Vysoká odezva(ping) internetu

[Roli]

Po spuštění Combofix se ti mimo jiné objeví :



kde klikneš na YES pro instalaci Recovery Console, ta bude stažena a po její úspěšné instalaci se objeví :



kde klikneš na YES pro pokračování skenování a už to jede.

[spacek]

Tak je to tady.


ComboFix 10-01-04.01 - Spáčil 10.01.2010 21:40:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1516 [GMT 1:00]
Spuštěný z: c:\documents and settings\Spáčil\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sp źil\Dokumenty\cc_20100110_203751.reg
C:\install.exe
c:\program files\Cheat Engine\dbk32.sys
c:\windows\struct~.ini
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DBKDRVR54
-------\Service_DBKDRVR54


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 19:43 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 19:43 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 19:43 . 2010-01-10 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 18:45 . 2010-01-10 18:45 -------- d-----w- c:\program files\CCleaner
2010-01-10 17:40 . 2010-01-10 18:40 -------- d-----w- c:\program files\trend micro
2010-01-10 17:40 . 2010-01-10 17:41 -------- d-----w- C:\rsit
2010-01-05 17:19 . 2010-01-05 17:19 -------- d-----w- c:\program files\Capcom
2010-01-04 14:42 . 2010-01-05 15:19 -------- d-----w- c:\program files\American Conquest - Fight Back
2010-01-03 18:53 . 2010-01-10 18:43 -------- d-----w- c:\program files\Get Styles
2009-12-27 13:26 . 2009-12-27 13:26 -------- d-----w- c:\program files\IObit
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-21 20:20 . 2006-11-22 09:01 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-12-21 20:20 . 2009-12-21 20:20 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-12-21 20:20 . 2009-12-21 20:20 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-12-21 20:20 . 2009-12-21 20:20 383 ----a-w- c:\windows\system32\haspdos.sys
2009-12-21 20:20 . 2006-12-20 09:00 671112 ----a-w- c:\windows\system32\hdinst_windows.dll
2009-12-21 20:20 . 2006-11-30 10:06 69632 ----a-w- c:\windows\system32\hasp_inst_help1.dll
2009-12-21 20:20 . 2005-09-06 16:07 24576 ----a-w- c:\windows\system32\hdduinst.exe
2009-12-21 20:20 . 2006-12-20 10:55 3066968 ----a-w- c:\windows\system32\hinstd.dll
2009-12-21 20:20 . 2006-12-20 09:00 2511360 ----a-w- c:\windows\system32\haspds_windows.dll
2009-12-21 20:20 . 2002-07-26 16:02 153088 ----a-w- c:\windows\system32\UNWISE.EXE
2009-12-21 20:19 . 2009-12-21 20:19 -------- d-----w- c:\program files\2d3

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 20:44 . 2008-11-11 19:35 -------- d-----w- c:\program files\Cheat Engine
2010-01-10 20:07 . 2009-01-23 13:01 -------- d-----w- c:\program files\Steam
2010-01-07 14:15 . 2008-09-22 16:41 -------- d-----w- c:\program files\Xfire
2010-01-05 17:21 . 2008-09-16 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 15:07 . 2008-12-30 13:52 -------- d-----w- c:\program files\wowko_bc
2010-01-03 10:32 . 2008-09-19 15:09 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-03 09:59 . 2008-09-19 15:10 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-29 10:40 . 2009-11-25 20:23 -------- d-----w- c:\program files\ICQ6.5
2009-12-27 15:14 . 2008-11-04 18:03 -------- d-----w- c:\program files\Call of Duty
2009-12-24 23:49 . 2009-07-01 12:20 -------- d-----w- c:\program files\Real
2009-12-24 23:49 . 2009-07-01 12:20 -------- d-----w- c:\program files\Common Files\Real
2009-12-22 21:06 . 2009-05-07 15:07 -------- d-----w- c:\program files\Google
2009-12-18 06:05 . 2009-01-10 14:25 -------- d-----w- c:\program files\Mumble
2009-12-16 18:46 . 2008-10-01 14:39 -------- d-----w- c:\program files\Electronic Arts
2009-12-09 12:58 . 2008-10-31 16:43 -------- d-----w- c:\program files\Java
2009-12-05 22:55 . 2009-12-05 22:55 -------- d-----w- c:\program files\Team17 Software Ltd
2009-12-05 09:34 . 2008-10-23 12:56 -------- d-----w- c:\program files\EA GAMES
2009-12-04 20:22 . 2009-01-22 13:02 -------- d-----w- c:\program files\Ubisoft
2009-12-01 05:46 . 2009-06-30 19:11 -------- d-----r- c:\program files\Skype
2009-12-01 05:46 . 2009-12-01 05:46 -------- d-----w- c:\program files\Common Files\Skype
2009-11-30 21:39 . 2009-11-30 21:38 -------- d-----w- c:\program files\Warsow 0.5
2009-11-29 08:42 . 2009-11-29 08:41 -------- d-----w- c:\program files\ImgBurn
2009-11-29 07:34 . 2009-11-29 07:34 -------- d-----w- c:\program files\Delta
2009-11-29 07:31 . 2009-11-29 07:30 -------- d-----w- c:\program files\Project64 1.6
2009-11-27 14:05 . 2009-11-25 16:59 -------- d-----w- c:\program files\AVA
2009-11-25 17:07 . 2009-11-25 17:07 -------- d-----w- c:\program files\ijji
2009-11-25 12:25 . 2009-03-18 16:11 -------- d-----w- c:\program files\QIP Infium
2009-11-21 21:02 . 2009-11-21 21:02 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-11-21 17:46 . 2009-05-08 18:10 -------- d-----w- c:\program files\SweetIM
2009-11-16 13:05 . 2009-07-30 10:08 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-11-15 16:56 . 2009-11-15 16:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-15 16:56 . 2009-11-15 16:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-15 16:56 . 2009-11-15 16:56 -------- d-----w- c:\program files\OpenAL
2009-11-15 16:52 . 2008-11-05 13:53 -------- d-----w- c:\program files\Garena
2009-11-15 16:50 . 2009-11-15 16:50 -------- d-----w- c:\program files\Eidos
2009-11-15 11:36 . 2008-10-11 13:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-15 11:35 . 2009-03-24 17:39 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-14 20:56 . 2008-11-14 13:40 -------- d-----w- c:\program files\Hamachi
2009-11-12 19:19 . 2008-09-18 15:02 -------- d-----w- c:\program files\Activision
2009-11-12 17:53 . 2009-10-04 15:05 -------- d-----w- c:\program files\TeamViewer3
2009-11-03 20:55 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-11-03 20:55 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-04-10 13:52 . 2009-04-10 13:52 36868 ----a-w- c:\program files\uninst-Particular.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-02 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-18 949376]
"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\FlatOut\\flatout.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War Beta\\CoDWaWbeta.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitLord\\Downloads\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\QIP\\Users\\464251383\\RcvdFiles\\361990299_Soňa\\TeamSpeak-Spam\\Spamer.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Documents and Settings\\Spáčil\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Saints Row 2\\SR2_pc.exe"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\patchget.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Paintball2\\paintball2.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWa.exe"=
"c:\\Program Files\\wowko_bc\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\smashball\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\qiko99\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\cecwee\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Activision\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Activision\\Call of Duty Modern Warfare 2\\TeknoGods_MW2SP --ip=85.13.123.3.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Documents and Settings\\Spáčil\\Dokumenty\\Stažené soubory\\bulanci.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"=
"c:\\Program Files\\American Conquest - Fight Back\\dmcr.exe"=
"c:\\Program Files\\Capcom\\FLOCK!\\Flock.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1500:UDP"= 1500:UDP:1500
"3005:UDP"= 3005:UDP:3005
"3101:UDP"= 3101:UDP:3101
"28960:UDP"= 28960:UDP:28960
"27000:UDP"= 27000:UDP:27000
"27015:UDP"= 27015:UDP:27015
"27014:TCP"= 27014:TCP:27014

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.9.2008 15:46 717296]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18.9.2008 14:06 15424]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.11.2009 15:23 246520]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [9.3.2008 23:04 65536]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 13:44 6640]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [30.6.2009 17:57 127496]
S2 gupdate1c9fb2b93e9320e;Služba Google Update (gupdate1c9fb2b93e9320e);c:\program files\Google\Update\GoogleUpdate.exe [2.7.2009 16:41 133104]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\SPIL~1\LOCALS~1\Temp\DTX1209.tmp --> c:\docume~1\SPIL~1\LOCALS~1\Temp\DTX1209.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [8.11.2006 08:59 530304]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-02 15:38]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 15:41]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 15:41]

2009-12-27 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-27 12:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
LSP: c:\windows\system32\imon.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
FF - ProfilePath - c:\documents and settings\Spáčil\Data aplikací\Mozilla\Firefox\Profiles\i5d7g25t.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-V-Ray for 3dsmax 2009 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files\Electronic Arts\The Lord of the Rings



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 21:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spsc.sys >>UNKNOWN [0x8A3C3938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> sfsync02.sys @ 0xba0e98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xb9d18bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d07a0d
SendHandler -> NDIS.sys @ 0xb9d1bb40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\SPIL~1\LOCALS~1\Temp\DTX1209.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-1960408961-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c5,8c,14,80,d5,88,b6,ad,5e,a3,eb,be,fc,58,ea,aa,5b,24,04,f7,c5,dd,ff,
ff,fb,5a,20,31,3d,f5,4e,6e,df,d5,8d,46,2e,cc,b0,a5,e0,5a,c5,ef,87,0a,26,cc,\
"??"=hex:9d,3d,21,18,7f,d9,c9,ec,df,64,6b,82,e7,2e,a2,5c

[HKEY_USERS\S-1-5-21-789336058-1960408961-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:89,87,d8,33,9e,95,60,b7,4e,37,34,bf,b4,e1,cd,01,57,8e,3b,ef,9b,
e9,b0,25,c6,35,6e,03,75,ae,98,d5,52,29,75,cd,e0,a3,e6,47,db,b9,a1,e6,47,db,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{39c624fc-a9f5-4a3a-b8b9-6db68aea854a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d4,0e,4f,54,60,8e,10,7a,16,1d,7a,62,71,76,45,c7,96,96,54,08,08,
fd,fa,e4,59,ca,2d,d6,09,e6,e0,06,78,05,98,3a,da,4a,25,5f,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(204)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-10 21:54:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 20:54

Před spuštěním: Volných bajtů: 43 992 903 680
Po spuštění: Volných bajtů: 43 817 656 320

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 359FBD6D153EA9C257FA77CA2BC71ADD

[spacek]

Problém se odezvou pořád přetrváva. A děkuju, že se mi s tím snažíte pomoct.

[Roli]

Nyní pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::  
c:\program files\ICQ6Toolbar

Driver::
ICQ Service

FireFox::
FF - ProfilePath - c:\documents and settings\Spáčil\Data aplikací\Mozilla\Firefox\Profiles\i5d7g25t.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



po aplikaci na Tebe vypadne další log, dej ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[spacek]

Co kdyby mi to nenaběhnulo kdybych mačkal F8? Popř. screen jestli by byl.

[Roli]

V klidu mažeme jen ICQ Toolbar.

[spacek]

Všechno proběhlo v pohodě. Log je moc dlouhý tak jsem ho uploadnul na edisk.cz.

http://www.edisk.cz/stahni/74881/ComboF ... .67KB.html

[Roli]

Nyní přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Dále stáhni Panda Anti Rootkit

rozbal ho a spusť,

klikni na Start scan

proběhne sken, když něco najde nabídne mazání nebo rovnou nahlásí že je vše v pořádku.


Pak mi dej vědět zda něco našel a jak je na tom PC.

[spacek]

Nic to nenašlo - No rootkits has been found.

[Roli]

tak že šmejdem to není.

Ještě se zeptám, internet blbne i když je to druhé PC vypnuté ?

[spacek]

Ano, třeba teď je sestra na lyžáku a 2. Pc už je 2 dny vypnutý.

Btw: Ten počítač je asi 5 let starý a zapráskaný od "blbostí". Je možné, že by to mohlo být zavirované tím jejím pc?(Router je na mém)

[Roli]

Router nezaviruješ.

Ještě zkus restartovat modem a překontrolovat síťové kabely.

[spacek]

Hotvo – jdu to testnout.

[spacek]

Ping pořád stoupá na 600+. Možná trochu méně, ale pořád. Asi už žádné jiné řešení nebude že?

[Roli]

A nemáš nějaké omezení od poskytovatele internetu ?