komp sa spomaluje ,nenacitava urcite webove stranky

[hinatahyuuga]

Logfile of random's system information tool 1.08 (written by random/random)
Run by o at 2010-07-25 17:34:51
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (16%) free of 39 GB
Total RAM: 1271 MB (57% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for o.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"EVEREST AutoStart"=C:\Documents and Settings\o\Dokumenty\everest\EVEREST Ultimate Edition 5.00.1667 Beta\everest.exe [2009-02-22 2361952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-20 26192680]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-07-12 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0xB1000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Games\hon\hon.exe"="C:\Games\hon\hon.exe:*:Enabled:Heroes of Newerth"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Games\HL2 Coop Client\hl2.exe"="C:\Games\HL2 Coop Client\hl2.exe:*:Enabled:hl2"
"C:\Games\cs\hl.exe"="C:\Games\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe"="C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\ijji\ENGLISH\Gunzs\Gunz.exe"="C:\ijji\ENGLISH\Gunzs\Gunz.exe:*:Enabled:Gunz"
"C:\Games\HonourGunZ\theduel.exe"="C:\Games\HonourGunZ\theduel.exe:*:Enabled:Xiao's Runnable"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe"="C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe"="C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\Cyanide\Loki\Loki.exe"="C:\Program Files\Cyanide\Loki\Loki.exe:*:Enabled:Loki"
"C:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe"="C:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Unreal Tournament 3\Binaries\UnrealConsole.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UnrealConsole.exe:*:Enabled:UnrealConsole"
"C:\UT2003\System\UT2003.exe"="C:\UT2003\System\UT2003.exe:*:Enabled:UT2003"
"C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe"="C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\games\Dimensity\Bin\DimensityPL.exe"="E:\games\Dimensity\Bin\DimensityPL.exe:*:Enabled:DimensityPL.exe"
"C:\Documents and Settings\o\Plocha\Rune - Co-op 3\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE"="C:\Documents and Settings\o\Plocha\Rune - Co-op 3\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE:*:Enabled:RUNE"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"E:\games\KillingFloor\System\KillingFloor.exe"="E:\games\KillingFloor\System\KillingFloor.exe:*:Enabled:KillingFloor"
"E:\torentr\Half Life 2\HL2TakeTwo\HL2\hl2.exe"="E:\torentr\Half Life 2\HL2TakeTwo\HL2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Counter-Strike\hl.exe"="C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\games\Counter-Strike Source\hl2.exe"="E:\games\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"E:\games\hl2\Half-Life 2 Deathmatch\hl2.exe"="E:\games\hl2\Half-Life 2 Deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\hl2\Half-Life 2 Deathmatch\hl2.exe"="C:\Program Files\Steam\hl2\Half-Life 2 Deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Counter-Strike Source\hl2.exe"="C:\Program Files\Steam\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"E:\games\RakionIS\Bin\rakion.bin"="E:\games\RakionIS\Bin\rakion.bin:*:Enabled:rakion"
"E:\games\WolfTeam\Wolfteam.bin"="E:\games\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"E:\games\heroes 5\bin\H5_Game.exe"="E:\games\heroes 5\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-25 17:34:52 ----D---- C:\Program Files\trend micro
2010-07-25 17:34:51 ----D---- C:\rsit
2010-07-25 16:43:59 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1
2010-07-25 16:33:35 ----D---- C:\Program Files\CCleaner
2010-07-25 16:28:52 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-23 10:30:32 ----D---- C:\Program Files\ZC2.10
2010-07-18 20:16:06 ----D---- C:\Program Files\Common Files\Akamai
2010-07-18 12:40:23 ----D---- C:\Program Files\Common Files\PocketSoft
2010-07-18 12:39:28 ----A---- C:\WINDOWS\system32\drivers\ACEDRV05.sys
2010-07-18 10:45:04 ----D---- C:\Program Files\Common Files\Audio
2010-07-15 09:49:28 ----D---- C:\Program Files\directx
2010-07-15 09:20:19 ----D---- C:\Program Files\Vivendi Universal Games
2010-07-14 13:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 13:24:10 ----A---- C:\WINDOWS\system32\MRT.INI
2010-07-14 12:43:08 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-07-13 22:30:08 ----A---- C:\WINDOWS\system32\apl001.sys
2010-07-13 22:30:08 ----A---- C:\WINDOWS\system32\apf001.sys
2010-07-12 13:44:39 ----D---- C:\Program Files\Steam
2010-07-12 10:27:37 ----D---- C:\Program Files\MagicISO
2010-07-03 13:57:16 ----A---- C:\WINDOWS\TSearch.INI

======List of files/folders modified in the last 1 months======

2010-07-25 17:34:52 ----RD---- C:\Program Files
2010-07-25 17:25:51 ----D---- C:\Documents and Settings\o\Data aplikací\Skype
2010-07-25 17:14:19 ----D---- C:\WINDOWS\Temp
2010-07-25 17:13:02 ----D---- C:\WINDOWS
2010-07-25 17:12:42 ----D---- C:\Documents and Settings\o\Data aplikací\skypePM
2010-07-25 16:58:56 ----D---- C:\WINDOWS\Prefetch
2010-07-25 16:48:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-25 16:45:00 ----SHD---- C:\WINDOWS\Installer
2010-07-25 16:42:52 ----D---- C:\Program Files\Mozilla Firefox
2010-07-25 16:35:20 ----D---- C:\WINDOWS\Debug
2010-07-25 16:35:16 ----D---- C:\WINDOWS\Minidump
2010-07-25 16:28:52 ----D---- C:\WINDOWS\system32
2010-07-24 12:52:26 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-07-23 20:39:38 ----D---- C:\Documents and Settings\o\Data aplikací\Hamachi
2010-07-23 15:43:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-23 13:34:37 ----D---- C:\Program Files\Garena
2010-07-23 10:48:49 ----D---- C:\WINDOWS\system32\DirectX
2010-07-23 10:48:35 ----HD---- C:\WINDOWS\inf
2010-07-23 08:52:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-22 12:19:12 ----D---- C:\WINDOWS\system32\drivers
2010-07-21 16:02:36 ----D---- C:\WINDOWS\WinSxS
2010-07-21 15:03:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2010-07-21 11:34:30 ----D---- C:\Program Files\uTorrent
2010-07-18 20:16:06 ----D---- C:\Program Files\Common Files
2010-07-18 10:01:16 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-07-14 13:28:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 13:25:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-08 14:03:21 ----D---- C:\Program Files\Counter-Strike 1.6
2010-07-07 14:16:02 ----SD---- C:\Documents and Settings\o\Data aplikací\Microsoft
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-03 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-06-17 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-06-17 25416]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-07-25 176640]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-06-21 17480]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-15 612416]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 ahrozni2;ahrozni2; C:\WINDOWS\system32\drivers\ahrozni2.sys []
S3 Amsmpu4p;Amsmpu4p; \??\C:\DOCUME~1\o\LOCALS~1\Temp\Amsmpu4p.sys []
S3 apf001;apf001; \??\E:\games\RakionIS\Bin\apf001.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CEDRIVER55;CEDRIVER55; \??\C:\Program Files\Cheat Engine\dbk32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\o\LOCALS~1\Temp\JJJ182.tmp []
S3 LLRING0;LLRING0; \??\C:\Program Files\MU\MuGuard\llck1.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 XDva352;XDva352; \??\C:\WINDOWS\system32\XDva352.sys []
S3 XDva354;XDva354; \??\C:\WINDOWS\system32\XDva354.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-12 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 gupdate1caebb4f1d6b060;Služba Google Update (gupdate1caebb4f1d6b060); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-05-03 3658096]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Zdravim , pocitac je celkom dost spomaleny ..internet tiez plus niektore stranky, ako su facebook , pokec ...mi niekedy nenacita vobec ...

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[hinatahyuuga]

problem je v tom ze ani stranku na download combo fixu mi nechce nacitat...

[Rudy]

Zkuste tenhle, co je v příloze.

ComboFix.rar

(3.57 MiB) Staženo 65 x

[hinatahyuuga]

ComboFix 10-07-24.03 - o 25.07.2010 18:15:54.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1271.934 [GMT 2:00]
Spuštěný z: c:\documents and settings\o\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\o\Local Settings\Tempcheck.exe
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-25 do 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-25 15:34 . 2010-07-25 15:34 -------- d-----w- c:\program files\trend micro
2010-07-25 15:34 . 2010-07-25 15:34 -------- d-----w- C:\rsit
2010-07-25 14:43 . 2010-07-25 14:44 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-25 14:33 . 2010-07-25 14:33 -------- d-----w- c:\program files\CCleaner
2010-07-23 08:30 . 2010-07-23 08:30 -------- d-----w- c:\program files\ZC2.10
2010-07-18 18:16 . 2010-07-25 16:09 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-18 10:40 . 2010-07-18 10:40 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-18 10:39 . 2010-07-18 10:39 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2010-07-18 10:19 . 2010-07-18 10:19 151 ----a-w- c:\documents and settings\o\check.bat
2010-07-18 08:45 . 2010-07-18 10:19 -------- d-----w- c:\program files\Common Files\Audio
2010-07-18 07:33 . 2010-07-18 07:33 1 ----a-w- c:\windows\system32\SI.bin
2010-07-15 07:49 . 2010-07-15 07:49 -------- d-----w- c:\program files\directx
2010-07-15 07:20 . 2010-07-15 07:20 -------- d-----w- c:\program files\Vivendi Universal Games
2010-07-14 10:43 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-07-13 20:30 . 2010-07-13 20:30 12920 ----a-w- c:\windows\system32\apl001.sys
2010-07-13 20:30 . 2010-07-13 20:30 10872 ----a-w- c:\windows\system32\apf001.sys
2010-07-12 11:44 . 2010-07-25 15:12 -------- d-----w- c:\program files\Steam
2010-07-12 08:27 . 2010-07-25 14:42 -------- d-----w- c:\program files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 14:48 . 2010-05-02 16:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 13:43 . 2010-05-19 16:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-23 11:34 . 2010-06-22 15:07 -------- d-----w- c:\program files\Garena
2010-07-21 09:34 . 2010-05-03 13:44 -------- d-----w- c:\program files\uTorrent
2010-07-18 10:19 . 2010-07-18 10:19 151 ----a-w- c:\documents and settings\o\check.bat
2010-07-18 08:01 . 2010-05-08 18:29 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-08 12:03 . 2010-06-04 14:41 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-06-23 11:23 . 2001-10-25 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 11:23 . 2001-10-25 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 15:55 . 2010-06-22 15:55 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-21 15:45 . 2010-06-21 15:44 -------- d-----w- c:\program files\Hamachi
2010-06-21 15:44 . 2010-06-21 15:44 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-17 13:28 . 2010-06-17 13:28 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-17 13:28 . 2010-06-17 13:28 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-14 14:30 . 2010-05-02 09:39 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 06:20 . 2010-06-12 06:20 -------- d-----w- c:\program files\Common Files\Java
2010-06-12 06:19 . 2010-06-12 06:20 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 06:19 . 2010-06-12 06:19 -------- d-----w- c:\program files\Java
2010-06-07 12:33 . 2010-05-28 11:29 -------- d-----w- c:\program files\Cheat Engine
2010-06-03 11:43 . 2010-05-22 08:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-31 17:01 . 2010-05-31 17:00 -------- d-----w- c:\program files\Drawing for Children
2010-05-31 12:17 . 2010-05-31 12:17 -------- d-----w- c:\program files\MSBuild
2010-05-31 12:16 . 2010-05-31 12:16 -------- d-----w- c:\program files\Reference Assemblies
2010-05-31 11:27 . 2010-05-31 11:27 -------- d-----w- c:\program files\MSXML 6.0
2010-05-31 07:00 . 2010-05-02 16:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-28 11:24 . 2010-05-28 11:24 -------- d-----w- c:\program files\SSIII Solo Ultratus
2010-05-22 10:02 . 2010-05-22 08:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-22 10:02 . 2010-05-22 08:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-11 18:32 . 2010-05-11 18:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-09 18:44 . 2010-05-09 18:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-06 20:59 . 2010-05-03 13:38 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-05-03 13:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-05-03 13:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-05-03 13:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-05-03 13:39 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-05-03 13:39 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-05-03 13:39 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-05-03 13:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 18:00 . 2010-05-03 18:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-03 13:58 . 2010-05-03 13:58 0 ----a-w- c:\windows\nsreg.dat
2010-05-03 11:40 . 2010-05-02 09:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-03 11:40 . 2010-05-02 09:41 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-05-03 11:39 . 2010-05-02 09:42 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-02 09:39 . 2010-05-02 09:39 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-02 08:27 . 2004-08-17 13:44 1850880 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="c:\documents and settings\o\Dokumenty\everest\EVEREST Ultimate Edition 5.00.1667 Beta\everest.exe" [2009-02-22 2361952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Steam"="c:\program files\Steam\Steam.exe" [2010-07-12 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\o\\Plocha\\Rune - Co-op 3\\Rune - Co-op\\RUNE\\SYSTEM\\RUNE.EXE"=
"c:\\Program Files\\Garena\\Garena.exe"=
"e:\\torentr\\Half Life 2\\HL2TakeTwo\\HL2\\hl2.exe"=
"c:\\Program Files\\Steam\\hl2\\Half-Life 2 Deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57761:TCP"= 57761:TCP:Pando Media Booster
"57761:UDP"= 57761:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6983:TCP"= 6983:TCP:League of Legends Launcher
"6983:UDP"= 6983:UDP:League of Legends Launcher
"6969:TCP"= 6969:TCP:League of Legends Launcher
"6969:UDP"= 6969:UDP:League of Legends Launcher
"1608:UDP"= 1608:UDP:Dimensity
"1900:TCP"= 1900:TCP:UPnP
"1892:UDP"= 1892:UDP:Dimensity
"2005:UDP"= 2005:UDP:Dimensity
"2149:UDP"= 2149:UDP:Dimensity
"1340:UDP"= 1340:UDP:Dimensity
"4044:UDP"= 4044:UDP:Dimensity
"1081:TCP"= 1081:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.5.2010 15:39 164048]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.8.2004 15:49 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.5.2010 15:39 19024]
S2 gupdate1caebb4f1d6b060;Služba Google Update (gupdate1caebb4f1d6b060);c:\program files\Google\Update\GoogleUpdate.exe [4.5.2010 20:09 133104]
S3 apf001;apf001;\??\e:\games\RakionIS\Bin\apf001.sys --> e:\games\RakionIS\Bin\apf001.sys [?]
S3 CEDRIVER55;CEDRIVER55;c:\program files\Cheat Engine\dbk32.sys [28.5.2010 13:29 60416]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\o\LOCALS~1\Temp\JJJ182.tmp --> c:\docume~1\o\LOCALS~1\Temp\JJJ182.tmp [?]
S3 LLRING0;LLRING0;\??\c:\program files\MU\MuGuard\llck1.sys --> c:\program files\MU\MuGuard\llck1.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva354;XDva354;\??\c:\windows\system32\XDva354.sys --> c:\windows\system32\XDva354.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.5.2010 20:00 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 18:09]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 18:09]

2010-07-23 c:\windows\Tasks\Norton Security Scan for o.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-18 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
FF - ProfilePath - c:\documents and settings\o\Data aplikací\Mozilla\Firefox\Profiles\x0yc09xn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
AddRemove-Fighting Force - c:\program files\Core Design Ltd.\Fighting Force\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 18:23
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3725.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\o\LOCALS~1\Temp\JJJ182.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-790525478-1708537768-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e4,ff,94,61,8b,94,0d,80,e0,63,cb,85,99,af,84,fb,4b,78,3e,1d,2d,
31,34,8a,36,ce,9a,58,af,19,27,2a,1e,49,1c,bf,70,2a,e2,28,e5,ff,f3,be,8f,16,\
"rkeysecu"=hex:d1,35,45,51,a8,a0,73,b9,d7,1b,25,77,62,6c,9c,16
.
Celkový čas: 2010-07-25 18:26:37
ComboFix-quarantined-files.txt 2010-07-25 16:26

Před spuštěním: 6 302 896 128
Po spuštění: 6 357 233 664

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 816938CDDBDA5D1A05AF1E417A598D54

[Rudy]

Ještě dočistíme. Otevřte poznámkový bloki a zkopírujte do něj:

Folder::
c:\program files\Common Files\Akamai

Collect::
c:\windows\system32\SI.bin
c:\windows\system32\XDva352.sys
c:\windows\system32\XDva354.sys

Driver::
XDva352
XDva354
Akamai

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.



Dále bych poprosil otestovat online na www.virustotal.com tyto soubory:

c:\windows\system32\apl001.sys
c:\windows\system32\apf001.sys

[hinatahyuuga]

ComboFix 10-07-24.03 - o 25.07.2010 19:06:29.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1271.877 [GMT 2:00]
Spuštěný z: c:\documents and settings\o\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\o\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\SI.bin
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Akamai
c:\program files\Common Files\Akamai\AdminTool.exe
c:\program files\Common Files\Akamai\appregistry.dat
c:\program files\Common Files\Akamai\Cache\487c92a228fe603c9f176651c82f628808fffd85.rsmd
c:\program files\Common Files\Akamai\client.ini
c:\program files\Common Files\Akamai\client.ini.json
c:\program files\Common Files\Akamai\ControlPanel.exe
c:\program files\Common Files\Akamai\CplTasks.xml
c:\program files\Common Files\Akamai\data.dat
c:\program files\Common Files\Akamai\debug.log
c:\program files\Common Files\Akamai\euc_state.json
c:\program files\Common Files\Akamai\guid.ini
c:\program files\Common Files\Akamai\Languages\csy.dll
c:\program files\Common Files\Akamai\Languages\dan.dll
c:\program files\Common Files\Akamai\Languages\deu.dll
c:\program files\Common Files\Akamai\Languages\esp.dll
c:\program files\Common Files\Akamai\Languages\fin.dll
c:\program files\Common Files\Akamai\Languages\fra.dll
c:\program files\Common Files\Akamai\Languages\chs.dll
c:\program files\Common Files\Akamai\Languages\cht.dll
c:\program files\Common Files\Akamai\Languages\ita.dll
c:\program files\Common Files\Akamai\Languages\jpn.dll
c:\program files\Common Files\Akamai\Languages\kor.dll
c:\program files\Common Files\Akamai\Languages\nld.dll
c:\program files\Common Files\Akamai\Languages\nor.dll
c:\program files\Common Files\Akamai\Languages\plk.dll
c:\program files\Common Files\Akamai\Languages\ptb.dll
c:\program files\Common Files\Akamai\Languages\rus.dll
c:\program files\Common Files\Akamai\Languages\sve.dll
c:\program files\Common Files\Akamai\Languages\trk.dll
c:\program files\Common Files\Akamai\Readme.txt
c:\program files\Common Files\Akamai\root.pem
c:\program files\Common Files\Akamai\rswin_3725.dll
c:\program files\Common Files\Akamai\rswinui.exe
c:\program files\Common Files\Akamai\uninstall.exe
c:\program files\Common Files\Akamai\vcredist_x86.exe
c:\windows\system32\SI.bin

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AKAMAI
-------\Legacy_XDVA352
-------\Legacy_XDVA354
-------\Service_Akamai
-------\Service_XDva352
-------\Service_XDva354


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-25 do 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-25 15:34 . 2010-07-25 15:34 -------- d-----w- c:\program files\trend micro
2010-07-25 15:34 . 2010-07-25 15:34 -------- d-----w- C:\rsit
2010-07-25 14:43 . 2010-07-25 14:44 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-25 14:33 . 2010-07-25 14:33 -------- d-----w- c:\program files\CCleaner
2010-07-23 08:30 . 2010-07-23 08:30 -------- d-----w- c:\program files\ZC2.10
2010-07-18 10:40 . 2010-07-18 10:40 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-18 10:39 . 2010-07-18 10:39 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2010-07-18 10:19 . 2010-07-18 10:19 151 ----a-w- c:\documents and settings\o\check.bat
2010-07-18 08:45 . 2010-07-18 10:19 -------- d-----w- c:\program files\Common Files\Audio
2010-07-15 07:49 . 2010-07-15 07:49 -------- d-----w- c:\program files\directx
2010-07-15 07:20 . 2010-07-15 07:20 -------- d-----w- c:\program files\Vivendi Universal Games
2010-07-14 10:43 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-07-13 20:30 . 2010-07-13 20:30 12920 ----a-w- c:\windows\system32\apl001.sys
2010-07-13 20:30 . 2010-07-13 20:30 10872 ----a-w- c:\windows\system32\apf001.sys
2010-07-12 11:44 . 2010-07-25 17:15 -------- d-----w- c:\program files\Steam
2010-07-12 08:27 . 2010-07-25 14:42 -------- d-----w- c:\program files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 14:48 . 2010-05-02 16:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 13:43 . 2010-05-19 16:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-23 11:34 . 2010-06-22 15:07 -------- d-----w- c:\program files\Garena
2010-07-21 09:34 . 2010-05-03 13:44 -------- d-----w- c:\program files\uTorrent
2010-07-18 10:19 . 2010-07-18 10:19 151 ----a-w- c:\documents and settings\o\check.bat
2010-07-18 08:01 . 2010-05-08 18:29 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-08 12:03 . 2010-06-04 14:41 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-06-23 11:23 . 2001-10-25 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 11:23 . 2001-10-25 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 15:55 . 2010-06-22 15:55 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-21 15:45 . 2010-06-21 15:44 -------- d-----w- c:\program files\Hamachi
2010-06-21 15:44 . 2010-06-21 15:44 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-17 13:28 . 2010-06-17 13:28 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-17 13:28 . 2010-06-17 13:28 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-14 14:30 . 2010-05-02 09:39 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 06:20 . 2010-06-12 06:20 -------- d-----w- c:\program files\Common Files\Java
2010-06-12 06:19 . 2010-06-12 06:20 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 06:19 . 2010-06-12 06:19 -------- d-----w- c:\program files\Java
2010-06-07 12:33 . 2010-05-28 11:29 -------- d-----w- c:\program files\Cheat Engine
2010-06-03 11:43 . 2010-05-22 08:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-31 17:01 . 2010-05-31 17:00 -------- d-----w- c:\program files\Drawing for Children
2010-05-31 12:17 . 2010-05-31 12:17 -------- d-----w- c:\program files\MSBuild
2010-05-31 12:16 . 2010-05-31 12:16 -------- d-----w- c:\program files\Reference Assemblies
2010-05-31 11:27 . 2010-05-31 11:27 -------- d-----w- c:\program files\MSXML 6.0
2010-05-31 07:00 . 2010-05-02 16:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-28 11:24 . 2010-05-28 11:24 -------- d-----w- c:\program files\SSIII Solo Ultratus
2010-05-22 10:02 . 2010-05-22 08:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-22 10:02 . 2010-05-22 08:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-11 18:32 . 2010-05-11 18:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-09 18:44 . 2010-05-09 18:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-06 20:59 . 2010-05-03 13:38 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-05-03 13:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-05-03 13:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-05-03 13:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-05-03 13:39 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-05-03 13:39 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-05-03 13:39 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-05-03 13:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 18:00 . 2010-05-03 18:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-03 13:58 . 2010-05-03 13:58 0 ----a-w- c:\windows\nsreg.dat
2010-05-03 11:40 . 2010-05-02 09:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-03 11:40 . 2010-05-02 09:41 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-05-03 11:39 . 2010-05-02 09:42 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-02 09:39 . 2010-05-02 09:39 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-02 08:27 . 2004-08-17 13:44 1850880 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-25_16.23.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-25 17:15 . 2010-07-25 17:15 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="c:\documents and settings\o\Dokumenty\everest\EVEREST Ultimate Edition 5.00.1667 Beta\everest.exe" [2009-02-22 2361952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Steam"="c:\program files\Steam\Steam.exe" [2010-07-12 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\o\\Plocha\\Rune - Co-op 3\\Rune - Co-op\\RUNE\\SYSTEM\\RUNE.EXE"=
"c:\\Program Files\\Garena\\Garena.exe"=
"e:\\torentr\\Half Life 2\\HL2TakeTwo\\HL2\\hl2.exe"=
"c:\\Program Files\\Steam\\hl2\\Half-Life 2 Deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57761:TCP"= 57761:TCP:Pando Media Booster
"57761:UDP"= 57761:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6983:TCP"= 6983:TCP:League of Legends Launcher
"6983:UDP"= 6983:UDP:League of Legends Launcher
"6969:TCP"= 6969:TCP:League of Legends Launcher
"6969:UDP"= 6969:UDP:League of Legends Launcher
"1608:UDP"= 1608:UDP:Dimensity
"1900:TCP"= 1900:TCP:UPnP
"1892:UDP"= 1892:UDP:Dimensity
"2005:UDP"= 2005:UDP:Dimensity
"2149:UDP"= 2149:UDP:Dimensity
"1340:UDP"= 1340:UDP:Dimensity
"4044:UDP"= 4044:UDP:Dimensity
"1483:TCP"= 1483:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.5.2010 20:00 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.5.2010 15:39 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.5.2010 15:39 17744]
S2 gupdate1caebb4f1d6b060;Služba Google Update (gupdate1caebb4f1d6b060);c:\program files\Google\Update\GoogleUpdate.exe [4.5.2010 20:09 133104]
S3 apf001;apf001;\??\e:\games\RakionIS\Bin\apf001.sys --> e:\games\RakionIS\Bin\apf001.sys [?]
S3 CEDRIVER55;CEDRIVER55;c:\program files\Cheat Engine\dbk32.sys [28.5.2010 13:29 60416]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\o\LOCALS~1\Temp\JJJ182.tmp --> c:\docume~1\o\LOCALS~1\Temp\JJJ182.tmp [?]
S3 LLRING0;LLRING0;\??\c:\program files\MU\MuGuard\llck1.sys --> c:\program files\MU\MuGuard\llck1.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 18:09]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 18:09]

2010-07-23 c:\windows\Tasks\Norton Security Scan for o.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-18 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
FF - ProfilePath - c:\documents and settings\o\Data aplikací\Mozilla\Firefox\Profiles\x0yc09xn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Akamai - c:\program files\Common Files\Akamai\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 19:16
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8970C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf764bfc3
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> sfsync02.sys @ 0xf76188b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6
ParseProcedure -> ntoskrnl.exe @ 0x8056f26d
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6
ParseProcedure -> ntoskrnl.exe @ 0x8056f26d
NDIS: Broadcom NetXtreme Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf7b3aba0
PacketIndicateHandler -> NDIS.sys @ 0xf7b47b21
SendHandler -> NDIS.sys @ 0xf7b2587b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\o\LOCALS~1\Temp\JJJ182.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-790525478-1708537768-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e4,ff,94,61,8b,94,0d,80,e0,63,cb,85,99,af,84,fb,4b,78,3e,1d,2d,
31,34,8a,36,ce,9a,58,af,19,27,2a,1e,49,1c,bf,70,2a,e2,28,e5,ff,f3,be,8f,16,\
"rkeysecu"=hex:d1,35,45,51,a8,a0,73,b9,d7,1b,25,77,62,6c,9c,16
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-07-25 19:24:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-25 17:24
ComboFix2.txt 2010-07-25 16:26

Před spuštěním: 6 365 708 288
Po spuštění: 6 218 412 032

- - End Of File - - A209A22DFA35A5E19D81805E640008BF




http://www.virustotal.com/cs/analisis/8 ... 1275454507

http://www.virustotal.com/cs/analisis/a ... 1271995727

[Rudy]

Log již vypadá čistý. Jeden ze souborů byl sice identifikován jako rootkit, ale celkem nevýznamným antivirem. Přední antiviry mlčí, takže myslím že jsou oba čisté. Nastala nějaká změna?

[hinatahyuuga]

no vyzera to byt ok , stranky co nesli uz idu .. pocitac je celkom zrychleny ..zatial nevidim ziadnu chybu.
Dakujem

[Rudy]

Nemáte zač!