rnvzsv.exe
2010-05-05 18:54 . 2010-05-05 18:54 32768 --sh--w- c:\windows\sotpza.exe
2010-05-05 18:30 . 2010-05-05 18:30 32768 --sh--w- c:\windows\uodgsz.exe
2010-05-14 06:13 . 2010-05-14 06:13 15360 --sh--w- c:\windows\ws2dll.exe
2010-04-23 08:45 . 2010-04-23 08:45 16896 --sh--w- c:\windows\xljujw.exe
2010-05-10 19:49 . 2010-05-10 19:49 32768 --sh--w- c:\windows\zbuwct.exe
2006-05-03 10:06 . 2010-01-28 20:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-05-14 15:53 . 2010-05-14 15:53 169 --sha-w- c:\windows\system32\install_mgr_wup.exe
2007-02-21 11:47 . 2010-01-28 20:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-28 20:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-05-14 14:15 . 2010-05-14 14:15 32768 --sha-w- c:\windows\system32\skabwz.exe
2010-05-14 16:10 . 2010-05-14 16:10 13824 --sha-w- c:\windows\system32\updater64.exeexe.exe
2010-05-14 16:10 . 2010-05-14 16:10 13824 --sh--w- c:\windows\system32\drivers\csrss64.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-10-21 2177576]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Config"="c:\program files\Microsoft Games\Age Of Empires ii\Config.exe" [2006-07-06 151552]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Codemasters\\Operace Flashpoint\\FlashpointResistance.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\MARTIN\\Downloads\\GRID\\GRID.exe"=
"c:\\MARTIN\\Downloads\\Heroes of newerth\\1 Verze\\hon.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\Age2_x1\\Age2_x1.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\League of Legends\\Air\\LolClient.exe"=
"c:\\Program Files\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"WinUpdate.exe"= 6667:TCP
"57034:TCP"= 57034:TCP:Pando Media Booster
"57034:UDP"= 57034:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2009 12:10 691696]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.12.2009 11:58 114768]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [19.12.2009 11:44 13696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.12.2009 11:58 20560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Martin\LOCALS~1\Temp\KIWBD.tmp --> c:\docume~1\Martin\LOCALS~1\Temp\KIWBD.tmp [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - Changer

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-08-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = https://secure.lavasoft.com/single/redi ... NewVersion
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\m57e1lv5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Breakpoint Manager(system32) - c:\windows\ws2dll.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 16:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Martin\LOCALS~1\Temp\KIWBD.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1275210071-630328440-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,b4,8a,3d,0c,98,84,af,9b,40,da,5a,78,68,f9,23,5a,ab,ba,d6,d3,f4,ec,
dd,7c,02,a7,53,67,23,62,e9,85,5b,f6,fe,a3,8e,e4,52,dd,c0,90,72,c1,a3,f1,ce,\
"??"=hex:fa,c6,ee,c3,8a,d0,e0,f9,03,57,b2,91,51,6b,bf,c9
.
Celkový čas: 2010-08-15 16:42:36
ComboFix-quarantined-files.txt 2010-08-15 14:42

Před spuštěním: Volných bajtů: 31 288 254 464
Po spuštění: Volných bajtů: 31 253 426 176

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6F324720355BE3DCA21F970593B32DB3

#5 Příspěvek od **vyosek** » 15 srp 2010 18:01

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\drivers\Changer.sys
c:\windows\aceimh.exe
c:\windows\dkggzr.exe
c:\windows\fnvbvy.exe
c:\windows\jolbsa.exe
c:\windows\ooncdk.exe
c:\windows\rnvzsv.exe
c:\windows\sotpza.exe
c:\windows\uodgsz.exe
c:\windows\ws2dll.exe
c:\windows\xljujw.exe
c:\windows\zbuwct.exe
c:\windows\system32\pbsvc_apb.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
Kliknete na Otestovat soubor
Vysledek analyzy sem vlozte (jako odkaz)

Svitiplyn · #6 Příspěvek od **Svitiplyn** » 15 srp 2010 18:23

Ten první soubor Chynger.sys mi nejak neslo oskenovat. Exe soubory (od aceimh.exe po zbuwct.ece) ve složce c/:windows nemám. Šel mi oskenovat pouze ten poslední c:\windows\system32\pbsvc_apb.exe a přesně nevím co zde mám vložit, tak se pokusím sem dát co my to vyplivlo.

MD5: c41d4df5ccaad4fe084c808f3d3f302c
Date first seen: 2010-06-26 07:14:33 (UTC)
Date last seen: 2010-06-26 07:14:33 (UTC)
Detection ratio: 0/40

File name:
4A5A666770E4293D4DC42525824C9800839B7C36.exe
Submission date:
2010-06-26 07:14:33 (UTC)
Current status:
finished
Result:
0 /40 (0.0%)

Antivirus Version Last Update Result
a-squared 5.0.0.30 2010.06.26 -
AhnLab-V3 2010.06.26.00 2010.06.26 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.25 -
Avast 4.8.1351.0 2010.06.25 -
Avast5 5.0.332.0 2010.06.25 -
AVG 9.0.0.836 2010.06.25 -
BitDefender 7.2 2010.06.26 -
CAT-QuickHeal 10.00 2010.06.26 -
ClamAV 0.96.0.3-git 2010.06.26 -
Comodo 5220 2010.06.26 -
DrWeb 5.0.2.03300 2010.06.26 -
eSafe 7.0.17.0 2010.06.24 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.25 -
F-Secure 9.0.15370.0 2010.06.25 -
Fortinet 4.1.133.0 2010.06.25 -
GData 21 2010.06.26 -
Ikarus T3.1.1.84.0 2010.06.26 -
Jiangmin 13.0.900 2010.06.25 -
Kaspersky 7.0.0.125 2010.06.26 -
McAfee 5.400.0.1158 2010.06.26 -
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.25 -
NOD32 5230 2010.06.26 -
Norman 6.05.10 2010.06.25 -
nProtect 2010-06-25.01 2010.06.25 -
Panda 10.0.2.7 2010.06.25 -
PCTools 7.0.3.5 2010.06.26 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.26 -
Sunbelt 6509 2010.06.26 -
Symantec 20101.1.0.89 2010.06.26 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.26 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3906 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.25 -
Additional information
Show all
MD5 : c41d4df5ccaad4fe084c808f3d3f302c
SHA1 : 2510ffddaf7d146e6e6af64b23a29e332dd2f1b0
SHA256: feafad19b3aa5759cda0c2ade59e7cfcea587ba8c88d9aef27284f8ab0c00a4f

#7 Příspěvek od **vyosek** » 15 srp 2010 18:26

Psalo to nejakou chybu proc ten prvni c:\windows\system32\drivers\Changer.sys nesel otestovat

Pripadne jej zkuste otestovat zde http://virusscan.jotti.org/cs

Svitiplyn · #8 Příspěvek od **Svitiplyn** » 15 srp 2010 18:30

Nenapsalo to nic, pouze znova nacetla stejná stránka znova a když jsem to zkoušel na té druhé stránce píše to soubor je prázdný ( bajtů).

#9 Příspěvek od **vyosek** » 15 srp 2010 18:36

Fajn, to mi jako odpoved staci

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

File::
c:\windows\DUMP54c7.tmp
c:\windows\ws2dll.exe

Collect::
C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\updpxe32.exe

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Breakpoint Manager(system32)"=-

Folder::
c:\program files\Common Files\Akamai

Driver::
Akamai
GarenaPEngine

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Svitiplyn · #10 Příspěvek od **Svitiplyn** » 15 srp 2010 19:02

Absolutně netuším co se stalo. Přišel jsem po koupeli a vidím konečně úvodní obrazovku normálního windowsu. Blikalo mi tu v pozadí dělší dobu, že mám čekat než kombofix dokončí svou práci, ale zdálo se mi nějaké zaseklé, protože uběhlo déle jak 20 minut, tak jsem dal křížek. V :c nemám log. Mám ještě něco udělat ? Celkem se bojím restartovat počítač, protože nevím co proběhlo, když jsem tu nebyl ? Myslíte že to je ok ? Mám udělat nějak další log ?

#11 Příspěvek od **vyosek** » 15 srp 2010 19:10

Nalogujte se do nouzoveho rezimu: restart PC - mackat F8 - zvolit Stav nouze s praci v siti...
Stahnete na plochu Combofix ale nespoustejte
Pak pouzijte postup se skriptem - vytvorit skript - pretahnout nad CF...

Svitiplyn · #12 Příspěvek od **Svitiplyn** » 15 srp 2010 19:18

Restartoval jsem pc a zase naskočila modrá smrt, takže to není v pohodě ještě. Jdu teda znova na ten combofix s tím scriptem, ale když to pak udělám, hlásí mi to, že tu mám zaplý avast ochraný štít a není v liště, takže nelze vypnout a v procesech nevím jaký má název, ale nic podobnýho s názvem avast tam není. Jdu teda znova na ten combofix, i když mi to upozornění s avastem. Snad se ten log teď podaří!

#13 Příspěvek od **vyosek** » 15 srp 2010 19:19

No skript asi neprobehl proto ta BSOD

Pripadne pokud se budou objevovat dale, tak necham kolegu prozkoumat cim to je zpusobeno...

Svitiplyn · #14 Příspěvek od **Svitiplyn** » 15 srp 2010 19:38

Poprvé mi to vyhodilo nějakou chybu o prázdné tabulce a restartl se pc. Po druhé už mi to konečně vyplivlo ten log, ani pc se mi nerestartoval, jenom se to hned ukázalo.

ComboFix 10-08-14.06 - Martin 15.08.2010 20:33:22.4.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2703 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100808-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\DUMP54c7.tmp"
"c:\windows\ws2dll.exe"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-15 do 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 17:57 . 2010-08-15 18:11 -------- d-----w- c:\windows\LastGood.Tmp
2010-08-15 10:50 . 2010-08-15 10:50 -------- d-----w- c:\program files\CCleaner
2010-08-15 08:11 . 2010-08-15 10:53 -------- d-----w- c:\program files\trend micro
2010-08-15 08:11 . 2010-08-15 08:12 -------- d-----w- C:\rsit
2010-08-14 14:26 . 2010-08-15 17:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-14 14:13 . 2010-08-15 18:35 755200 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-08-11 22:07 . 2010-08-11 22:08 -------- d-----w- c:\program files\Mafia2
2010-08-11 21:55 . 2010-08-14 10:20 -------- d-----w- c:\program files\Steam
2010-08-03 22:13 . 2010-08-11 22:20 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-03 22:13 . 2010-08-11 22:20 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-03 22:13 . 2010-08-11 22:15 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-03 21:04 . 2010-08-03 21:04 -------- d-----w- c:\program files\Electronic Arts
2010-07-31 09:59 . 2010-07-31 09:59 -------- d-----w- c:\program files\Hamachi
2010-07-31 08:41 . 2002-12-11 22:14 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-31 08:41 . 2002-12-11 22:14 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2010-07-31 08:40 . 2005-12-05 16:07 63696 ----a-w- c:\windows\system32\dxdllreg.exe
2010-07-31 08:40 . 2002-08-29 01:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll
2010-07-20 00:35 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-07-20 00:35 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-07-20 00:35 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-07-20 00:35 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-07-20 00:35 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-07-20 00:35 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-07-20 00:35 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-07-20 00:35 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-07-20 00:18 . 2010-07-20 00:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 00:16 . 2010-08-06 20:06 -------- d-----w- c:\program files\League of Legends
2010-07-20 00:04 . 2010-07-20 00:04 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-07-20 00:03 . 2010-07-20 00:03 -------- d-----w- c:\program files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 18:35 . 2010-08-14 14:13 755200 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-08-15 17:48 . 2009-12-18 20:10 98304 ----a-w- c:\windows\DUMP4e4e.tmp
2010-08-14 14:13 . 2009-12-19 09:36 0 ----a-w- c:\windows\system32\drivers\tbpanel.sys
2010-08-14 14:12 . 2009-12-20 09:44 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-14 14:12 . 2009-12-20 09:44 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-14 09:45 . 2009-12-19 12:35 -------- d-----w- c:\program files\Warcraft III
2010-08-12 08:57 . 2009-12-19 16:50 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-11 11:49 . 2010-03-25 20:01 -------- d-----w- c:\program files\Garena
2010-08-05 12:33 . 2010-07-04 19:36 -------- d-----w- c:\program files\Heroes of Newerth
2010-08-04 20:09 . 2009-12-20 09:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-04 19:04 . 2009-12-20 08:49 -------- d-----w- c:\program files\Activision
2010-08-03 23:32 . 2009-12-19 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-31 17:08 . 2009-12-19 09:48 -------- d-----w- c:\program files\DIFX
2010-07-31 09:59 . 2009-12-19 10:08 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-31 00:22 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-07-31 00:22 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-07-11 16:57 . 2010-04-14 10:43 -------- d-----w- c:\program files\DivX
2010-07-11 16:55 . 2010-07-11 16:55 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-10 08:22 . 2009-12-19 09:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-10 08:22 . 2010-07-10 08:06 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-07 11:46 . 2009-12-19 09:37 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-06 12:50 . 2010-02-15 22:32 -------- d-----w- c:\program files\WoW
2010-06-29 07:12 . 2009-12-19 10:05 -------- d-----w- c:\program files\FlashGet
2010-06-27 09:56 . 2010-06-14 13:29 -------- d-----w- c:\program files\WoW Classic
2010-06-27 09:06 . 2010-06-27 09:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-27 07:40 . 2009-12-19 14:44 -------- d-----w- c:\program files\Rockstar Games
2010-06-24 20:03 . 2010-06-14 17:04 -------- d-----w- c:\program files\Cheat Engine
2010-06-09 23:01 . 2010-07-11 16:57 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-11 16:57 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2010-05-30 17:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-05-30 17:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-05-30 17:20 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-05-30 17:20 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 16:20 . 2010-07-14 20:49 2444656 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-05-29 16:16 . 2009-12-19 09:52 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-05-29 16:16 . 2009-12-19 09:52 2398 ----a-w- c:\windows\mozver.dat
2010-04-25 08:25 . 2010-04-25 08:25 16896 --sh--w- c:\windows\aceimh.exe
2010-05-06 18:37 . 2010-05-06 18:37 32768 --sh--w- c:\windows\dkggzr.exe
2010-05-06 13:03 . 2010-05-06 13:03 32768 --sh--w- c:\windows\fnvbvy.exe
2010-05-07 18:57 . 2010-05-07 18:57 32768 --sh--w- c:\windows\jolbsa.exe
2010-05-06 13:42 . 2010-05-06 13:42 32768 --sh--w- c:\windows\ooncdk.exe
2010-05-06 18:36 . 2010-05-06 18:36 32768 --sh--w- c:\windows\rnvzsv.exe
2010-05-05 18:54 . 2010-05-05 18:54 32768 --sh--w- c:\windows\sotpza.exe
2010-05-05 18:30 . 2010-05-05 18:30 32768 --sh--w- c:\windows\uodgsz.exe
2010-04-23 08:45 . 2010-04-23 08:45 16896 --sh--w- c:\windows\xljujw.exe
2010-05-10 19:49 . 2010-05-10 19:49 32768 --sh--w- c:\windows\zbuwct.exe
2006-05-03 10:06 . 2010-01-28 20:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-05-14 15:53 . 2010-05-14 15:53 169 --sha-w- c:\windows\system32\install_mgr_wup.exe
2007-02-21 11:47 . 2010-01-28 20:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-28 20:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-05-14 14:15 . 2010-05-14 14:15 32768 --sha-w- c:\windows\system32\skabwz.exe
2010-05-14 16:10 . 2010-05-14 16:10 13824 --sha-w- c:\windows\system32\updater64.exeexe.exe
2010-05-14 16:10 . 2010-05-14 16:10 13824 --sh--w- c:\windows\system32\drivers\csrss64.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-15_14.41.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-15 17:58 . 2010-08-15 17:58 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-08-14 08:32 . 2010-08-14 08:32 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2010-08-14 14:13 . 2010-08-15 18:35 755200 c:\windows\system32\drivers\Changer.sys
- 2010-08-14 14:13 . 2010-08-15 14:41 755200 c:\windows\system32\drivers\Changer.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-10-21 2177576]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Config"="c:\program files\Microsoft Games\Age Of Empires ii\Config.exe" [2006-07-06 151552]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Codemasters\\Operace Flashpoint\\FlashpointResistance.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\MARTIN\\Downloads\\GRID\\GRID.exe"=
"c:\\MARTIN\\Downloads\\Heroes of newerth\\1 Verze\\hon.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\Age2_x1\\Age2_x1.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\League of Legends\\Air\\LolClient.exe"=
"c:\\Program Files\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"WinUpdate.exe"= 6667:TCP
"57034:TCP"= 57034:TCP:Pando Media Booster
"57034:UDP"= 57034:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.12.2009 11:58 114768]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [19.12.2009 11:44 13696]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.12.2009 11:58 20560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2009 12:10 691696]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - Changer

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-08-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = https://secure.lavasoft.com/single/redi ... NewVersion
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\m57e1lv5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 20:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Changer]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1275210071-630328440-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,b4,8a,3d,0c,98,84,af,9b,40,da,5a,78,68,f9,23,5a,ab,ba,d6,d3,f4,ec,
dd,7c,02,a7,53,67,23,62,e9,85,5b,f6,fe,a3,8e,e4,52,dd,c0,90,72,c1,a3,f1,ce,\
"??"=hex:fa,c6,ee,c3,8a,d0,e0,f9,03,57,b2,91,51,6b,bf,c9
.
Celkový čas: 2010-08-15 20:35:56
ComboFix-quarantined-files.txt 2010-08-15 18:35
ComboFix2.txt 2010-08-15 18:30
ComboFix3.txt 2010-08-15 14:42

Před spuštěním: Volných bajtů: 31 128 813 568
Po spuštění: Volných bajtů: 31 114 227 712

- - End Of File - - 117CF4D452C1F37EB16CB0EDF138BFD1

#15 Příspěvek od **vyosek** » 15 srp 2010 19:44

Odinstalujte vsechny emulatory virtualnich jednotek (Deamon Tools, Alcohol 120%, PowerISO apod)

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis

VIRY.CZ

win32:Bubnix-I[Rtk], modrá smrt

win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt

Re: win32:Bubnix-I[Rtk], modrá smrt