Samovolna zmena hlasitosti, castecne spomalene PC + internet

[Abbott.Avi]

Dobrý den,

poprosil bych o kontrolu logu, kvůli problémům popsaným v předmětu mého topicu.
Hlavním problémem, který mě dost omezuje, je samovolná změna hlasitosti.
Avastem jsem oscanoval PC před spuštěním Windows a ten opravil a smazal pár rootkit, spyware, virů, nicméně problém přetrvává.
Pokud by mi někdo poradil, ujal se mne, děkuji. Petr

Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2011-12-13 21:43:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (57%) free of 50 GB
Total RAM: 2047 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:43:53, on 13.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Opera\opera.exe
I:\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gomplayer.com/codec/search.h ... 805F6CBBEA}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petr\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1ca0321c96bb084) (gupdate1ca0321c96bb084) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7727 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\ioo6ca3b.default

prefs.js - "browser.startup.homepage" - "http://qip.ru"
prefs.js - "extensions.enabledItems" - "engine@conduit.com:3.3.3.2, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, plugin3@gameplaylabs.com:3.0, {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\ioo6ca3b.default\extensions\
plugin3@gameplaylabs.com
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ba14329e-9550-4989-b3f2-9732e92d17cc}

C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\ioo6ca3b.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Petr\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2011-04-01 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-04-15 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-04-15 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"=C:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-05-14 5958656]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1970176]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NWEReboot"= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"QuickTime Task"=C:\Program Files\QT Lite\qttask.exe [2009-11-10 417792]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-11-18 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2004-04-23 77824]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-11-18 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"E:\Games\Loki\Loki.exe"="E:\Games\Loki\Loki.exe:*:Enabled:Loki"
"E:\Programy\Miranda IM\Miranda IM\miranda32.exe"="E:\Programy\Miranda IM\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"E:\Programy\Miranda IM\miranda32.exe"="E:\Programy\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\Petr\Plocha\Miranda IM\miranda32.exe"="C:\Documents and Settings\Petr\Plocha\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\Grid\GRID.exe"="E:\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\Grid\GRID.exe:*:Enabled:GRID Executable"
"E:\Games\Race Driver - Grid\GRID.exe"="E:\Games\Race Driver - Grid\GRID.exe:*:Enabled:GRID Executable"
"E:\Games\FlatOut Ultimate Carnage\Fouc.exe"="E:\Games\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"E:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Games\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe"="E:\Games\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine"
"C:\Documents and Settings\Petr\Plocha\Miranda IM Bagr pack\miranda32.exe"="C:\Documents and Settings\Petr\Plocha\Miranda IM Bagr pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Miranda IM Bagr pack\miranda32.exe"="C:\Program Files\Miranda IM Bagr pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Miranda IM KP v4.2\miranda32.exe"="C:\Program Files\Miranda IM KP v4.2\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"E:\Games\Prototype\prototypef.exe"="E:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"E:\Games\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe"="E:\Games\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum"
"E:\Games\Warcraft III\Warcraft III.exe"="E:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\Games\Borderlands\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="E:\Games\Borderlands\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2"
"E:\Image Folder\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Image Folder\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Disabled:iw3mp"
"E:\Games1\DiRT2\dirt2_game.exe"="E:\Games1\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"E:\Games1\GRID\GRID.exe"="E:\Games1\GRID\GRID.exe:*:Enabled:GRID"
"E:\Games1\Spider-Man - Web of Shadows\image\pc\Spider-Man Web of Shadows.exe"="E:\Games1\Spider-Man - Web of Shadows\image\pc\Spider-Man Web of Shadows.exe:*:Enabled:Spider-Man(R) - Web of Shadows(TM) "
"E:\Games1\Dark Void\nativePC\Binaries\ShippingPC-SkyGame.exe"="E:\Games1\Dark Void\nativePC\Binaries\ShippingPC-SkyGame.exe:*:Enabled:ShippingPC-SkyGame"
"E:\Games1\Battlefield - Bad Company 2\BFBC2Updater.exe"="E:\Games1\Battlefield - Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"E:\Games1\Split Second\SplitSecond.exe"="E:\Games1\Split Second\SplitSecond.exe:*:Enabled:Split/Second"
"E:\Games1\StarCraft II\StarCraft II.exe"="E:\Games1\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"E:\Games1\Dead Space\Dead Space.exe"="E:\Games1\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™"
"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client"
"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"E:\Games\Call of Duty - Black Ops\BlackOps.exe"="E:\Games\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"E:\Games1\Dead Space II\deadspace2.exe"="E:\Games1\Dead Space II\deadspace2.exe:*:Enabled:Dead Space™ 2"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"E:\Games\NFS - Hot Pursuit\Launcher.exe"="E:\Games\NFS - Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead Authoring Tools"
"C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\srcds.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\srcds.exe:*:Enabled:Left 4 Dead 2 Dedicated Server"
"E:\Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe"="E:\Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
"C:\Program Files\Steam\steamapps\common\amd driver updater, xp, 32 bit\Setup.exe"="C:\Program Files\Steam\steamapps\common\amd driver updater, xp, 32 bit\Setup.exe:*:Enabled:AMD Driver Updater, XP, 32 bit"
"E:\Steam\steamapps\abbottaker1\team fortress 2\hl2.exe"="E:\Steam\steamapps\abbottaker1\team fortress 2\hl2.exe:*:Enabled:hl2"
"E:\Games1\Brink\brink.exe"="E:\Games1\Brink\brink.exe:*:Enabled:Brink"
"E:\Games1\DiRT 3\dirt3_game.exe"="E:\Games1\DiRT 3\dirt3_game.exe:*:Enabled:DiRT 3"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\Miranda IM KP v5.0.9.16\miranda32.exe"="C:\Program Files\Miranda IM KP v5.0.9.16\miranda32.exe:*:Enabled:Miranda IM"
"E:\Games1\F.E.A.R. 3\F.E.A.R. 3.exe"="E:\Games1\F.E.A.R. 3\F.E.A.R. 3.exe:*:Enabled:F.E.A.R. 3"
"E:\Steam\steam.exe"="E:\Steam\steam.exe:*:Enabled:Steam"
"E:\Steam\steamapps\common\amd driver updater, xp, 32 bit\Setup.exe"="E:\Steam\steamapps\common\amd driver updater, xp, 32 bit\Setup.exe:*:Enabled:AMD Driver Updater, XP, 32 bit"
"E:\Games1\The Cursed Crusade\TCC.exe"="E:\Games1\The Cursed Crusade\TCC.exe:*:Enabled:TCC"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\Dead Island\DeadIslandGame.exe"="E:\Games\Dead Island\DeadIslandGame.exe:*:Enabled:DeadIsland"
"E:\Games1\The Witcher 2 (CZ)\bin\witcher2.exe"="E:\Games1\The Witcher 2 (CZ)\bin\witcher2.exe:*:Enabled:The Witcher 2: Assasins of Kings"
"E:\Steam\steamapps\common\left 4 dead\left4dead.exe"="E:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"E:\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe"="E:\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead Authoring Tools"
"E:\Steam\steamapps\common\left 4 dead\srcds.exe"="E:\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server"
"E:\Steam\steamapps\common\deus ex - human revolution\dxhr.exe"="E:\Steam\steamapps\common\deus ex - human revolution\dxhr.exe:*:Enabled:Deus Ex: Human Revolution"
"E:\Games1\Dead Space2\deadspace2.exe"="E:\Games1\Dead Space2\deadspace2.exe:*:Enabled:Dead Space™ 2"
"E:\Steam\steamapps\common\left 4 dead 2\srcds.exe"="E:\Steam\steamapps\common\left 4 dead 2\srcds.exe:*:Enabled:Left 4 Dead 2 Dedicated Server"
"E:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="E:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"E:\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe"="E:\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"msacm.divxa32"=msaud32_divx.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-12-13 21:43:46 ----D---- C:\Program Files\trend micro
2011-12-13 21:43:45 ----D---- C:\rsit
2011-12-02 15:24:29 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2011-11-26 12:04:51 ----D---- C:\Program Files\FreeRapid-0.86u1
2011-11-23 18:27:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-11-23 18:22:13 ----D---- C:\Program Files\AMD APP
2011-11-19 23:25:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Rockstar Games
2011-11-18 16:52:38 ----A---- C:\WINDOWS\system32\OpenVideo.dll
2011-11-18 16:52:24 ----A---- C:\WINDOWS\system32\OVDecoder.dll
2011-11-18 16:51:30 ----A---- C:\WINDOWS\system32\amdocl.dll

======List of files/folders modified in the last 1 month======

2011-12-13 21:43:46 ----RD---- C:\Program Files
2011-12-13 21:03:50 ----D---- C:\WINDOWS\Temp
2011-12-13 20:49:28 ----D---- C:\WINDOWS\system32\config
2011-12-13 16:09:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-13 15:26:36 ----D---- C:\WINDOWS\Prefetch
2011-12-12 00:03:29 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-10 21:26:10 ----D---- C:\WINDOWS
2011-12-10 10:52:39 ----D---- C:\Program Files\Mozilla Firefox
2011-12-02 15:25:15 ----D---- C:\WINDOWS\system32\LogFiles
2011-12-02 15:24:29 ----D---- C:\WINDOWS\system32
2011-12-01 22:22:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Solidshield
2011-12-01 22:18:24 ----SHD---- C:\WINDOWS\Installer
2011-12-01 22:18:24 ----D---- C:\Config.Msi
2011-12-01 22:16:25 ----D---- C:\Documents and Settings\Petr\Data aplikací\Winamp
2011-12-01 21:25:14 ----HD---- C:\WINDOWS\inf
2011-12-01 21:25:14 ----D---- C:\WINDOWS\system32\DirectX
2011-12-01 21:25:02 ----D---- C:\WINDOWS\Logs
2011-12-01 21:17:59 ----D---- C:\Documents and Settings\Petr\Data aplikací\DAEMON Tools Lite
2011-11-28 19:01:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-11-23 18:21:52 ----D---- C:\Program Files\ATI Technologies
2011-11-23 18:20:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-23 18:20:15 ----D---- C:\WINDOWS\system32\drivers
2011-11-23 18:20:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-11-23 18:20:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-11-23 18:15:18 ----D---- C:\AMD
2011-11-22 20:19:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-19 23:25:10 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-19 23:24:00 ----D---- C:\Program Files\Rockstar Games
2011-11-18 23:30:06 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2011-11-18 23:01:12 ----A---- C:\WINDOWS\system32\aticalrt.dll
2011-11-18 23:01:06 ----A---- C:\WINDOWS\system32\aticalcl.dll
2011-11-18 22:57:14 ----A---- C:\WINDOWS\system32\aticaldd.dll
2011-11-18 22:42:32 ----A---- C:\WINDOWS\system32\atioglxx.dll
2011-11-18 22:35:36 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2011-11-18 22:34:26 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2011-11-18 22:33:56 ----A---- C:\WINDOWS\system32\ati3duag.dll
2011-11-18 22:26:30 ----A---- C:\WINDOWS\system32\ativvamv.dll
2011-11-18 22:14:02 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2011-11-18 22:13:46 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2011-11-18 22:13:32 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2011-11-18 22:13:24 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2011-11-18 22:13:16 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2011-11-18 22:13:02 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2011-11-18 22:11:48 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2011-11-18 22:10:30 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2011-11-18 22:09:04 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2011-11-18 22:04:38 ----A---- C:\WINDOWS\system32\atikvmag.dll
2011-11-18 22:00:18 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2011-11-18 21:59:38 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2011-11-18 21:59:14 ----A---- C:\WINDOWS\system32\atitvo32.dll
2011-11-18 21:53:22 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2011-11-18 21:52:06 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll
2011-11-18 21:52:06 ----A---- C:\WINDOWS\system32\atimpc32.dll
2011-11-18 21:52:06 ----A---- C:\WINDOWS\system32\amdpcom32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2008-05-08 77200]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-06-21 721904]
R0 Teefer;Teefer for NT; C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [2004-10-15 60496]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-02-20 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-06-09 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-06-09 25888]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-11-18 7413248]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2011-10-17 100368]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-07-18 10368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
S3 MSICDSetup;MSICDSetup; \??\F:\CDriver.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys []
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-11-18 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-13 66872]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-05-15 593920]
S2 gupdate1ca0321c96bb084;Služba Google Update (gupdate1ca0321c96bb084); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Abbott.Avi]

ComboFix 11-12-13.03 - Petr 13.12.2011 23:06:31.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1059 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\settings.reg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_glaide32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-13 do 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-13 20:43 . 2011-12-13 20:43 -------- d-----w- c:\program files\trend micro
2011-12-13 20:43 . 2011-12-13 20:43 -------- d-----w- C:\rsit
2011-11-26 11:04 . 2011-12-11 09:10 -------- d-----w- c:\program files\FreeRapid-0.86u1
2011-11-23 17:27 . 2011-11-23 17:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-11-23 17:22 . 2011-11-23 17:22 -------- d-----w- c:\program files\AMD APP
2011-11-19 22:54 . 2011-11-19 22:54 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Chromium
2011-11-19 22:25 . 2011-11-19 22:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Rockstar Games
2011-11-18 15:52 . 2011-11-18 15:52 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-18 15:52 . 2011-11-18 15:52 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-11-18 15:51 . 2011-11-18 15:51 13950464 ----a-w- c:\windows\system32\amdocl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-11-14 07:53 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-10-07 16:24 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-04-14 20:43 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-10-07 16:24 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-10-07 16:24 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-10-07 16:24 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-10-07 16:24 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2008-10-07 16:24 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-10-07 16:24 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2008-10-07 16:24 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-18 22:33 . 2008-08-21 04:52 7413248 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-11-18 22:30 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-11-18 22:01 . 2009-05-16 01:35 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-18 22:01 . 2009-05-16 01:34 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-18 21:57 . 2009-05-16 01:33 5890048 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-18 21:42 . 2009-05-16 02:55 19025920 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-18 21:35 . 2010-08-03 19:47 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-18 21:34 . 2008-08-21 02:18 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-11-18 21:33 . 2008-08-21 01:55 4004928 ----a-w- c:\windows\system32\ati3duag.dll
2011-11-18 21:26 . 2011-01-26 22:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-11-18 21:14 . 2008-08-21 01:38 3286400 ----a-w- c:\windows\system32\ativvaxx.dll
2011-11-18 21:13 . 2009-05-16 03:18 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-18 21:13 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-18 21:13 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-11-18 21:13 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-18 21:13 . 2009-05-16 03:17 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-11-18 21:11 . 2009-05-16 03:15 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-18 21:10 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-11-18 21:09 . 2010-08-03 19:47 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-18 21:04 . 2009-05-16 02:33 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-11-18 21:00 . 2009-05-16 02:26 499712 ----a-w- c:\windows\system32\atiok3x2.dll
2011-11-18 20:59 . 2009-05-16 02:31 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-18 20:59 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-11-18 20:53 . 2008-08-21 01:11 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-11-18 20:52 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-18 20:52 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-18 20:52 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-18 14:27 . 2011-05-15 20:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:40 . 2011-02-15 22:04 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-10-06 20:29 . 2011-10-06 20:29 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-03 03:06 . 2010-05-09 19:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2008-10-07 17:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-05 09:56 . 2011-05-25 19:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-06 . 0C2F6B6366E23D7362EB2C2EC29262F6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33 2515552 -c--a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-03-05 2573536]
"QuickTime Task"="c:\program files\QT Lite\qttask.exe" [2009-11-10 417792]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-18 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2011-10-21 81997]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-16 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"e:\\Games\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"e:\\Games\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"e:\\Games\\Prototype\\prototypef.exe"=
"e:\\Games\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"e:\\Games1\\DiRT2\\dirt2_game.exe"=
"e:\\Games1\\GRID\\GRID.exe"=
"e:\\Games1\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"e:\\Games1\\Split Second\\SplitSecond.exe"=
"e:\\Games1\\StarCraft II\\StarCraft II.exe"=
"e:\\Games1\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"e:\\Steam\\steamapps\\abbottaker1\\team fortress 2\\hl2.exe"=
"e:\\Games1\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Miranda IM KP v5.0.9.16\\miranda32.exe"=
"e:\\Games1\\F.E.A.R. 3\\F.E.A.R. 3.exe"=
"e:\\Steam\\steam.exe"=
"e:\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"e:\\Steam\\steamapps\\common\\deus ex - human revolution\\dxhr.exe"=
"e:\\Games1\\Dead Space2\\deadspace2.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead 2\\srcds.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2008 18:45 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.4.2011 21:43 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.10.2008 17:24 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.2.2011 15:02 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.10.2008 17:24 20568]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [15.2.2011 23:04 100368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1ca0321c96bb084;Služba Google Update (gupdate1ca0321c96bb084);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2009 19:51 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2009 19:51 133104]
S3 MSICDSetup;MSICDSetup;\??\f:\cdriver.sys --> f:\CDriver.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 18:51]
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 18:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://www.gomplayer.com/codec/search.html?typ ... 805F6CBBEA}
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\ioo6ca3b.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-NWEReboot - (no file)
AddRemove-Convert PDF To Image_is1 - c:\program files\Softinterface
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-13 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1220945662-583907252-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:09,8e,68,ef,30,e5,75,e1,5b,66,e4,1b,bb,15,df,cb,38,e6,cb,2f,cc,47,b8,
2c,fd,e0,38,0e,c6,d5,e3,9b,ea,50,05,87,68,15,2f,65,f0,71,d0,54,8a,81,e9,0e,\
"??"=hex:95,e7,13,9c,8b,10,ba,7d,9c,f6,f6,3b,4e,5b,94,3c
.
[HKEY_USERS\S-1-5-21-1220945662-583907252-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,a7,22,b9,cc,eb,f5,6b,4b,aa,44,29,39,bb,d5,fd,41,9c,70,48,a3,
09,c3,40,f1,f6,de,03,16,c8,b9,24,6d,89,96,5a,23,eb,f8,b0,fb,a6,ff,40,ad,b5,\
"rkeysecu"=hex:62,30,78,bb,11,60,74,63,85,05,c1,05,40,29,92,19
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3276)
c:\program files\Logitech\Profiler\LWEHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Sygate\SPF\smc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\Rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-12-13 23:20:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-13 22:20
.
Před spuštěním: Volných bajtů: 29 616 431 104
Po spuštění: Volných bajtů: 29 418 901 504
.
- - End Of File - - 5A3F2D655AEFD808DC67E329EC53A803

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Firefox::
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\ioo6ca3b.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Abbott.Avi]

docistime? ja jsem pres ten combofix dal pouze log, nenechal jsem ho nic opravovat, to jenom rikam, pro kontrolu, ze nic neopravoval ani nemazal...

[Rudy]

CF mazal a opravoval. V logu viz "ostatní výmazy" a "ovladače/služby" (mimochodem glaide32 je rootkit). Pokud CF spustíte, opravuje a maže to, co má v databázi ke smazání sám od sebe. Druhý sken po vás chci proto, že ten komp dočistí od samovolného přestavení homepage ve Firefoxu, která vzniká instalací QIP.

[Abbott.Avi]

jasne, uz tomu rozumim, prikladam log po tom docisteni:

ComboFix 11-12-13.03 - Petr 14.12.2011 21:10:54.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1232 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\settings.reg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-14 do 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-13 20:43 . 2011-12-13 20:43 -------- d-----w- c:\program files\trend micro
2011-12-13 20:43 . 2011-12-13 20:43 -------- d-----w- C:\rsit
2011-11-26 11:04 . 2011-12-11 09:10 -------- d-----w- c:\program files\FreeRapid-0.86u1
2011-11-23 17:27 . 2011-11-23 17:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-11-23 17:22 . 2011-11-23 17:22 -------- d-----w- c:\program files\AMD APP
2011-11-19 22:54 . 2011-11-19 22:54 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Chromium
2011-11-19 22:25 . 2011-11-19 22:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Rockstar Games
2011-11-18 15:52 . 2011-11-18 15:52 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-18 15:52 . 2011-11-18 15:52 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-11-18 15:51 . 2011-11-18 15:51 13950464 ----a-w- c:\windows\system32\amdocl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-11-14 07:53 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-10-07 16:24 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-04-14 20:43 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-10-07 16:24 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-10-07 16:24 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-10-07 16:24 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-10-07 16:24 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2008-10-07 16:24 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-10-07 16:24 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2008-10-07 16:24 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-18 22:33 . 2008-08-21 04:52 7413248 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-11-18 22:30 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-11-18 22:01 . 2009-05-16 01:35 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-18 22:01 . 2009-05-16 01:34 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-18 21:57 . 2009-05-16 01:33 5890048 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-18 21:42 . 2009-05-16 02:55 19025920 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-18 21:35 . 2010-08-03 19:47 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-18 21:34 . 2008-08-21 02:18 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-11-18 21:33 . 2008-08-21 01:55 4004928 ----a-w- c:\windows\system32\ati3duag.dll
2011-11-18 21:26 . 2011-01-26 22:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-11-18 21:14 . 2008-08-21 01:38 3286400 ----a-w- c:\windows\system32\ativvaxx.dll
2011-11-18 21:13 . 2009-05-16 03:18 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-18 21:13 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-18 21:13 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-11-18 21:13 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-18 21:13 . 2009-05-16 03:17 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-11-18 21:11 . 2009-05-16 03:15 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-18 21:10 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-11-18 21:09 . 2010-08-03 19:47 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-18 21:04 . 2009-05-16 02:33 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-11-18 21:00 . 2009-05-16 02:26 499712 ----a-w- c:\windows\system32\atiok3x2.dll
2011-11-18 20:59 . 2009-05-16 02:31 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-18 20:59 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-11-18 20:53 . 2008-08-21 01:11 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-11-18 20:52 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-18 20:52 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-18 20:52 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-18 14:27 . 2011-05-15 20:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 17:40 . 2011-02-15 22:04 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-10-06 20:29 . 2011-10-06 20:29 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-03 03:06 . 2010-05-09 19:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2008-10-07 17:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-05 09:56 . 2011-05-25 19:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-06 . 0C2F6B6366E23D7362EB2C2EC29262F6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-12-13_22.15.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 19:23 . 2011-12-14 19:23 16384 c:\windows\Temp\Perflib_Perfdata_464.dat
- 2005-01-10 10:15 . 2005-01-10 10:15 20992 c:\windows\system32\sfman32.dll
+ 2005-01-10 17:15 . 2005-01-10 17:15 20992 c:\windows\system32\sfman32.dll
+ 2011-12-14 15:41 . 2003-10-02 17:48 53248 c:\windows\system32\ReinstallBackups\0014\DriverFiles\P17CPI.dll
+ 2011-12-14 15:41 . 2005-05-03 11:38 64512 c:\windows\system32\ReinstallBackups\0014\DriverFiles\P17.dll
+ 2011-12-14 15:41 . 2004-08-17 13:57 23552 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\wdmaud.drv
+ 2011-12-14 15:41 . 2004-07-09 03:27 48512 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\stream.sys
+ 2011-12-14 15:41 . 2005-01-10 17:15 20992 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\sfman32.dll
+ 2011-12-14 15:41 . 2004-08-03 22:08 60288 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\drmk.sys
+ 2011-12-14 15:41 . 2002-04-11 08:41 65536 c:\windows\system32\ReinstallBackups\0014\DriverFiles\A3d.dll
+ 2003-10-02 17:48 . 2003-10-02 17:48 53248 c:\windows\system32\P17CPI.dll
- 2003-10-02 10:48 . 2003-10-02 10:48 53248 c:\windows\system32\P17CPI.dll
- 2005-05-03 11:38 . 2005-05-03 11:38 64512 c:\windows\system32\P17.dll
+ 2005-05-03 11:38 . 2005-05-03 18:38 64512 c:\windows\system32\P17.DLL
- 2002-04-11 01:41 . 2002-04-11 01:41 65536 c:\windows\system32\dllcache\a3d.dll
+ 2002-04-11 08:41 . 2002-04-11 08:41 65536 c:\windows\system32\dllcache\a3d.dll
- 2002-04-11 01:41 . 2002-04-11 01:41 65536 c:\windows\system32\A3d.dll
+ 2002-04-11 08:41 . 2002-04-11 08:41 65536 c:\windows\system32\A3d.dll
- 2005-05-03 11:35 . 2005-05-03 11:35 20480 c:\windows\P17DEF.EXE
+ 2005-05-03 18:35 . 2005-05-03 18:35 20480 c:\windows\P17DEF.EXE
- 2002-12-03 09:16 . 2002-12-03 09:16 49152 c:\windows\MIDIDEF.EXE
+ 2002-12-03 16:16 . 2002-12-03 16:16 49152 c:\windows\MIDIDEF.EXE
+ 2008-10-23 19:00 . 2005-06-15 10:07 11264 c:\windows\INRES.DLL
- 2008-10-23 19:00 . 2005-06-15 03:07 11264 c:\windows\INRES.DLL
+ 2011-12-14 15:41 . 2004-12-22 18:58 8704 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\Pfmodnt.sys
+ 2011-12-14 15:41 . 2002-12-11 23:14 4096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
- 2004-12-22 11:58 . 2004-12-22 11:58 8704 c:\windows\system32\drivers\Pfmodnt.sys
+ 2004-12-22 18:58 . 2004-12-22 18:58 8704 c:\windows\system32\drivers\Pfmodnt.sys
+ 2005-01-10 17:15 . 2005-01-10 17:15 115200 c:\windows\system32\sfms32.dll
- 2005-01-10 10:15 . 2005-01-10 10:15 115200 c:\windows\system32\sfms32.dll
+ 2011-12-14 15:41 . 2005-06-13 12:03 137728 c:\windows\system32\ReinstallBackups\0014\DriverFiles\P17res.dll
+ 2011-12-14 15:41 . 2005-01-10 17:15 115200 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\sfms32.dll
+ 2011-12-14 15:41 . 2004-03-16 08:58 136960 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\portcls.sys
+ 2011-12-14 15:41 . 2005-01-10 17:15 138752 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ctsfm2k.sys
+ 2011-12-14 15:41 . 2005-01-10 17:15 106496 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ctoss2k.sys
+ 2011-12-14 15:41 . 2005-06-27 10:37 133632 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\CtDvInst.dll
+ 2005-06-13 12:03 . 2005-06-13 12:03 137728 c:\windows\system32\P17res.dll
- 2005-06-13 05:03 . 2005-06-13 05:03 137728 c:\windows\system32\P17res.dll
- 2011-12-02 14:24 . 2011-12-02 14:24 267800 c:\windows\system32\FNTCACHE.DAT
+ 2011-12-14 19:22 . 2011-12-14 19:22 267800 c:\windows\system32\FNTCACHE.DAT
- 2003-04-02 07:13 . 2003-04-02 07:13 139264 c:\windows\system32\EAX.DLL
+ 2003-04-02 14:13 . 2003-04-02 14:13 139264 c:\windows\system32\EAX.DLL
+ 2005-01-10 17:15 . 2005-01-10 17:15 138752 c:\windows\system32\drivers\ctsfm2k.sys
- 2005-01-10 10:15 . 2005-01-10 10:15 138752 c:\windows\system32\drivers\ctsfm2k.sys
- 2005-01-10 10:15 . 2005-01-10 10:15 106496 c:\windows\system32\drivers\ctoss2k.sys
+ 2005-01-10 17:15 . 2005-01-10 17:15 106496 c:\windows\system32\drivers\ctoss2k.sys
+ 2006-11-23 07:55 . 2006-11-23 07:55 782336 c:\windows\OALInst.exe
+ 2011-12-14 15:41 . 2007-06-15 09:47 1127936 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\P17.sys
+ 2007-06-15 09:47 . 2007-06-15 09:47 1127936 c:\windows\system32\drivers\P17.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33 2515552 -c--a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-03-05 2573536]
"QuickTime Task"="c:\program files\QT Lite\qttask.exe" [2009-11-10 417792]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-18 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2011-10-21 81997]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-16 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"e:\\Games\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"e:\\Games\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"e:\\Games\\Prototype\\prototypef.exe"=
"e:\\Games\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"e:\\Games1\\DiRT2\\dirt2_game.exe"=
"e:\\Games1\\GRID\\GRID.exe"=
"e:\\Games1\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"e:\\Games1\\Split Second\\SplitSecond.exe"=
"e:\\Games1\\StarCraft II\\StarCraft II.exe"=
"e:\\Games1\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"e:\\Steam\\steamapps\\abbottaker1\\team fortress 2\\hl2.exe"=
"e:\\Games1\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Miranda IM KP v5.0.9.16\\miranda32.exe"=
"e:\\Games1\\F.E.A.R. 3\\F.E.A.R. 3.exe"=
"e:\\Steam\\steam.exe"=
"e:\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"e:\\Steam\\steamapps\\common\\deus ex - human revolution\\dxhr.exe"=
"e:\\Games1\\Dead Space2\\deadspace2.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead 2\\srcds.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"e:\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2008 18:45 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.4.2011 21:43 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.10.2008 17:24 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.2.2011 15:02 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.10.2008 17:24 20568]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [15.2.2011 23:04 100368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1ca0321c96bb084;Služba Google Update (gupdate1ca0321c96bb084);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2009 19:51 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2009 19:51 133104]
S3 MSICDSetup;MSICDSetup;\??\f:\cdriver.sys --> f:\CDriver.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 18:51]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 18:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://www.gomplayer.com/codec/search.html?typ ... 805F6CBBEA}
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\ioo6ca3b.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 21:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1220945662-583907252-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:09,8e,68,ef,30,e5,75,e1,5b,66,e4,1b,bb,15,df,cb,38,e6,cb,2f,cc,47,b8,
2c,fd,e0,38,0e,c6,d5,e3,9b,ea,50,05,87,68,15,2f,65,f0,71,d0,54,8a,81,e9,0e,\
"??"=hex:95,e7,13,9c,8b,10,ba,7d,9c,f6,f6,3b,4e,5b,94,3c
.
[HKEY_USERS\S-1-5-21-1220945662-583907252-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,a7,22,b9,cc,eb,f5,6b,4b,aa,44,29,39,bb,d5,fd,41,9c,70,48,a3,
09,c3,40,f1,f6,de,03,16,c8,b9,24,6d,89,96,5a,23,eb,f8,b0,fb,a6,ff,40,ad,b5,\
"rkeysecu"=hex:62,30,78,bb,11,60,74,63,85,05,c1,05,40,29,92,19
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Celkový čas: 2011-12-14 21:19:01
ComboFix-quarantined-files.txt 2011-12-14 20:18
ComboFix2.txt 2011-12-13 22:20
.
Před spuštěním: Volných bajtů: 29 960 519 680
Po spuštění: Volných bajtů: 30 106 415 104
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - CF430C8CE326C1763B9EC8C857D74ABC

[Rudy]

Už to vypadá OK. Nastala nějaká změna?

[Abbott.Avi]

No zustala tam ta zmena hlasitosti i veskere hudby, videa, preinstalovaval jsem i driver zvukovky, zkousel, bedny funguji jak maji, vse je zapojene, asi to nebude nejakou haveti, vypada to na hw chybu nebo na to, ze se bijou nejake kodeky nebo ovladace hlasitosti mezi sebou, ale koukal jsem do spravce, a nic nebezi navic, pokud jsem ve winampu, tak zadny jiny prehravac nebo dva ovladace zvuku nejdou v tutez dobu,...ale to uz s viry nesouvisi, DEKUJI moc za pomoc

[Rudy]

Zkuste se podívat nejdříve na ty kodeky. Doporučuji, aby byl v PC pouze jeden balík kodeků.

[Abbott.Avi]

koukl bych se, ale nevim jak zjistim jake kodeky jsou v pc nainstalovany, je na to nejaky program, ktery by mi to ukazal? problem je, ale v tom, ze jsem nic neinstaloval, nic nedelal, proste jednoho pekneho dne ten zvuk zacal stoupat, klesat...

[Rudy]

Podívejte se do přidat/ubrat programy. Tam je vše, co je v PC nainstalováno.

[Abbott.Avi]

nasel jsem totov programech instalovanych na tomto PC: (umite mi rict k tomu nejaky komentar, treba co vymazat, nebo nahradit jinym kodekem, treba k-lite apod.)
----------------------------------

CD Audio Reader filter
CDex Open source digital audio extractor
DCoder image source
Direct VOBSub
DTS+AC3 CELI
ffdshow (rev 3124) (2009-11-03)
FFMPEG Core files
Gabest MPEG Splitter
MONOGRAM AMR Splitter Decoder
MPEG-2 Code (libmeg2/mad)
Open Source AVI Splitter
Open Source DTS/AC3/DD+Source filter
Open Source Flash Video
SHOUTcast Source
Windows Media Format 11 runtime
Windows Media Player Firefox plugin

[Rudy]

Tohle:

FFMPEG Core files

je kodek. Přeinstalujte, případně nainstalujte jiný: Zde si můžete vybrat: http://www.stahuj.centrum.cz/multimedia/kodeky/ .

[Abbott.Avi]

Dobre, vyzkousim, ale vypada to na HW problem, presto diky moc za cas a konrolu logu a pomoc