!SPĚCHÁ! Nezobrazovali se stránky v prohlížeči +pomalejší PC

Zpráva

zdenak · #16 Příspěvek od **zdenak** » 03 srp 2011 20:39

ComboFix 11-08-03.03 - Appel 03.08.2011 21:10:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.379 [GMT 2:00]
Spuštěný z: c:\documents and settings\Appel\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Appel\WINDOWS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-03 do 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 18:57 . 2011-08-03 18:57 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-08-03 18:57 . 2011-08-03 18:57 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-08-03 18:57 . 2011-08-03 18:57 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-08-03 18:57 . 2011-08-03 18:57 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-08-03 18:57 . 2011-08-03 18:57 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-08-03 18:57 . 2011-08-03 18:57 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-08-03 18:57 . 2011-08-03 18:57 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-08-03 18:57 . 2011-08-03 18:57 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-08-03 18:57 . 2011-08-03 18:57 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-08-03 18:57 . 2011-08-03 18:57 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-08-03 18:57 . 2011-08-03 18:57 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-08-03 18:57 . 2011-08-03 18:57 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-08-03 18:56 . 2011-08-03 18:56 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-07-29 12:54 . 2011-07-29 12:54 -------- d-----w- c:\documents and settings\Appel\Data aplikací\Absolute Legends
2011-07-29 12:53 . 2011-07-29 13:00 -------- d-----w- c:\documents and settings\Appel\Local Settings\Data aplikací\Deployment
2011-07-27 10:26 . 2011-08-03 14:55 -------- d-----w- c:\documents and settings\Appel\riotsGamesLogs
2011-07-23 13:25 . 2011-07-23 13:28 -------- d-----w- c:\documents and settings\Appel\Data aplikací\U3
2011-07-20 18:31 . 2011-07-20 18:31 94208 ----a-w- c:\windows\DIIUnin.exe
2011-07-20 18:31 . 2011-07-20 18:31 2829 ----a-w- c:\windows\DIIUnin.pif
2011-07-15 21:41 . 2011-08-03 19:29 -------- d-----w- c:\documents and settings\Appel\Local Settings\Data aplikací\LogMeIn Hamachi
2011-07-15 21:41 . 2011-08-03 18:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2011-07-15 21:41 . 2011-07-15 21:41 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-07-13 20:20 . 2003-09-03 00:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-07-13 20:20 . 2003-09-03 00:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-07-13 20:20 . 2003-09-03 00:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-07-13 20:20 . 2003-09-03 00:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-07-13 20:20 . 2003-09-03 00:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-07-13 20:20 . 2011-07-13 20:20 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-07-13 20:20 . 2011-07-13 20:20 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-07-12 09:14 . 2011-07-12 09:42 -------- d-----w- c:\documents and settings\Appel\Data aplikací\Mumble
2011-07-12 09:14 . 2011-07-12 09:31 -------- d-----w- c:\program files\Mumble
2011-07-11 20:03 . 2011-07-11 20:03 -------- d-----w- c:\documents and settings\Appel\Data aplikací\Garena
2011-07-06 17:41 . 2011-07-06 17:42 -------- d-----w- c:\documents and settings\Appel\Local Settings\Data aplikací\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 08:12 . 2010-08-23 23:21 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-08 08:12 . 2010-08-23 23:21 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-23 11:45 . 2010-11-21 15:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 05:57 . 2011-05-26 05:57 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-20 12:01 . 2011-05-20 12:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 19:13 . 2011-03-16 15:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Facebook Update"="c:\documents and settings\Appel\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"RTHDCPL"="RTHDCPL.EXE" [2010-08-16 18077696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-18 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-27 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\Appel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-7-25 337920]
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= c:\documents and settings\Appel\Dokumenty\Stažené soubory\LoL Checker EU\LoL Checker EU\LoL Checker Snipet\start.htm
FriendlyName=
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\MungoServer\\MungoServer.exe"=
"c:\\Program Files\\WifiPad Server\\WifiPadServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jablko188\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Appel\\Plocha\\Média\\Csko\\hl.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jablko188\\counter-strike\\hl.exe"=
"c:\\Program Files\\EA Games\\Battlefield Play4Free\\BFP4f.exe"=
"c:\\Program Files\\EA Games\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\LOLReplay\\LOLReplay.exe"=
"c:\\Program Files\\Stunlock Studios\\Bloodline Champions\\Binary\\BloodlineChampions.exe"=
"c:\\Program Files\\EA SPORTS\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jablko188\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\Appel\\Plocha\\Age Of Empires II i datadisk\\age2_x1.exe"=
"c:\\Documents and Settings\\Appel\\Plocha\\cs\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Appel\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"56884:TCP"= 56884:TCP:Pando Media Booster
"56884:UDP"= 56884:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6946:TCP"= 6946:TCP:League of Legends Launcher
"6946:UDP"= 6946:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6987:TCP"= 6987:TCP:League of Legends Launcher
"6987:UDP"= 6987:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher
"6895:TCP"= 6895:TCP:League of Legends Launcher
"6895:UDP"= 6895:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6900:TCP"= 6900:TCP:League of Legends Launcher
"6900:UDP"= 6900:UDP:League of Legends Launcher
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"1232:TCP"= 1232:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.8.2010 9:52 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 14:00 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24.8.2010 1:21 136360]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.8.2010 1:28 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.8.2010 1:28 8456]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.8.2011 19:40 41272]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [7.1.2011 15:52 63304]
S3 MungoDriver;MungoGamer Remote;c:\windows\system32\drivers\MungoDriver.sys [13.11.2010 14:13 12504]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23.1.2004 17:33 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23.1.2004 17:32 28800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Appel\Data aplikací\Mozilla\Firefox\Profiles\d1wqqb6e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 21:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-1482476501-1644491937-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ab,ed,3f,c4,06,6e,17,d2,59,69,12,b6,4b,fc,75,ed,d5,6a,56,3d,4d,b2,9c,
c8,a5,f6,42,33,bf,f1,44,2d,29,8e,16,a3,9b,e2,9f,01,02,2e,09,6b,bf,91,d1,16,\
"??"=hex:09,9d,29,5e,23,d7,27,9d,f4,f5,53,c9,a1,a1,7d,02
.
[HKEY_USERS\S-1-5-21-1123561945-1482476501-1644491937-1006\Software\SecuROM\License information*]
"datasecu"=hex:bf,28,56,00,d2,26,fd,79,74,8a,ce,7e,9f,7a,f0,80,7b,8f,8e,6d,f6,
48,45,3c,33,f4,38,79,2a,49,a6,9f,8a,f0,73,11,8d,96,da,ab,dd,31,a8,e7,bc,66,\
"rkeysecu"=hex:07,a0,2c,2e,27,72,5f,db,8a,48,1e,1b,95,05,93,fe
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1584)
c:\program files\Stardock\ObjectDockFree\DockShellHook.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-08-03 21:36:07
ComboFix-quarantined-files.txt 2011-08-03 19:36
.
Před spuštěním: Volných bajtů: 16 139 915 264
Po spuštění: Volných bajtů: 19 982 696 448
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 69655C25E5194F83F6D749C8B326B033

#17 Příspěvek od **vyosek** » 03 srp 2011 21:34

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
Akamai

NetSvc::
Akamai

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"iTunesHelper"=-
"DivXUpdate"=-
"TkBellExe"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"LogMeIn Hamachi Ui"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-
"1232:TCP"=-
"5000:UDP"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Appel\Data aplikací\Mozilla\Firefox\Profiles\d1wqqb6e.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=

Folder::
C:\Program Files\Common Files\Akamai

File::
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1482476501-1644491937-1006Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1482476501-1644491937-1006UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1004.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1005.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1005.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1006.job

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

zdenak · #18 Příspěvek od **zdenak** » 03 srp 2011 22:19

EDIT: a ještě se mi nainstaloval Internet Explorer

:-O
udělal jsem vše podle návodu, CF restartoval PC, chvilku to makalo a potom vyskočil tenhle log:

ComboFix 11-08-03.03 - Appel 03.08.2011 22:58:13.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.436 [GMT 2:00]
Spuštěný z: c:\documents and settings\Appel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Appel\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1482476501-1644491937-1006Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1482476501-1644491937-1006UA.job"
"c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1004.job"
"c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1005.job"
"c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1006.job"
"c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1004.job"
"c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1005.job"
"c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1006.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Akamai
c:\program files\Common Files\Akamai\AdminTool.exe
c:\program files\Common Files\Akamai\appregistry.dat
c:\program files\Common Files\Akamai\client.ini
c:\program files\Common Files\Akamai\client.ini.json
c:\program files\Common Files\Akamai\ControlPanel.exe
c:\program files\Common Files\Akamai\CplTasks.xml
c:\program files\Common Files\Akamai\euc_state.json
c:\program files\Common Files\Akamai\guid.ini
c:\program files\Common Files\Akamai\installer.txt
c:\program files\Common Files\Akamai\Languages\csy.dll
c:\program files\Common Files\Akamai\Languages\dan.dll
c:\program files\Common Files\Akamai\Languages\deu.dll
c:\program files\Common Files\Akamai\Languages\esp.dll
c:\program files\Common Files\Akamai\Languages\fin.dll
c:\program files\Common Files\Akamai\Languages\fra.dll
c:\program files\Common Files\Akamai\Languages\chs.dll
c:\program files\Common Files\Akamai\Languages\cht.dll
c:\program files\Common Files\Akamai\Languages\ita.dll
c:\program files\Common Files\Akamai\Languages\jpn.dll
c:\program files\Common Files\Akamai\Languages\kor.dll
c:\program files\Common Files\Akamai\Languages\nld.dll
c:\program files\Common Files\Akamai\Languages\nor.dll
c:\program files\Common Files\Akamai\Languages\plk.dll
c:\program files\Common Files\Akamai\Languages\ptb.dll
c:\program files\Common Files\Akamai\Languages\ptg.dll
c:\program files\Common Files\Akamai\Languages\rus.dll
c:\program files\Common Files\Akamai\Languages\sve.dll
c:\program files\Common Files\Akamai\Languages\trk.dll
c:\program files\Common Files\Akamai\Logs\debug.log
c:\program files\Common Files\Akamai\Logs\debug.log.110801_203651.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110801_213443.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_080238.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_090238.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_100239.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_110240.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_120241.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_130241.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_140242.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_150243.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_160244.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_170244.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_180245.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_190245.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_200246.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_210247.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110802_211737.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_060902.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_070903.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_080903.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_090903.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_100904.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_110904.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_120904.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_130904.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_140905.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_150906.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_160907.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_170907.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_180907.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_185523.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_185649.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_195649.sent
c:\program files\Common Files\Akamai\Logs\debug.log.110803_205650.sent
c:\program files\Common Files\Akamai\netsession_win_2da1ebd.dll
c:\program files\Common Files\Akamai\readme.txt
c:\program files\Common Files\Akamai\root.pem
c:\program files\Common Files\Akamai\rswinui.exe
c:\program files\Common Files\Akamai\uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Service_Akamai
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-03 do 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-02 17:40 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 17:40 . 2011-08-03 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 17:40 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 13:11 . 2011-08-02 13:11 -------- d-----w- c:\documents and settings\Appel\Data aplikací\SGTY
2011-08-02 13:04 . 2011-08-02 13:04 -------- d-----w- c:\documents and settings\Appel\Data aplikací\Realm of the Titans
2011-08-02 09:48 . 2011-08-02 09:49 -------- d-----w- c:\program files\trend micro
2011-08-02 09:48 . 2011-08-02 09:49 -------- d-----w- C:\rsit
2011-08-02 08:50 . 2011-08-02 08:50 -------- d-----w- C:\AeriaGames
2011-07-29 12:54 . 2011-07-29 12:54 -------- d-----w- c:\documents and settings\Appel\Data aplikací\Absolute Legends
2011-07-29 12:53 . 2011-07-29 13:00 -------- d-----w- c:\documents and settings\Appel\Local Settings\Data aplikací\Deployment
2011-07-27 10:26 . 2011-08-03 14:55 -------- d-----w- c:\documents and settings\Appel\riotsGamesLogs
2011-07-23 13:25 . 2011-07-23 13:28 -------- d-----w- c:\documents and settings\Appel\Data aplikací\U3
2011-07-20 18:31 . 2011-07-20 18:31 94208 ----a-w- c:\windows\DIIUnin.exe
2011-07-20 18:31 . 2011-07-20 18:31 2829 ----a-w- c:\windows\DIIUnin.pif
2011-07-15 21:41 . 2011-08-03 20:50 -------- d-----w- c:\documents and settings\Appel\Local Settings\Data aplikací\LogMeIn Hamachi
2011-07-15 21:41 . 2011-08-03 21:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2011-07-15 21:41 . 2011-07-15 21:41 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-07-13 20:20 . 2003-09-03 00:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-07-13 20:20 . 2003-09-03 00:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-07-13 20:20 . 2003-09-03 00:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-07-13 20:20 . 2003-09-03 00:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-07-13 20:20 . 2003-09-03 00:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-07-13 20:20 . 2011-07-13 20:20 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-07-13 20:20 . 2011-07-13 20:20 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-07-12 09:14 . 2011-07-12 09:42 -------- d-----w- c:\documents and settings\Appel\Data aplikací\Mumble
2011-07-12 09:14 . 2011-07-12 09:31 -------- d-----w- c:\program files\Mumble
2011-07-11 20:03 . 2011-07-11 20:03 -------- d-----w- c:\documents and settings\Appel\Data aplikací\Garena
2011-07-06 17:41 . 2011-07-06 17:42 -------- d-----w- c:\documents and settings\Appel\Local Settings\Data aplikací\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 08:12 . 2010-08-23 23:21 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-08 08:12 . 2010-08-23 23:21 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-23 11:45 . 2010-11-21 15:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-06 11:35 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 05:57 . 2011-05-26 05:57 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-20 12:01 . 2011-05-20 12:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 19:13 . 2011-03-16 15:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-03_19.29.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-03 21:10 . 2011-08-03 21:10 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"RTHDCPL"="RTHDCPL.EXE" [2010-08-16 18077696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-18 281768]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\Appel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-7-25 337920]
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= c:\documents and settings\Appel\Dokumenty\Stažené soubory\LoL Checker EU\LoL Checker EU\LoL Checker Snipet\start.htm
FriendlyName=
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\MungoServer\\MungoServer.exe"=
"c:\\Program Files\\WifiPad Server\\WifiPadServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jablko188\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Appel\\Plocha\\Média\\Csko\\hl.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jablko188\\counter-strike\\hl.exe"=
"c:\\Program Files\\EA Games\\Battlefield Play4Free\\BFP4f.exe"=
"c:\\Program Files\\EA Games\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\LOLReplay\\LOLReplay.exe"=
"c:\\Program Files\\Stunlock Studios\\Bloodline Champions\\Binary\\BloodlineChampions.exe"=
"c:\\Program Files\\EA SPORTS\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jablko188\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\Appel\\Plocha\\Age Of Empires II i datadisk\\age2_x1.exe"=
"c:\\Documents and Settings\\Appel\\Plocha\\cs\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Appel\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56884:TCP"= 56884:TCP:Pando Media Booster
"56884:UDP"= 56884:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6946:TCP"= 6946:TCP:League of Legends Launcher
"6946:UDP"= 6946:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6987:TCP"= 6987:TCP:League of Legends Launcher
"6987:UDP"= 6987:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher
"6895:TCP"= 6895:TCP:League of Legends Launcher
"6895:UDP"= 6895:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6900:TCP"= 6900:TCP:League of Legends Launcher
"6900:UDP"= 6900:UDP:League of Legends Launcher
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.8.2010 9:52 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24.8.2010 1:21 136360]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24.8.2010 1:28 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24.8.2010 1:28 8456]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2.8.2011 19:40 41272]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [7.1.2011 15:52 63304]
S3 MungoDriver;MungoGamer Remote;c:\windows\system32\drivers\MungoDriver.sys [13.11.2010 14:13 12504]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23.1.2004 17:33 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23.1.2004 17:32 28800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1482476501-1644491937-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1482476501-1644491937-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Appel\Data aplikací\Mozilla\Firefox\Profiles\d1wqqb6e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Akamai - c:\program files\Common Files\Akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 23:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-1482476501-1644491937-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ab,ed,3f,c4,06,6e,17,d2,59,69,12,b6,4b,fc,75,ed,d5,6a,56,3d,4d,b2,9c,
c8,a5,f6,42,33,bf,f1,44,2d,29,8e,16,a3,9b,e2,9f,01,02,2e,09,6b,bf,91,d1,16,\
"??"=hex:09,9d,29,5e,23,d7,27,9d,f4,f5,53,c9,a1,a1,7d,02
.
[HKEY_USERS\S-1-5-21-1123561945-1482476501-1644491937-1006\Software\SecuROM\License information*]
"datasecu"=hex:bf,28,56,00,d2,26,fd,79,74,8a,ce,7e,9f,7a,f0,80,7b,8f,8e,6d,f6,
48,45,3c,33,f4,38,79,2a,49,a6,9f,8a,f0,73,11,8d,96,da,ab,dd,31,a8,e7,bc,66,\
"rkeysecu"=hex:07,a0,2c,2e,27,72,5f,db,8a,48,1e,1b,95,05,93,fe
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2368)
c:\program files\Stardock\ObjectDockFree\DockShellHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-08-03 23:16:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-03 21:16
ComboFix2.txt 2011-08-03 19:36
.
Před spuštěním: Volných bajtů: 19 997 085 696
Po spuštění: Volných bajtů: 19 870 728 192
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F0F753444F0002C417031FA5B68804EF

#19 Příspěvek od **vyosek** » 03 srp 2011 22:24

Jak se chova PC nyni, problemy pretrvavaji

zdenak · #20 Příspěvek od **zdenak** » 03 srp 2011 22:35

Zdá se mi že je PC svižnější, dneska už to budu vypínat a pořádně to testnu zítra. kdyby se ještě objevili nějaké komplikace dám vědět do tohohle topicu. ještě pár otázek jestli můžu, co je nejlepší na vyčištění PC od starých nepoužívaných souborů? co jsem viděl jak to projížděl MbAM tak tam byla spousta souborů z dávno odinstalovaných programů a her. potom, co s tím combofixem? mám ho tam nechat,nebo odstranit? a poslední věc, proč se mi nainstaloval ten Explorer?

Každopádně moc díky za vaší pomoc, cením si vašich znalostí, trpělivosti a hlavně toho, že ve svém volném čase pomáháte lidem!

#21 Příspěvek od **vyosek** » 03 srp 2011 23:10

CFko udelalo pouze ikonu IE - autor to tak naprogramoval, proc to netusim

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

Znovu spusťte Usbfix a zvolte možnost Uninstall.

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

PC sledujte a napiste jak se chova

VIRY.CZ

!SPĚCHÁ! Nezobrazovali se stránky v prohlížeči +pomalejší PC

Re: !SPĚCHÁ! Nezobrazovali se stránky v prohlížeči +pomalejš

Re: !SPĚCHÁ! Nezobrazovali se stránky v prohlížeči +pomalejš

Re: !SPĚCHÁ! Nezobrazovali se stránky v prohlížeči +pomalejš

Re: !SPĚCHÁ! Nezobrazovali se stránky v prohlížeči +pomalejš

Re: !SPĚCHÁ! Nezobrazovali se stránky v prohlížeči +pomalejš

Re: !SPĚCHÁ! Nezobrazovali se stránky v prohlížeči +pomalejš