Po viru pomalý start PC

Zpráva

awas · #1 Příspěvek od **awas** » 10 bře 2012 15:56

Po napadení virem se Pc spouští dobrých pět minut, ne-li více.Můžete mi prosím zkontrolovat log? Děkuji
Windows XP SP 3

ComboFix 12-03-06.01 - Jirka 10.03.2012 15:35:27.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1534.958 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Dokumenty\Stažené soubory\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-08 19:17 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64AD1642-F7EE-40C5-8AD9-C2C180319A40}\mpengine.dll
2012-03-07 13:00 . 2012-03-07 13:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-06 16:54 . 2012-03-06 16:54 -------- d-----w- c:\documents and settings\Administrator
2012-03-06 13:49 . 2012-03-06 13:49 -------- d-----w- c:\program files\ESET
2012-03-06 13:46 . 2012-03-06 13:46 -------- d-----w- c:\windows\system32\LogFiles
2012-03-06 13:45 . 2012-03-07 12:34 -------- d-----w- c:\program files\Microsoft Bootvis
2012-03-06 13:37 . 2012-03-06 13:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\PCHealth
2012-03-06 13:34 . 2012-03-06 13:34 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-03-06 13:34 . 2012-03-06 13:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-03-06 13:30 . 2012-03-06 13:30 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\.clamwin
2012-02-19 13:54 . 2012-02-19 13:54 -------- d-----w- C:\PPK_CD
2012-02-15 15:34 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 15:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 13:00 . 2010-05-02 21:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-20 06:38 . 2011-06-06 08:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2010-07-27 17:50 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-07-26 17:07 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 17:20 . 2005-10-06 03:10 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2006-01-09 18:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-18 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-18 20:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-18 20:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-07_13.18.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-10 14:26 . 2012-03-10 14:26 16384 c:\windows\temp\Perflib_Perfdata_c84.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-01-11 4608]
"Core Temp"="c:\documents and settings\Jirka\Plocha\Core Temp.exe" [2008-08-22 277008]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-29 16:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\viphone communicator\\viphone communicator.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
3;2 gupdate1c98c7e64f3857e;Google Update Service (gupdate1c98c7e64f3857e);c:\program files\Google\Update\GoogleUpdate.exe [x]
R1 MpKsl3fbdd665;MpKsl3fbdd665;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{64AD1642-F7EE-40C5-8AD9-C2C180319A40}\MpKsl3fbdd665.sys [x]
R3 f4s9.sys;f4s9.sys;c:\windows\system32\drivers\f4s9.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R4 ALSysIO;ALSysIO;c:\docume~1\Jirka\LOCALS~1\Temp\ALSysIO.sys [2012-03-10 13320]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-11 716272]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-04-12 47616]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [2006-05-16 892032]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys [2009-06-07 47360]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-03-07 c:\windows\Tasks\NeroLiveEpgUpdate-ACER-A64300CF56_Jirka.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 12:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 77.48.254.254 77.48.100.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.113.207.238/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\q46ulkko.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 15:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3172)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\ati2sgag.exe
c:\program files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
c:\program files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Acer TV-FM\Kernel\TV\CLSched.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 15:47:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 14:47
ComboFix2.txt 2012-03-07 13:26
.
Před spuštěním: Volných bajtů: 63 455 948 800
Po spuštění: Volných bajtů: 63 436 439 552
.
- - End Of File - - AAB438E2A75DC0AB90808DB9695C10D8

awas · #2 Příspěvek od **awas** » 10 bře 2012 19:10

Ahoj,

Děkuji mockrát.Log je tu, nicméně je vytvořený v nouzáku v běžně spuštěném systému vždy program skončil pádem (hláškou o ukončení)

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 47 Stepping 2, AuthenticAMD
BOOT           : Safe Boot with network
DATE           : 2012/03/10 (ISO 8601) at 19:05:41
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __HDT722525DLA380 (V44OA96A)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR4 __-Pretec 512MB (2.00)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	232.9 Go  [Fixed] ==> Acer Recovery .

MBR_MD5   : C2F7D67452B8E371193AC00D36272287
MBR_SHA1  : D78E5F5D929A33A69C2CF8917269F4A218EC6298

Device\Harddisk0\Partition1	4.88 Go  	0x12 Diagnostic 
Device\Harddisk0\Partition2	113.8 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3	114.2 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR4	492.0 Mo  [Removable] ==> Unknown MBR Code

MBR_MD5   : DB63834A1683E4FEB9DA260E7BB6E4DA
MBR_SHA1  : F11A81C1369F4B2C801A5EE66903FCEC2E2A40C1

Device\Harddisk1\Partition1	492.0 Mo __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\system32\drivers\xpsec.sys => Invisible on the disk
ADDRESS : 0xB7BCA000
SIZE    : 76.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xcpip.sys => Invisible on the disk
ADDRESS : 0xB7B71000
SIZE    : 356.0 Ko

SystemStartOptions : FASTDETECT  NOEXECUTE=OPTIN SAFEBOOT:NETWORK SOS BOOTLOG NOGUIBOOT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   31 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   1A.?1.|uP.P.ü3.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BF 05 00 31 C0   ?..PW1a.ó¤Ë?..1A
0x00000020   B2 80 CD 13 73 07 4F 74 02 EB F3 EB FE BD 79 07   2.Í.s.Ot.ëóë?1y.
0x00000030   80 7E 00 5A 74 41 F8 B8 10 96 B3 15 CD 15 72 16   .~.ZtAo¸..3.Í.r.
0x00000040   81 F9 00 00 74 2E F8 B8 10 96 B3 16 CD 15 72 06   .u..t.o¸..3.Í.r.
0x00000050   81 F9 01 00 74 1E F8 B8 10 96 B3 18 CD 15 72 06   .u..t.o¸..3.Í.r.
0x00000060   81 F9 01 00 75 11 F8 B8 81 CA CD 15 80 FA 01 74   .u..u.o¸.EÍ..ú.t
0x00000070   06 E9 68 00 E9 65 00 BD BE 07 66 8B 5E 08 60 68   .éh.ée.13.f.^.`h
0x00000080   00 00 68 00 00 66 53 68 00 00 68 00 7C 68 01 00   ..h..fSh..h.|h..
0x00000090   68 10 00 B4 42 B2 80 89 E6 CD 13 61 61 73 0B 4F   h..´B2..aÍ.aas.O
0x000000A0   74 08 30 E4 B2 80 CD 13 EB CD E8 7F 00 BD BE 7F   t.0ä2.Í.ëÍe..13.
0x000000B0   C6 46 00 80 C6 46 10 00 C6 46 04 0B A0 7A 7F A8   AF..AF..AF...z.¨
0x000000C0   04 74 04 80 4E 24 10 A0 7A 7F A8 08 74 04 80 4E   .t..N$..z.¨.t..N
0x000000D0   34 10 E8 7A 00 68 00 00 68 00 7C CB BD BE 07 66   4.ez.h..h.|Ë13.f
0x000000E0   8B 5E 18 60 68 00 00 68 00 00 66 53 68 00 00 68   .^.`h..h..fSh..h
0x000000F0   00 7C 68 01 00 68 10 00 B4 42 B2 80 89 E6 CD 13   .|h..h..´B2..aÍ.
0x00000100   61 61 73 0B 4F 74 08 30 E4 B2 80 CD 13 EB CD E8   aas.Ot.0ä2.Í.ëÍe
0x00000110   1A 00 BD BE 7F 80 7E 04 12 74 BA C6 46 00 00 C6   ..13..~..toAF..A
0x00000120   46 10 80 C6 46 04 12 E8 25 00 EB A9 BF 05 00 31   F..AF..e%.ë©?..1
0x00000130   C0 8E C0 BB 00 7E B8 01 02 B5 00 B1 01 B6 00 B2   A.A».~¸..µ.±.¶.2
0x00000140   80 CD 13 73 09 4F 74 06 30 E4 CD 0D EB DE C3 BF   .Í.s.Ot.0äÍ.ë?A?
0x00000150   05 00 31 C0 8E C0 BB 00 7E B8 01 03 B5 00 B1 01   ..1A.A».~¸..µ.±.
0x00000160   B6 00 B2 80 CD 13 73 09 4F 74 06 30 E4 CD 0D EB   ¶.2.Í.s.Ot.0äÍ.ë
0x00000170   DE C3 00 00 41 63 65 72 0C 33 00 00 73 79 73 74   ?A..Acer.3..syst
0x00000180   65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00   em..............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 F2 0E 00 D2 CC F8 E9 00 00 00 01   .....o..OIoé....
0x000001C0   01 00 12 FE BF 7C 3F 00 00 00 FE 25 9C 00 80 00   ...??|?...?%....
0x000001D0   81 7D 07 FE FF FF 3D 26 9C 00 82 37 38 0E 00 00   .}.?..=&...78...
0x000001E0   C1 FF 07 FE FF FF BF 5D D4 0E C2 E7 47 0E 00 00   Á..?..?]Ô.ÂçG...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Ua

_______MBR   \Device\Harddisk1\DR4  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3A.?1.|uP.P.ü3.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ?..PW1a.ó¤Ë13.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..A.âôÍ..o
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .A.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ?¬<.tü»..´.Í.ëo.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.eF.s*?F..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uO.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..e!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   1.>?}Uat..~..tE.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.oË?...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..?.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷a.N.Ö±.OîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C EB 1A 90 BB 00 7C   .w#r.9F.s.ë..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»aU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.uUau0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖauAInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 9B 6C A8 66 00 00 80 01   .........l¨f....
0x000001C0   01 00 06 FE 3F 3D 3F 00 00 00 C1 5F 0F 00 00 00   ...??=?...Á_....
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Ua

awas · #3 Příspěvek od **awas** » 10 bře 2012 20:38

Hotovo a log je tu:

ComboFix 12-03-10.02 - Jirka 10.03.2012 20:16:36.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1534.1031 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: K:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_F4S9.SYS
-------\Service_f4s9.sys
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 15:00 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{764CA5FE-546F-495B-919D-93A88A68949F}\mpengine.dll
2012-03-07 13:00 . 2012-03-07 13:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-06 16:54 . 2012-03-06 16:54 -------- d-----w- c:\documents and settings\Administrator
2012-03-06 13:49 . 2012-03-06 13:49 -------- d-----w- c:\program files\ESET
2012-03-06 13:46 . 2012-03-06 13:46 -------- d-----w- c:\windows\system32\LogFiles
2012-03-06 13:45 . 2012-03-07 12:34 -------- d-----w- c:\program files\Microsoft Bootvis
2012-03-06 13:37 . 2012-03-06 13:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\PCHealth
2012-03-06 13:34 . 2012-03-06 13:34 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-03-06 13:34 . 2012-03-06 13:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-03-06 13:30 . 2012-03-06 13:30 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\.clamwin
2012-02-19 13:54 . 2012-02-19 13:54 -------- d-----w- C:\PPK_CD
2012-02-15 15:34 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 15:34 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 13:00 . 2010-05-02 21:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-20 06:38 . 2011-06-06 08:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2010-07-27 17:50 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-07-26 17:07 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 17:20 . 2005-10-06 03:10 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2006-01-09 18:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-18 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-18 20:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-18 20:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-07_13.18.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-10 19:06 . 2012-03-10 19:06 16384 c:\windows\temp\Perflib_Perfdata_7d4.dat
- 2006-05-16 04:02 . 2012-03-06 17:07 73148 c:\windows\system32\perfc009.dat
+ 2006-05-16 04:02 . 2012-03-10 19:10 73148 c:\windows\system32\perfc009.dat
- 2006-05-16 04:02 . 2012-03-06 17:07 85014 c:\windows\system32\perfc005.dat
+ 2006-05-16 04:02 . 2012-03-10 19:10 85014 c:\windows\system32\perfc005.dat
+ 2006-05-16 04:02 . 2012-03-10 19:10 445942 c:\windows\system32\perfh009.dat
- 2006-05-16 04:02 . 2012-03-06 17:07 445942 c:\windows\system32\perfh009.dat
- 2006-05-16 04:02 . 2012-03-06 17:07 442842 c:\windows\system32\perfh005.dat
+ 2006-05-16 04:02 . 2012-03-10 19:10 442842 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-01-11 4608]
"Core Temp"="c:\documents and settings\Jirka\Plocha\Core Temp.exe" [2008-08-22 277008]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-29 16:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\viphone communicator\\viphone communicator.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.1.2009 17:36 716272]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
S2 gupdate1c98c7e64f3857e;Google Update Service (gupdate1c98c7e64f3857e);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2009 20:24 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.1.2009 22:22 247608]
S2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [6.4.2011 19:16 47616]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [19.10.2011 16:49 2255464]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Jirka\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Jirka\LOCALS~1\Temp\ALSysIO.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2009 20:24 133104]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [26.8.2005 22:06 892032]
S3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [25.12.2009 19:01 618112]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [7.6.2009 13:11 47360]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-03-07 c:\windows\Tasks\NeroLiveEpgUpdate-ACER-A64300CF56_Jirka.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 12:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 77.48.254.254 77.48.100.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.113.207.238/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\q46ulkko.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 20:31
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 20:34:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 19:34
ComboFix2.txt 2012-03-10 14:47
ComboFix3.txt 2012-03-07 13:26
.
Před spuštěním: Volných bajtů: 63 455 244 288
Po spuštění: Volných bajtů: 65 055 436 800
.
- - End Of File - - F5B2117965AAA9D919708FC0E2D5C562

awas · #4 Příspěvek od **awas** » 11 bře 2012 09:01

Omlouvám se jelikož jsi tam neměl otazník nebyl jsem si jist, že jde o otázku.Tentokrát nejde o moji havět, PC je kolegy z práce.
porty počítám, že schválně otevřené nemá, alespoň si to myslím, podívám se na ně.
Každopádně Naughty mockrát děkuju za pomoc a čas.

VIRY.CZ

Po viru pomalý start PC

Po viru pomalý start PC

Re: Po viru pomalý start PC

Re: Po viru pomalý start PC

Re: Po viru pomalý start PC