MUJ PRVNI LOG prosím o kontrolu

Příspěvekod **jaro3** » 11 črc 2010 00:07

Fajn , ještě ten Combofix a pak info jak je to s PC a vytížením CPU. Vypínám jdu spát , takže ráno..

Reklama

Zlatak · Příspěvekod **Zlatak** » 11 črc 2010 00:23

ComboFix 10-07-10.01 - Gabriela 11/07/2010 0:12.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.546 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gabriela\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-10 do 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 21:59 . 2010-07-10 22:01 -------- dc----w- C:\UsbFix
2010-07-10 21:42 . 2010-07-10 21:42 -------- d-----w- c:\documents and settings\Gabriela\DoctorWeb
2010-07-10 15:26 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-10 15:26 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-10 15:26 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-10 15:26 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-10 15:26 . 2010-07-10 15:26 -------- d-----w- c:\program files\Avira
2010-07-10 12:32 . 2010-07-10 12:49 -------- d-----w- c:\program files\DKLegend
2010-07-09 22:31 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 22:31 . 2010-07-09 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 22:31 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 19:10 . 2010-07-09 19:10 -------- d-----w- c:\program files\Trend Micro
2010-07-08 14:30 . 2010-07-08 14:30 -------- d-----w- c:\program files\Electronic Arts
2010-07-07 23:05 . 2010-07-07 23:06 -------- d-----w- c:\program files\Hamachi
2010-07-06 21:59 . 2010-07-06 21:59 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-07-04 18:17 . 2010-07-04 18:25 -------- d-----w- c:\program files\Valve
2010-07-03 11:48 . 2010-07-03 11:48 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-07-03 11:48 . 2010-07-03 11:48 -------- d-----w- c:\program files\DIFX
2010-07-03 11:48 . 2010-07-03 11:48 -------- d-----w- c:\program files\USB TV
2010-07-03 11:41 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-07-03 11:41 . 2010-07-03 11:43 -------- d-----w- c:\program files\ATI Technologies
2010-07-03 11:40 . 2010-07-03 11:40 -------- dc----w- C:\ATI
2010-07-03 11:12 . 2010-07-03 11:59 -------- d-----w- c:\program files\Heroes of Newerth
2010-07-02 09:13 . 2010-07-02 09:13 -------- d-sh--w- c:\documents and settings\Gabriela\IECompatCache
2010-06-28 19:16 . 2010-07-03 11:10 -------- d-----w- c:\program files\Neffy
2010-06-25 13:16 . 2003-05-15 12:39 155136 ----a-w- c:\windows\system32\unrar.dll
2010-06-24 19:02 . 2010-07-10 17:02 -------- d-----w- c:\program files\TwilightDE
2010-06-20 20:41 . 2010-06-20 20:41 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-20 20:27 . 2010-06-20 20:27 -------- d-----w- c:\documents and settings\Gabriela\kbpki
2010-06-20 20:27 . 2010-06-20 20:27 -------- d-----w- c:\program files\CCleaner
2010-06-19 23:15 . 2000-08-05 23:51 192569 ----a-w- c:\windows\system32\msrpjt40.dll
2010-06-19 23:15 . 2000-08-05 23:51 32830 ----a-w- c:\windows\system32\dbmsshrn.dll
2010-06-19 23:14 . 2010-06-20 20:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-17 12:51 . 2010-06-20 20:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-16 18:30 . 2010-06-20 20:26 -------- d-----w- c:\program files\AIMP2
2010-06-14 17:19 . 2004-12-30 12:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-06-14 17:08 . 2010-06-14 17:08 -------- d-----w- c:\program files\Microsoft XNA
2010-06-14 17:06 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-14 17:06 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-14 17:06 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-14 17:06 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-06-14 17:06 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-06-14 17:06 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-06-14 17:06 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-06-14 17:06 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-06-11 14:43 . 2010-06-11 14:43 -------- d-----w- c:\program files\Reference Assemblies
2010-06-11 11:57 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 22:19 . 2010-06-01 21:20 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-10 12:49 . 2010-03-01 17:31 9728 ----a-w- c:\windows\system32\vvprotect.sys
2010-07-07 23:05 . 2006-09-17 13:58 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-03 11:48 . 2006-09-07 18:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 11:33 . 2001-10-25 14:00 513962 ----a-w- c:\windows\system32\perfh005.dat
2010-07-03 11:33 . 2001-10-25 14:00 106982 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 20:56 . 2010-06-09 20:33 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-20 20:25 . 2010-05-15 12:44 -------- d-----w- c:\program files\Microsoft.NET
2010-06-13 12:56 . 2010-05-12 16:39 -------- d-----w- c:\program files\ICQ7.1
2010-06-13 12:44 . 2010-05-25 12:26 -------- d-----w- c:\program files\Alcohol Soft
2010-06-10 12:09 . 2006-10-03 17:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-05 06:56 . 2010-05-14 13:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-25 13:09 . 2007-07-22 16:07 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-25 13:07 . 2010-05-25 13:07 -------- d-----w- c:\program files\OpenAL
2010-05-25 13:07 . 2009-07-13 17:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-25 13:07 . 2009-07-13 17:36 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-25 12:31 . 2010-05-25 12:31 -------- d-----w- c:\program files\Conduit
2010-05-25 12:05 . 2007-04-25 14:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-25 09:44 . 2007-04-03 18:27 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 09:43 . 2010-05-25 09:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 09:43 . 2007-04-03 18:27 -------- d-----w- c:\program files\Java
2010-05-23 14:41 . 2010-05-23 14:41 -------- d-----w- c:\program files\uTorrent
2010-05-18 18:28 . 2010-05-18 18:28 100368 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-05-18 18:28 . 2010-05-30 09:03 142864 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-05-18 18:28 . 2010-05-30 09:02 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-05-16 09:53 . 2010-05-15 12:45 -------- d-----w- c:\program files\Microsoft Works
2010-05-14 14:08 . 2010-05-14 14:07 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-05-14 14:03 . 2010-05-14 14:02 -------- d-----r- c:\program files\Skype
2010-05-14 14:02 . 2010-05-14 14:02 -------- d-----w- c:\program files\Common Files\Skype
2010-05-14 13:50 . 2010-05-12 16:53 -------- d-----w- c:\program files\Windows Live
2010-05-14 13:48 . 2010-05-14 13:48 -------- d-----w- c:\program files\Microsoft
2010-05-14 13:47 . 2010-05-14 13:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-12 16:50 . 2010-05-12 16:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 22:04 . 2010-04-16 22:04 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2007-04-23 09:50 . 2007-04-22 07:29 1252361 --sha-w- c:\windows\system32\mcsdvtn.dat
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-07-10_11.01.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-07-10 22:09 . 2010-07-10 22:09 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-07-10 22:09 . 2010-07-10 22:09 16384 c:\windows\Temp\Perflib_Perfdata_518.dat
+ 2010-07-10 15:26 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2010-07-10 15:25 . 2010-07-10 15:25 219648 c:\windows\Installer\f9df9d.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0sprestrt\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TwilightDE\\TwiDE.exe"=
"c:\\Documents and Settings\\Gabriela\\Plocha\\bot\\riBot.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\DKLegend\\dklegend.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15749:TCP"= 15749:TCP:BitComet 15749 TCP
"15749:UDP"= 15749:UDP:BitComet 15749 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14111:TCP"= 14111:TCP:BitComet 14111 TCP
"14111:UDP"= 14111:UDP:BitComet 14111 UDP
"7780:UDP"= 7780:UDP:1
"7784:UDP"= 7784:UDP:2
"2110:TCP"= 2110:TCP:4
"7790:TCP"= 7790:TCP:5
"7777:TCP"= 7777:TCP:6
"8110:TCP"= 8110:TCP:7
"8111:TCP"= 8111:TCP:8
"57727:TCP"= 57727:TCP:Pando Media Booster
"57727:UDP"= 57727:UDP:Pando Media Booster
"56878:TCP"= 56878:TCP:Pando Media Booster
"56878:UDP"= 56878:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17/08/2004 15:49 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/07/2010 17:26 135336]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [04/12/2006 20:20 2368]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [09/03/2009 13:25 38304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 cimo;cimo;c:\windows\system32\cimo.sys [22/05/2009 09:59 46080]
S3 NSPService;nProtect Security Platform 2007 Service;c:\windows\system32\INCAInternet\nProtect Security Platform 2007\nspsvc.exe [06/06/2009 22:04 354848]
S3 NSPUpdateService;nProtect Security Platform 2007 Update Service;c:\windows\system32\INCAInternet\nProtect Security Platform 2007\nspupsvc.exe [06/06/2009 22:04 813600]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18/05/2010 20:28 100368]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/04/2007 16:49 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://centrum.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.70\AMVConverter\grab.html
IE: Crawler Search
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.70\MediaManager\grab.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{479BEE90-08C0-44fa-AE28-06BA96963B5B} - {08C189C0-C4FE-4cb2-A765-C0A4DCD0A47A} -
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Gabriela\Data aplikací\Mozilla\Firefox\Profiles\ma553oa8.default\
FF - component: c:\documents and settings\Gabriela\Data aplikací\Mozilla\Firefox\Profiles\ma553oa8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gabriela\Data aplikací\Mozilla\Firefox\Profiles\ma553oa8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 00:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1957994488-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\M*a*s*s*i*v*e*G*a*m*i*n*g*"!\MassiveGaming KalOnline Patch]
"Version"="v0.7.9"
"ProgName"="MassiveGaming KalOnline Patch"

[HKEY_LOCAL_MACHINE\software\M*a*s*s*i*v*e*G*a*m*i*n*g*"!\MassiveGaming KalOnline Patch\v0.7.9]
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-11 00:22:49
ComboFix-quarantined-files.txt 2010-07-10 22:22
ComboFix2.txt 2010-07-10 11:04

Před spuštěním: 6,143,799,296
Po spuštění: 6,127,075,328

- - End Of File - - BBA429076502D20A0D5169E9D2177E28

Příspěvekod **jaro3** » 11 črc 2010 09:07

Toto si instaloval sám:
MassiveGaming KalOnline Patch ??

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\cimo.sys
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

Jak je to s vytížením CPU?

Zlatak · Příspěvekod **Zlatak** » 11 črc 2010 11:43

ComboFix 10-07-10.01 - Gabriela 11/07/2010 0:12.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.546 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gabriela\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-10 do 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 21:59 . 2010-07-10 22:01 -------- dc----w- C:\UsbFix
2010-07-10 21:42 . 2010-07-10 21:42 -------- d-----w- c:\documents and settings\Gabriela\DoctorWeb
2010-07-10 15:26 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-10 15:26 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-10 15:26 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-10 15:26 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-10 15:26 . 2010-07-10 15:26 -------- d-----w- c:\program files\Avira
2010-07-10 12:32 . 2010-07-10 12:49 -------- d-----w- c:\program files\DKLegend
2010-07-09 22:31 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 22:31 . 2010-07-09 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 22:31 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 19:10 . 2010-07-09 19:10 -------- d-----w- c:\program files\Trend Micro
2010-07-08 14:30 . 2010-07-08 14:30 -------- d-----w- c:\program files\Electronic Arts
2010-07-07 23:05 . 2010-07-07 23:06 -------- d-----w- c:\program files\Hamachi
2010-07-06 21:59 . 2010-07-06 21:59 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-07-04 18:17 . 2010-07-04 18:25 -------- d-----w- c:\program files\Valve
2010-07-03 11:48 . 2010-07-03 11:48 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-07-03 11:48 . 2010-07-03 11:48 -------- d-----w- c:\program files\DIFX
2010-07-03 11:48 . 2010-07-03 11:48 -------- d-----w- c:\program files\USB TV
2010-07-03 11:41 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-07-03 11:41 . 2010-07-03 11:43 -------- d-----w- c:\program files\ATI Technologies
2010-07-03 11:40 . 2010-07-03 11:40 -------- dc----w- C:\ATI
2010-07-03 11:12 . 2010-07-03 11:59 -------- d-----w- c:\program files\Heroes of Newerth
2010-07-02 09:13 . 2010-07-02 09:13 -------- d-sh--w- c:\documents and settings\Gabriela\IECompatCache
2010-06-28 19:16 . 2010-07-03 11:10 -------- d-----w- c:\program files\Neffy
2010-06-25 13:16 . 2003-05-15 12:39 155136 ----a-w- c:\windows\system32\unrar.dll
2010-06-24 19:02 . 2010-07-10 17:02 -------- d-----w- c:\program files\TwilightDE
2010-06-20 20:41 . 2010-06-20 20:41 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-20 20:27 . 2010-06-20 20:27 -------- d-----w- c:\documents and settings\Gabriela\kbpki
2010-06-20 20:27 . 2010-06-20 20:27 -------- d-----w- c:\program files\CCleaner
2010-06-19 23:15 . 2000-08-05 23:51 192569 ----a-w- c:\windows\system32\msrpjt40.dll
2010-06-19 23:15 . 2000-08-05 23:51 32830 ----a-w- c:\windows\system32\dbmsshrn.dll
2010-06-19 23:14 . 2010-06-20 20:26 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-17 12:51 . 2010-06-20 20:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-16 18:30 . 2010-06-20 20:26 -------- d-----w- c:\program files\AIMP2
2010-06-14 17:19 . 2004-12-30 12:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-06-14 17:08 . 2010-06-14 17:08 -------- d-----w- c:\program files\Microsoft XNA
2010-06-14 17:06 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-14 17:06 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-14 17:06 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-14 17:06 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-06-14 17:06 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-06-14 17:06 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-06-14 17:06 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-06-14 17:06 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-06-11 14:43 . 2010-06-11 14:43 -------- d-----w- c:\program files\Reference Assemblies
2010-06-11 11:57 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 22:19 . 2010-06-01 21:20 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-10 12:49 . 2010-03-01 17:31 9728 ----a-w- c:\windows\system32\vvprotect.sys
2010-07-07 23:05 . 2006-09-17 13:58 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-03 11:48 . 2006-09-07 18:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 11:33 . 2001-10-25 14:00 513962 ----a-w- c:\windows\system32\perfh005.dat
2010-07-03 11:33 . 2001-10-25 14:00 106982 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 20:56 . 2010-06-09 20:33 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-20 20:25 . 2010-05-15 12:44 -------- d-----w- c:\program files\Microsoft.NET
2010-06-13 12:56 . 2010-05-12 16:39 -------- d-----w- c:\program files\ICQ7.1
2010-06-13 12:44 . 2010-05-25 12:26 -------- d-----w- c:\program files\Alcohol Soft
2010-06-10 12:09 . 2006-10-03 17:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-05 06:56 . 2010-05-14 13:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-25 13:09 . 2007-07-22 16:07 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-25 13:07 . 2010-05-25 13:07 -------- d-----w- c:\program files\OpenAL
2010-05-25 13:07 . 2009-07-13 17:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-25 13:07 . 2009-07-13 17:36 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-25 12:31 . 2010-05-25 12:31 -------- d-----w- c:\program files\Conduit
2010-05-25 12:05 . 2007-04-25 14:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-25 09:44 . 2007-04-03 18:27 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 09:43 . 2010-05-25 09:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 09:43 . 2007-04-03 18:27 -------- d-----w- c:\program files\Java
2010-05-23 14:41 . 2010-05-23 14:41 -------- d-----w- c:\program files\uTorrent
2010-05-18 18:28 . 2010-05-18 18:28 100368 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-05-18 18:28 . 2010-05-30 09:03 142864 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-05-18 18:28 . 2010-05-30 09:02 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-05-16 09:53 . 2010-05-15 12:45 -------- d-----w- c:\program files\Microsoft Works
2010-05-14 14:08 . 2010-05-14 14:07 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-05-14 14:03 . 2010-05-14 14:02 -------- d-----r- c:\program files\Skype
2010-05-14 14:02 . 2010-05-14 14:02 -------- d-----w- c:\program files\Common Files\Skype
2010-05-14 13:50 . 2010-05-12 16:53 -------- d-----w- c:\program files\Windows Live
2010-05-14 13:48 . 2010-05-14 13:48 -------- d-----w- c:\program files\Microsoft
2010-05-14 13:47 . 2010-05-14 13:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-12 16:50 . 2010-05-12 16:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 22:04 . 2010-04-16 22:04 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2007-04-23 09:50 . 2007-04-22 07:29 1252361 --sha-w- c:\windows\system32\mcsdvtn.dat
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-07-10_11.01.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-07-10 22:09 . 2010-07-10 22:09 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-07-10 22:09 . 2010-07-10 22:09 16384 c:\windows\Temp\Perflib_Perfdata_518.dat
+ 2010-07-10 15:26 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2010-07-10 15:25 . 2010-07-10 15:25 219648 c:\windows\Installer\f9df9d.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0sprestrt\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TwilightDE\\TwiDE.exe"=
"c:\\Documents and Settings\\Gabriela\\Plocha\\bot\\riBot.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\DKLegend\\dklegend.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15749:TCP"= 15749:TCP:BitComet 15749 TCP
"15749:UDP"= 15749:UDP:BitComet 15749 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14111:TCP"= 14111:TCP:BitComet 14111 TCP
"14111:UDP"= 14111:UDP:BitComet 14111 UDP
"7780:UDP"= 7780:UDP:1
"7784:UDP"= 7784:UDP:2
"2110:TCP"= 2110:TCP:4
"7790:TCP"= 7790:TCP:5
"7777:TCP"= 7777:TCP:6
"8110:TCP"= 8110:TCP:7
"8111:TCP"= 8111:TCP:8
"57727:TCP"= 57727:TCP:Pando Media Booster
"57727:UDP"= 57727:UDP:Pando Media Booster
"56878:TCP"= 56878:TCP:Pando Media Booster
"56878:UDP"= 56878:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17/08/2004 15:49 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/07/2010 17:26 135336]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [04/12/2006 20:20 2368]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [09/03/2009 13:25 38304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 cimo;cimo;c:\windows\system32\cimo.sys [22/05/2009 09:59 46080]
S3 NSPService;nProtect Security Platform 2007 Service;c:\windows\system32\INCAInternet\nProtect Security Platform 2007\nspsvc.exe [06/06/2009 22:04 354848]
S3 NSPUpdateService;nProtect Security Platform 2007 Update Service;c:\windows\system32\INCAInternet\nProtect Security Platform 2007\nspupsvc.exe [06/06/2009 22:04 813600]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18/05/2010 20:28 100368]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/04/2007 16:49 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://centrum.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.70\AMVConverter\grab.html
IE: Crawler Search
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.70\MediaManager\grab.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{479BEE90-08C0-44fa-AE28-06BA96963B5B} - {08C189C0-C4FE-4cb2-A765-C0A4DCD0A47A} -
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Gabriela\Data aplikací\Mozilla\Firefox\Profiles\ma553oa8.default\
FF - component: c:\documents and settings\Gabriela\Data aplikací\Mozilla\Firefox\Profiles\ma553oa8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gabriela\Data aplikací\Mozilla\Firefox\Profiles\ma553oa8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 00:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1957994488-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\M*a*s*s*i*v*e*G*a*m*i*n*g*"!\MassiveGaming KalOnline Patch]
"Version"="v0.7.9"
"ProgName"="MassiveGaming KalOnline Patch"

[HKEY_LOCAL_MACHINE\software\M*a*s*s*i*v*e*G*a*m*i*n*g*"!\MassiveGaming KalOnline Patch\v0.7.9]
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-11 00:22:49
ComboFix-quarantined-files.txt 2010-07-10 22:22
ComboFix2.txt 2010-07-10 11:04

Před spuštěním: 6,143,799,296
Po spuštění: 6,127,075,328

- - End Of File - - BBA429076502D20A0D5169E9D2177E28

Zlatak · Příspěvekod **Zlatak** » 11 črc 2010 11:46

CPU je už v pořádku a ten schost.exe už tam je jen 9x a ne 10x takže asik tam bylo něco mno :-) je to odost rychlejší tetkom :-)

http://www.virustotal.com/cs/analisis/9 ... 1278841406

cosik tam je

Zlatak · Příspěvekod **Zlatak** » 11 črc 2010 11:50

MassiveGaming KalOnline Patch ?? ano to je moje práce to je čisté na 100% xD

Příspěvekod **jaro3** » 11 črc 2010 12:21

OK.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\cimo.sys

Driver::
cimo

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

MUJ PRVNI LOG prosím o kontrolu Vyřešeno

Re: MUJ PRVNI LOG prosím o kontrolu

Re: MUJ PRVNI LOG prosím o kontrolu

Re: MUJ PRVNI LOG prosím o kontrolu

Re: MUJ PRVNI LOG prosím o kontrolu

Re: MUJ PRVNI LOG prosím o kontrolu

Re: MUJ PRVNI LOG prosím o kontrolu

Re: MUJ PRVNI LOG prosím o kontrolu Vyřešeno

Kdo je online