VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-06-06 20:22:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (13%) free of 153 GB
Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:22:47, on 6.6.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GamersFirst\LIVE!\Live.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://googleads.g.doubleclick.net/aclk ... 7&jca=9894
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Badoo Desktop] "C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe"
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: www.bloodclans.com
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.53.2.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5740 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Badoo Desktop"=C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe [2011-05-06 1013760]
"NetLimiter"=C:\Program Files\NetLimiter 3\NLClientApp.exe [2011-03-21 1839104]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMHelp"=1
"NoStartMenuMFUprogramsList"=1
"NoStartMenuPinnedList"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\HRY\Steam\Steam.exe"="C:\HRY\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\HRY\torentor\uTorrent.exe"="C:\HRY\torentor\uTorrent.exe:*:Enabled:µTorrent"
"C:\HRY\Riot Games\League of Legends\air\LolClient.exe"="C:\HRY\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\HRY\Riot Games\League of Legends\game\League of Legends.exe"="C:\HRY\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\KabodOnline\Kabod.exe"="C:\Program Files\KabodOnline\Kabod.exe:*:Enabled:Game"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\eFusion\BlackShot\system\blackshot.exe"="C:\Program Files\eFusion\BlackShot\system\blackshot.exe:*:Enabled:BlackShot"
"C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe:*:Enabled:PT2Downloader"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm"="C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2"
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe"="C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\GamesCampus\Heroes In the Sky\HIS.exe"="C:\GamesCampus\Heroes In the Sky\HIS.exe:*:Enabled:his"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\HRY\Riot Games\League of Legends\lol.launcher.exe"="C:\HRY\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher"
"C:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe"="C:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe"
"C:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe"="C:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe"
"C:\Program Files\APB\APB Reloaded\Binaries\APB.exe"="C:\Program Files\APB\APB Reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe"
"C:\Program Files\APB\APB Reloaded\Binaries\VivoxVoiceService.exe"="C:\Program Files\APB\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe"
"C:\HRY\Steam\steamapps\jarous1337\counter-strike\hl.exe"="C:\HRY\Steam\steamapps\jarous1337\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\SG Interactive\Project Blackout\PBlackout.exe"="C:\SG Interactive\Project Blackout\PBlackout.exe:*:Enabled:PBlackout"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2011-06-06 20:22:34 ----D---- C:\Program Files\trend micro
2011-06-06 20:22:33 ----D---- C:\rsit
2011-06-05 18:13:07 ----D---- C:\SG Interactive
2011-06-05 08:37:50 ----D---- C:\gPotato
2011-06-04 03:23:41 ----D---- C:\AeriaGames
2011-06-04 02:33:28 ----D---- C:\Program Files\Common Files\Akamai
2011-06-02 15:18:39 ----D---- C:\Program Files\APB
2011-05-31 19:30:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Locktime
2011-05-31 19:30:58 ----D---- C:\Program Files\NetLimiter 3
2011-05-30 18:39:46 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DDMSettings
2011-05-30 18:37:55 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DivX
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\vxblock.dll
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxwave.dll
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxsfs.dll
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxmas.dll
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxdrv.dll
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2011-05-30 18:37:33 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011-05-30 18:37:31 ----N---- C:\WINDOWS\system32\px.dll
2011-05-30 18:34:31 ----D---- C:\Program Files\Google
2011-05-30 16:27:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\ijjigame
2011-05-30 16:12:58 ----A---- C:\WINDOWS\system32\ijjiSetup.exe
2011-05-30 16:12:58 ----A---- C:\WINDOWS\system32\ijjiProcessRestarter.exe
2011-05-30 16:12:57 ----D---- C:\Program Files\REACTOR
2011-05-30 15:57:59 ----D---- C:\ijji
2011-05-30 00:07:10 ----D---- C:\Program Files\LS
2011-05-26 20:10:57 ----D---- C:\Program Files\GamersFirst
2011-05-21 11:13:15 ----A---- C:\WINDOWS\system32\pbsvc_apb.exe
2011-05-19 22:39:47 ----D---- C:\Perfect World Entertainment
2011-05-19 20:59:16 ----D---- C:\Program Files\Heroes of Newerth
2011-05-19 17:29:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\com.ambergames.soul.air.9CD82F51B070EE0AABBA1F8A608833922673BDA4.1
2011-05-19 17:29:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-05-19 17:29:48 ----D---- C:\Program Files\Sodgame
2011-05-19 17:29:44 ----D---- C:\Program Files\Adobe
2011-05-19 17:29:42 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-05-19 15:10:38 ----D---- C:\Program Files\NosTale(CZ)
2011-05-17 19:42:18 ----D---- C:\Program Files\NCsoft
2011-05-17 19:42:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2011-05-17 17:08:03 ----D---- C:\Program Files\Bing Bar Installer
2011-05-17 17:03:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LocalLow
2011-05-16 16:55:04 ----D---- C:\ALT1Games
2011-05-16 16:03:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2011-05-16 16:03:12 ----D---- C:\Program Files\Pando Networks
2011-05-14 12:41:59 ----A---- C:\GameOverlayUI.exe.log
2011-05-14 12:40:52 ----A---- C:\steam.exe.log
2011-05-14 12:40:52 ----A---- C:\hl.exe.log
2011-05-12 20:53:11 ----D---- C:\Program Files\Tuning Car Studio
2011-05-12 20:37:48 ----D---- C:\Program Files\Arjaloc
2011-05-12 18:17:56 ----D---- C:\Já
2011-05-10 12:32:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GameRanger
2011-05-09 15:40:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nexon
2011-05-08 17:27:01 ----D---- C:\Program Files\Garena
2011-05-08 17:16:30 ----A---- C:\WINDOWS\War3Unin.pif
2011-05-08 17:16:30 ----A---- C:\WINDOWS\War3Unin.exe
2011-05-08 17:13:31 ----D---- C:\Program Files\Warcraft III
2011-05-08 09:20:58 ----A---- C:\WINDOWS\system32\vvprotect.sys
2011-05-06 17:19:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Badoo
2011-05-05 22:34:54 ----D---- C:\WINDOWS\system32\appmgmt
2011-05-05 21:47:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\NexonEU
2011-05-04 23:51:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Enkord
2011-05-04 13:27:09 ----D---- C:\Documents and Settings\Administrator\Data aplikací\THQ
2011-05-04 13:23:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2011-05-01 10:26:08 ----HD---- C:\WINDOWS\msdownld.tmp
2011-04-25 12:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2011-04-25 12:08:14 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-25 10:59:05 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-25 10:59:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-04-24 23:20:45 ----D---- C:\WINDOWS\pss
2011-04-24 21:13:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Chat Republic Games
2011-04-23 12:26:59 ----A---- C:\WINDOWS\system32\npptNT2.sys
2011-04-23 12:26:58 ----D---- C:\Program Files\Common Files\INCA Shared
2011-04-18 16:18:59 ----RHD---- C:\Documents and Settings\Administrator\Data aplikací\SecuROM
2011-04-18 16:18:58 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2011-04-09 23:02:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\SplitMediaLabs

======List of files/folders modified in the last 2 months======

2011-06-06 20:22:34 ----RD---- C:\Program Files
2011-06-06 20:22:24 ----D---- C:\WINDOWS\Prefetch
2011-06-06 18:41:39 ----D---- C:\WINDOWS\temp
2011-06-06 16:15:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PBlackout
2011-06-05 09:35:49 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-05 09:29:03 ----HD---- C:\WINDOWS\system32\drivers
2011-06-05 08:37:50 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-04 13:40:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-04 02:33:28 ----D---- C:\Program Files\Common Files
2011-06-01 20:16:40 ----SHD---- C:\WINDOWS\Installer
2011-05-31 19:36:57 ----D---- C:\WINDOWS
2011-05-31 19:34:15 ----RSD---- C:\WINDOWS\assembly
2011-05-31 19:34:13 ----D---- C:\WINDOWS\system32\config
2011-05-31 19:33:56 ----HD---- C:\WINDOWS\inf
2011-05-30 18:38:33 ----D---- C:\Program Files\DivX
2011-05-30 18:38:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2011-05-30 18:37:33 ----HD---- C:\WINDOWS\system32
2011-05-30 18:35:59 ----SD---- C:\WINDOWS\Tasks
2011-05-30 16:12:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-05-29 20:19:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2011-05-21 11:13:27 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-05-21 11:13:17 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2011-05-20 07:35:12 ----D---- C:\WINDOWS\WinSxS
2011-05-20 07:33:47 ----D---- C:\WINDOWS\system32\DirectX
2011-05-19 17:28:55 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2011-05-14 09:36:00 ----D---- C:\Program Files\EA Games
2011-05-13 05:22:29 ----SHD---- C:\System Volume Information
2011-05-13 05:22:29 ----D---- C:\WINDOWS\system32\Restore
2011-05-12 18:39:09 ----D---- C:\WINDOWS\Minidump
2011-05-12 18:38:33 ----D---- C:\HRY
2011-05-12 18:25:50 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Orbit
2011-05-12 18:25:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-12 18:21:53 ----D---- C:\Program Files\EA SPORTS
2011-05-12 18:18:09 ----D---- C:\Qoobox
2011-05-12 18:06:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-05-12 17:53:29 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-05-12 17:53:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2011-05-12 17:53:21 ----D---- C:\WINDOWS\Help
2011-05-12 17:51:11 ----RSD---- C:\WINDOWS\Fonts
2011-05-06 17:19:34 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-05-04 13:14:36 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-05-04 13:14:03 ----D---- C:\Program Files\Common Files\InstallShield
2011-05-03 23:39:23 ----D---- C:\Documents and Settings\Administrator\Data aplikací\XnView
2011-05-03 23:33:25 ----D---- C:\Program Files\Mozilla Firefox
2011-04-25 12:05:19 ----D---- C:\WINDOWS\msagent
2011-04-25 12:04:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\System32
2011-04-25 11:04:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-24 23:41:35 ----D---- C:\WINDOWS\system32\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys []
R2 Htsysm;Htsysm; \??\C:\WINDOWS\system32\HtsysmNT.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NLNdisMP;NLNdisMP; C:\WINDOWS\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]
R3 npkcusb;npkcusb; \??\C:\Program Files\NCsoft\Lineage\npkcusb.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-16 9623680]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 BTCOM;Bluetooth Serial port driver; C:\WINDOWS\system32\DRIVERS\btcomport.sys []
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; C:\WINDOWS\System32\Drivers\btcombus.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2010-04-06 25864]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-03-10 25280]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2010-04-06 23048]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\WINDOWS\system32\DRIVERS\nlndis.sys [2011-03-21 5230088]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\NCsoft\Lineage\npkcrypt.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SkyShield;SkyShield; \??\C:\Documents and Settings\Administrator\Plocha\myko\SkyShield.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 XDva380;XDva380; \??\C:\WINDOWS\system32\XDva380.sys []
S3 XDva385;XDva385; \??\C:\WINDOWS\system32\XDva385.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2011-03-21 1126400]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-05-21 75136]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2011-05-21 189248]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-30 135664]
S2 PowerManager;Power Manager; C:\WINDOWS\svchost.exe [2001-08-24 36352]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-14 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-04-05 4060984]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-06-06.07 - Administrator 07.06.2011 21:08:47.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.677 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\system32
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@204@3C37D8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@204@3C37F8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@298@3D3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@298@3D3BB8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@298@3D3BF8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@298@3D3C08.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@314@3C37D8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@314@3C37F8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@3BC@3C3B38.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@3BC@3C3B48.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@3BC@3C3B88.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@3BC@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@3DC@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@3DC@3C3B68.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@3DC@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@450@3D3B88.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@450@3D3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@450@3D3BD8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@450@3D3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@630@3D3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@630@3D3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@630@3D3BF8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@6BC@3D3B48.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@6BC@3D3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@6BC@3D3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@6BC@3D3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@6F8@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@6F8@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@6F8@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@750@3C3B48.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@750@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@750@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@750@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@868@3C3B40.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@868@3C3B80.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@868@3C3B90.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@8EC@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@8EC@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@8EC@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@8FC@3D3B40.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@8FC@3D3B50.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@8FC@3D3B90.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@8FC@3D3BA0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@900@3D3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@900@3D3BD8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@900@3D3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@910@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@910@3C3B68.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@910@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@910@3C3BB8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@918@3C3B48.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@918@3C3B88.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@918@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@934@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@934@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@934@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@948@3C3B38.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@948@3C3B48.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@948@3C3B88.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@948@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@A04@3D3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@A04@3D3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@A04@3D3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@ACC@3D3AD0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@ACC@3D3AE0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@ACC@3D3AF0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@AE8@3D3B88.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@AE8@3D3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@AE8@3D3BD8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@AE8@3D3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B10@3D3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B10@3D3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B10@3D3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B10@3D3BF8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B1C@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B1C@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B1C@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B4C@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B4C@3C3BD8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@B4C@3C3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@BC4@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@BC4@3C3B68.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@BC4@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@C58@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@C58@3C3BD8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@C58@3C3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@C6C@3D3770.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@C6C@3D37B0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@C6C@3D37C0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@CE8@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@CE8@3C3B68.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@CE8@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@CE8@3C3BB8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@D64@3D3760.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@D64@3D3770.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@D64@3D37B0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@D64@3D37C0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@DBC@3D3B88.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@DBC@3D3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@DBC@3D3BD8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@DBC@3D3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E04@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E04@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E04@3C3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E40@3D3770.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E40@3D37B0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E40@3D37C0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E64@3C3B40.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E64@3C3B50.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E64@3C3B90.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E64@3C3BA0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E80@3C3B40.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E80@3C3B50.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E80@3C3B90.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@E80@3C3BA0.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@EB8@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@EB8@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@EB8@3C3BE8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@EB8@3C3BF8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F10@3C3B48.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F10@3C3B58.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F10@3C3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F10@3C3BA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F18@3D3B88.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F18@3D3B98.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F18@3D3BD8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F94@3D3C68.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F94@3D3CA8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\.#\MBX@F94@3D3CB8.###
c:\documents and settings\Administrator\Local Settings\Data aplikací\Xenocode\Sandbox\1.0.0.0\2011.03.18T16.15\Virtual\STUBEXE\8.0.1135\@STARTUPCOMMON@
c:\documents and settings\Administrator\Local Settings\Data aplikací\Xenocode\Sandbox\1.0.0.0\2011.03.18T16.15\Virtual\STUBEXE\8.0.1135\@STARTUPCOMMON@\Assassins Creed Brotherhood Keygen .exe
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Dokumenty\Server\admin.txt
C:\Thumbs.db
c:\windows\svchost.exe
c:\windows\system32\SysInfo.dll
.
Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\explorer.exe
.
Nakažená kopie c:\windows\system32\winlogon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\winlogon.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_POWERMANAGER
-------\Service_PowerManager
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-07 do 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-06 18:22 . 2011-06-06 18:22 -------- d-----w- c:\program files\trend micro
2011-06-06 18:22 . 2011-06-06 18:22 -------- d-----w- C:\rsit
2011-06-05 16:13 . 2011-06-05 16:13 -------- d-----w- C:\SG Interactive
2011-06-05 06:37 . 2011-06-06 18:27 -------- d-----w- C:\gPotato
2011-06-04 01:23 . 2011-06-04 01:23 -------- d-----w- C:\AeriaGames
2011-06-04 00:33 . 2011-06-07 19:19 -------- d-----w- c:\program files\Common Files\Akamai
2011-06-02 13:18 . 2011-06-06 18:32 -------- d-----w- c:\program files\APB
2011-05-31 17:36 . 2011-05-31 17:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Locktime
2011-05-31 17:30 . 2011-05-31 17:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Locktime
2011-05-31 17:30 . 2011-05-31 17:31 -------- d-----w- c:\program files\NetLimiter 3
2011-05-30 16:40 . 2011-05-30 16:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-05-30 16:39 . 2011-05-30 16:39 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\DDMSettings
2011-05-30 16:34 . 2011-05-30 16:38 -------- d-----w- c:\program files\Google
2011-05-30 14:27 . 2010-07-28 16:14 22016 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
2011-05-30 14:27 . 2011-05-30 14:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ijjigame
2011-05-30 14:12 . 2010-07-27 14:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2011-05-30 14:12 . 2010-03-24 14:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2011-05-30 14:12 . 2010-03-24 14:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2011-05-30 14:12 . 2011-05-30 14:17 -------- d-----w- c:\program files\REACTOR
2011-05-30 13:57 . 2011-05-30 13:57 -------- d-----w- C:\ijji
2011-05-29 22:07 . 2011-05-29 22:07 -------- d-----w- c:\program files\LS
2011-05-26 18:10 . 2011-06-01 04:31 -------- d-----w- c:\program files\GamersFirst
2011-05-21 09:13 . 2011-04-22 18:23 2585160 ----a-w- c:\windows\system32\pbsvc_apb.exe
2011-05-19 20:39 . 2011-05-19 20:39 -------- d-----w- C:\Perfect World Entertainment
2011-05-19 18:59 . 2011-06-06 18:24 -------- d-----w- c:\program files\Heroes of Newerth
2011-05-19 15:29 . 2011-05-19 15:29 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\com.ambergames.soul.air.9CD82F51B070EE0AABBA1F8A608833922673BDA4.1
2011-05-19 15:29 . 2011-05-19 15:29 -------- d-----w- c:\program files\Sodgame
2011-05-19 15:29 . 2011-05-19 15:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-19 15:28 . 2011-05-19 15:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Adobe
2011-05-17 17:42 . 2011-05-17 17:42 -------- d-----w- c:\program files\NCsoft
2011-05-17 17:42 . 2011-05-17 17:42 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\InstallShield
2011-05-17 15:08 . 2011-05-17 15:08 -------- d-----w- c:\program files\Bing Bar Installer
2011-05-17 15:03 . 2011-05-17 15:03 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\LocalLow
2011-05-16 14:55 . 2011-05-16 14:55 -------- d-----w- C:\ALT1Games
2011-05-16 14:03 . 2011-05-16 14:03 -------- d-----w- c:\program files\Pando Networks
2011-05-12 18:53 . 2011-05-12 18:53 -------- d-----w- c:\program files\Tuning Car Studio
2011-05-12 18:37 . 2011-05-12 18:38 -------- d-----w- c:\program files\Arjaloc
2011-05-12 16:17 . 2011-05-12 16:31 -------- d-----w- C:\Já
2011-05-10 10:32 . 2011-05-10 10:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\GameRanger
2011-05-09 13:40 . 2011-05-09 13:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nexon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-21 09:13 . 2010-12-14 13:07 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-21 09:13 . 2010-12-14 13:07 138056 ----a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-05-21 09:13 . 2010-12-14 13:06 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-21 09:13 . 2010-12-14 13:06 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-21 09:13 . 2010-12-14 13:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-10 12:17 . 2010-12-14 13:28 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-08 15:20 . 2011-05-08 15:16 2829 ----a-w- c:\windows\War3Unin.pif
2011-05-08 15:20 . 2011-05-08 15:16 139264 ----a-w- c:\windows\War3Unin.exe
2011-05-08 07:20 . 2011-05-08 07:20 9728 ----a-w- c:\windows\system32\vvprotect.sys
2011-04-18 14:18 . 2011-04-18 14:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-05 05:15 . 2011-04-23 10:27 4060984 ----a-w- c:\windows\system32\GameMon.des
2011-03-26 18:20 . 2001-10-25 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-03-21 14:44 . 2011-03-21 14:44 5230088 ----a-w- c:\windows\system32\drivers\nlndis.sys
2011-03-21 14:13 . 2011-03-21 14:13 58451 ----a-w- c:\documents and settings\Administrator\Data aplikací\Administrator3SQLite3.dll
2011-03-19 01:47 . 2011-03-19 05:36 3360624 ----a-w- c:\windows\system32\pbsvc.exe
2011-03-09 22:08 . 2011-03-09 22:08 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-03 21:32 . 2011-04-24 21:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2001-10-25 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Badoo Desktop"="c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe" [2011-05-06 1013760]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 1839104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\HRY\\Steam\\Steam.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\HRY\\torentor\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\HRY\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\HRY\\Steam\\steamapps\\jarous1337\\counter-strike\\hl.exe"=
"c:\\SG Interactive\\Project Blackout\\PBlackout.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58442:TCP"= 58442:TCP:Pando Media Booster
"58442:UDP"= 58442:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6932:TCP"= 6932:TCP:League of Legends Launcher
"6932:UDP"= 6932:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"57395:TCP"= 57395:TCP:Pando Media Booster
"57395:UDP"= 57395:UDP:Pando Media Booster
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"6891:TCP"= 6891:TCP:League of Legends Launcher
"6891:UDP"= 6891:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"58623:TCP"= 58623:TCP:Pando Media Booster
"58623:UDP"= 58623:UDP:Pando Media Booster
"6982:TCP"= 6982:TCP:League of Legends Launcher
"6982:UDP"= 6982:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6.4.2010 19:32 20104]
R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [21.3.2011 16:44 5281672]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [25.10.2001 14:00 14336]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [22.1.2011 4:21 2304]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [21.3.2011 16:44 5230088]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.5.2011 18:35 135664]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6.4.2010 19:33 25864]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6.4.2010 19:32 23048]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [21.3.2011 16:44 5230088]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SkyShield;SkyShield;\??\c:\documents and settings\Administrator\Plocha\myko\SkyShield.sys --> c:\documents and settings\Administrator\Plocha\myko\SkyShield.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 16:34]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-30 16:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = hxxp://googleads.g.doubleclick.net/aclk?sa=l&ai=B1CfKodEFTZiaNYzS_AbMze3-D73dpscBAAAAEAEg18zpDzgAUNCOur_6_____wFYo43-xw9gzMnngewGsgEWZW1iZWRkZWQuZ2FyZW5hbm93LmNvbboBCTQ2OHg2MF9hc8gBAtoBLmh0dHA6Ly9lbWJlZGRlZC5nYXJlbmFub3cuY29tL2FkMi9sb2JieV9hZC5waHCpAtpvEW00n6k-wAIC4AIA6gITY2xpZW50X2xvYmJ5XzQ2OHg2MPgC9NEekAOMBpgDsAmoAwHIAxXQBJBO4AQB&num=0&sig=AGiWqtx6dmwi6wKfvHpNPVsYFdzLCXKlhQ&client=ca-pub-3822388043281682&adurl=http://www.garena.com/~club/&nm=4&clkt=1297&jca=9894
Trusted Zone: bloodclans.com\www
Trusted Zone: leagueoflegends.com\ll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\62gqtdlb.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.cz
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 21:26
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_8675ab0.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_8675ab0.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1500820517-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,ee,8c,b6,ff,92,b3,40,ba,1c,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,ee,8c,b6,ff,92,b3,40,ba,1c,ff,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?U?\11???\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"d:\\ati\\atidrv\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NetLimiter 3\nlsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2011-06-07 21:29:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-07 19:29
.
Před spuštěním: Volných bajtů: 36 006 273 024
Po spuštění: Volných bajtů: 37 277 323 264
.
- - End Of File - - 450295E91E887B3B81BBC0C1D6F8EEE6

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
c:\windows\system32\ijjiSetup.exe
c:\windows\system32\ijjiProcessRestarter.exe
c:\windows\system32\XDva380.sys
c:\windows\system32\XDva385.sys

Driver::
XDva380
XDva385
Akamai

Folder::
c:\documents and settings\All Users\Data aplikací\ijjigame
C:\ijji

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"=-
"1035:TCP"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.



Jinak toto:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58442:TCP"= 58442:TCP:Pando Media Booster
"58442:UDP"= 58442:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6932:TCP"= 6932:TCP:League of Legends Launcher
"6932:UDP"= 6932:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"57395:TCP"= 57395:TCP:Pando Media Booster
"57395:UDP"= 57395:UDP:Pando Media Booster
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"6891:TCP"= 6891:TCP:League of Legends Launcher
"6891:UDP"= 6891:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"58623:TCP"= 58623:TCP:Pando Media Booster
"58623:UDP"= 58623:UDP:Pando Media Booster
"6982:TCP"= 6982:TCP:League of Legends Launcher
"6982:UDP"= 6982:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

je ukázkový případ, jak otevřít PC útočníkovi z venku. Odstřeluji pouze 2 poslední hodnoty, takže vše ostatní zůstává otevřené (jinak byste si po síti už nezahrál). Bez antiviru a personálního firewallu hotová lahůdka pro napadení útočníkem! Garantuji vám, že uplyne pouze pár hodin, a PC bude v podobném stavu, jako nyní.

Jo tak díky fakt super , provedl sem vše , nainstaloval firewall , ale teď mi nejde klávesnice ve hrách jen ve winech , cd k ní nebylo.

STAR píše:Jo tak díky fakt super , provedl sem vše , nainstaloval firewall , ale teď mi nejde klávesnice ve hrách jen ve winech , cd k ní nebylo.

Zkuste se podívat do konfigurace v ovl. panelech, nebo ji odeberte ze systému a restartujte PC. systém ji pak znovu načte. Další možností je podívat se na web výrobce té klávesnice.

Klávesnice už jde , ale oběvil se jinčí problém ve všech hrách mám najednou občas 90 fps ale padá to až ke 20ceti.. :/// nikdy to nedělalo vždy sem měl stabilních 100 , např u cska je to opravdu na hovno.

Problematiku her zde neřešíme, jsme bezpečnostní fórum. Zkuste obnovu systému k datu, kdy korektně fungoval.