Dobrý den Rudy, tak přejmenování nepomohlo, ale nouzový režim ano. Tady je log:
ComboFix 12-12-30.01 - Rychetsky Miroslav 30.12.2012 11:12:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1029.18.894.524 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikacн\64dlls.exe
c:\documents and settings\Administrator\Data aplikacн\intel64.exe
c:\documents and settings\Administrator\Data aplikacн\Kernel32.exe
c:\documents and settings\Administrator\Data aplikacн\localsys64.exe
c:\documents and settings\Administrator\Data aplikacн\ntos.exe
c:\documents and settings\Administrator\Data aplikacн\oembios.exe
c:\documents and settings\Administrator\Data aplikacн\sdra64.exe
c:\documents and settings\Administrator\Data aplikacн\sdra73.exe
c:\documents and settings\Administrator\Data aplikacн\swin32.exe
c:\documents and settings\Administrator\Data aplikacн\twex.exe
c:\documents and settings\Administrator\Data aplikacн\twext.exe
c:\documents and settings\Administrator\Data aplikacн\win32avs.exe
c:\documents and settings\Administrator\Data aplikacн\wsnpoema.exe
c:\documents and settings\RYCHET~1\WINDOWS
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\windows\_iserr31.ini
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\TZLog.log
c:\windows\wininit.ini
D:\resycled
E:\resycled
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IPFW
-------\Legacy_IP_FW
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w-ny c:\docume~1\ADMINI~1\OKOLNT~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w- c:\docume~1\ADMINI~1\OKOLNS~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----w-y c:\docume~1\ADMINI~1\OBLBEN~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----r-ka Start c:\docume~1\ADMINI~1\NABDKA~1
2012-12-30 09:41 . 2007-12-15 11:06 -------- dc-h--w-blony c:\docume~1\ADMINI~1\?ablony
2012-12-30 09:41 . 2012-12-30 09:42 -------- dc----w- c:\documents and settings\Administrator
2012-12-26 09:47 . 2012-12-26 09:47 -------- d-----w- c:\program files\Common Files\Skype
2012-12-26 09:01 . 2012-12-26 09:01 -------- d-----w- c:\program files\Common Files\Java
2012-12-26 09:01 . 2012-12-26 09:00 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-26 09:01 . 2012-12-26 09:00 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-25 22:20 . 2012-12-25 22:20 -------- d-----w- c:\program files\Defraggler
2012-12-25 20:03 . 2012-12-25 20:03 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2012-12-25 18:53 . 2012-12-25 21:29 -------- d-----w- c:\program files\trend micro
2012-12-23 18:50 . 2012-12-23 18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-19 17:08 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2012-12-19 16:58 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-12-14 17:56 . 2012-12-14 17:56 -------- d-----w- c:\program files\WildTangent Games
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\Video Download Converter
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\VideoDownloadConverter_4z
2012-12-04 13:31 . 2012-12-04 13:31 -------- dc----w- c:\docume~1\ALLUSE~1\DATAAP~3
2012-12-03 13:50 . 2012-12-30 10:19 -------- d-----w- c:\program files\iWin Games
2012-11-30 18:29 . 2012-11-30 18:29 -------- dc----w- C:\Phenomedia AG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:00 . 2012-02-04 14:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-26 09:00 . 2012-02-04 14:31 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-26 08:55 . 2012-10-07 08:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 08:55 . 2011-07-01 07:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-31 18:43 . 2012-10-31 18:43 5069267 ----a-w- c:\program files\moorhuhn_we.exe
2012-10-30 22:51 . 2011-03-14 11:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-04-11 23:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2007-12-23 14:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2007-12-23 14:23 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2007-12-23 14:23 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2007-12-23 14:23 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-19 16:52 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2008-04-11 23:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2007-12-23 14:23 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-10-25 16:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2007-12-23 14:23 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-01 11:28 . 2011-03-26 09:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabidka Start^Programy^Po spusteni^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Nabidka Start\Programy\Po spusteni\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 06:29 67752 -c--a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 06:49 16126464 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
2008-08-15 16:33 1473536 -c--a-w- c:\program files\TO2SSM\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\2d0712\\SM2d0_2132.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [19.3.2012 17:52 20624]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2008 0:20 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 19:54 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2008 0:20 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8.4.2011 16:17 176848]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11.3.2011 23:55 2296696]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2011 23:55 25088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 12:33 738504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe --> c:\progra~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [?]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [18.12.2007 20:06 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [18.12.2007 20:51 64896]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [12.10.2010 18:59 206072]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [26.12.2008 13:59 99648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-13 22:50]
.
2011-03-11 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-01-02 14:31]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{748F7282-5954-46C1-843E-AA83577893B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25403
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{93a3111f-4f74-4ed8-895e-d9708497629e} - (no file)
WebBrowser-{48586425-6BB7-4F51-8DC6-38C88E3EBB58} - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-RegClean Expert Scheduler - c:\program files\Registry Clean Expert\RCHelper.exe
MSConfigStartUp-SoftSafeness - c:\program files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe
MSConfigStartUp-SpyClean - c:\program files\Netcom3 Cleaner\SpyClean.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-DivX Setup - c:\documents and settings\All Users\Data aplikaci\DivX\Setup\DivXSetup.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
AddRemove-The Treasures Of Montezuma 3 - c:\program files\Alawarhry.cz\The Treasures of Montezuma 3\Uninstall.exe
AddRemove-Uniblue RegistryBooster - c:\documents and settings\All Users\Data aplikaci\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}\rbia.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Data aplikaci\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}\rbia.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 11:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2012-12-30 11:28:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-30 10:28
.
Pre-Run: 2 859 352 064
Post-Run: 2 657 902 592
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 0A6FB34D153EC9F4B6EC117AD52ADA31
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé PC, problém s USB a občasné vytuhnutí
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Během scanu se objevila hláška o virech a podezřelých souborech a složkách:
ComboFix 12-12-30.01 - Rychetsky Miroslav 30.12.2012 17:05:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1029.18.894.516 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\64dlls.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\intel64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\Kernel32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\localsys64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\ntos.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\oembios.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra73.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\swin32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twex.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twext.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\win32avs.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w-ny c:\docume~1\ADMINI~1\OKOLNT~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w- c:\docume~1\ADMINI~1\OKOLNS~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----w-y c:\docume~1\ADMINI~1\OBLBEN~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----r-ka Start c:\docume~1\ADMINI~1\NABDKA~1
2012-12-30 09:41 . 2007-12-15 11:06 -------- dc-h--w-blony c:\docume~1\ADMINI~1\?ablony
2012-12-30 09:41 . 2012-12-30 09:42 -------- dc----w- c:\documents and settings\Administrator
2012-12-26 09:47 . 2012-12-26 09:47 -------- d-----w- c:\program files\Common Files\Skype
2012-12-26 09:01 . 2012-12-26 09:01 -------- d-----w- c:\program files\Common Files\Java
2012-12-26 09:01 . 2012-12-26 09:00 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-26 09:01 . 2012-12-26 09:00 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-25 22:20 . 2012-12-25 22:20 -------- d-----w- c:\program files\Defraggler
2012-12-25 20:03 . 2012-12-25 20:03 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2012-12-25 18:53 . 2012-12-25 21:29 -------- d-----w- c:\program files\trend micro
2012-12-23 18:50 . 2012-12-23 18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-19 17:08 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2012-12-19 16:58 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-12-14 17:56 . 2012-12-14 17:56 -------- d-----w- c:\program files\WildTangent Games
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\Video Download Converter
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\VideoDownloadConverter_4z
2012-12-04 13:31 . 2012-12-04 13:31 -------- dc----w- c:\docume~1\ALLUSE~1\DATAAP~3
2012-12-03 13:50 . 2012-12-30 10:19 -------- d-----w- c:\program files\iWin Games
2012-11-30 18:29 . 2012-11-30 18:29 -------- dc----w- C:\Phenomedia AG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:00 . 2012-02-04 14:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-26 09:00 . 2012-02-04 14:31 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-26 08:55 . 2012-10-07 08:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 08:55 . 2011-07-01 07:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-31 18:43 . 2012-10-31 18:43 5069267 ----a-w- c:\program files\moorhuhn_we.exe
2012-10-30 22:51 . 2011-03-14 11:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-04-11 23:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2007-12-23 14:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2007-12-23 14:23 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2007-12-23 14:23 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2007-12-23 14:23 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-19 16:52 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2008-04-11 23:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2007-12-23 14:23 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-10-25 16:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2007-12-23 14:23 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-01 11:28 . 2011-03-26 09:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabidka Start^Programy^Po spusteni^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Nabidka Start\Programy\Po spusteni\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 06:29 67752 -c--a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 06:49 16126464 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
2008-08-15 16:33 1473536 -c--a-w- c:\program files\TO2SSM\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\2d0712\\SM2d0_2132.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [19.3.2012 17:52 20624]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2008 0:20 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 19:54 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2008 0:20 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8.4.2011 16:17 176848]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11.3.2011 23:55 2296696]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2011 23:55 25088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 12:33 738504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe --> c:\progra~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [?]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [18.12.2007 20:06 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [18.12.2007 20:51 64896]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [12.10.2010 18:59 206072]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [26.12.2008 13:59 99648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-13 22:50]
.
2011-03-11 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-01-02 14:31]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{748F7282-5954-46C1-843E-AA83577893B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25403
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2492)
c:\program files\TeamViewer\Version6\tv_w32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-12-30 17:19:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-30 16:19
ComboFix2.txt 2012-12-30 10:28
.
Pre-Run: 2 768 535 552
Post-Run: 2 760 638 464
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 2AC8402381D4BD83FE11CB6024419FC9
Zároveň si myslím, že by s činností viru mohl souviset fakt, že se občas v aplikacích objevuje azbuka.Combofix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper the name of each file. We may need it later.
c:\Documents and Settings\Administrator\Data aplikach\ntos.exe
c:\Documents
ComboFix 12-12-30.01 - Rychetsky Miroslav 30.12.2012 17:05:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1029.18.894.516 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\64dlls.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\intel64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\Kernel32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\localsys64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\ntos.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\oembios.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra73.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\swin32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twex.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twext.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\win32avs.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w-ny c:\docume~1\ADMINI~1\OKOLNT~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w- c:\docume~1\ADMINI~1\OKOLNS~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----w-y c:\docume~1\ADMINI~1\OBLBEN~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----r-ka Start c:\docume~1\ADMINI~1\NABDKA~1
2012-12-30 09:41 . 2007-12-15 11:06 -------- dc-h--w-blony c:\docume~1\ADMINI~1\?ablony
2012-12-30 09:41 . 2012-12-30 09:42 -------- dc----w- c:\documents and settings\Administrator
2012-12-26 09:47 . 2012-12-26 09:47 -------- d-----w- c:\program files\Common Files\Skype
2012-12-26 09:01 . 2012-12-26 09:01 -------- d-----w- c:\program files\Common Files\Java
2012-12-26 09:01 . 2012-12-26 09:00 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-26 09:01 . 2012-12-26 09:00 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-25 22:20 . 2012-12-25 22:20 -------- d-----w- c:\program files\Defraggler
2012-12-25 20:03 . 2012-12-25 20:03 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2012-12-25 18:53 . 2012-12-25 21:29 -------- d-----w- c:\program files\trend micro
2012-12-23 18:50 . 2012-12-23 18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-19 17:08 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2012-12-19 16:58 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-12-14 17:56 . 2012-12-14 17:56 -------- d-----w- c:\program files\WildTangent Games
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\Video Download Converter
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\VideoDownloadConverter_4z
2012-12-04 13:31 . 2012-12-04 13:31 -------- dc----w- c:\docume~1\ALLUSE~1\DATAAP~3
2012-12-03 13:50 . 2012-12-30 10:19 -------- d-----w- c:\program files\iWin Games
2012-11-30 18:29 . 2012-11-30 18:29 -------- dc----w- C:\Phenomedia AG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:00 . 2012-02-04 14:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-26 09:00 . 2012-02-04 14:31 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-26 08:55 . 2012-10-07 08:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 08:55 . 2011-07-01 07:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-31 18:43 . 2012-10-31 18:43 5069267 ----a-w- c:\program files\moorhuhn_we.exe
2012-10-30 22:51 . 2011-03-14 11:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-04-11 23:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2007-12-23 14:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2007-12-23 14:23 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2007-12-23 14:23 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2007-12-23 14:23 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-19 16:52 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2008-04-11 23:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2007-12-23 14:23 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-10-25 16:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2007-12-23 14:23 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-01 11:28 . 2011-03-26 09:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabidka Start^Programy^Po spusteni^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Nabidka Start\Programy\Po spusteni\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 06:29 67752 -c--a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 06:49 16126464 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
2008-08-15 16:33 1473536 -c--a-w- c:\program files\TO2SSM\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\2d0712\\SM2d0_2132.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [19.3.2012 17:52 20624]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2008 0:20 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 19:54 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2008 0:20 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8.4.2011 16:17 176848]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11.3.2011 23:55 2296696]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2011 23:55 25088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 12:33 738504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe --> c:\progra~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [?]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [18.12.2007 20:06 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [18.12.2007 20:51 64896]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [12.10.2010 18:59 206072]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [26.12.2008 13:59 99648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-13 22:50]
.
2011-03-11 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-01-02 14:31]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{748F7282-5954-46C1-843E-AA83577893B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25403
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2492)
c:\program files\TeamViewer\Version6\tv_w32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-12-30 17:19:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-30 16:19
ComboFix2.txt 2012-12-30 10:28
.
Pre-Run: 2 768 535 552
Post-Run: 2 760 638 464
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 2AC8402381D4BD83FE11CB6024419FC9
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, problém s USB a občasné vytuhnutí
OK. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Nic v detected threats nebylo, jen v automatic scan log, který je ale děsně dlouhý a obsahuje jen soubory, které byly testovány.
Je zvláštní, že ani combofix ani avp nejde pustit jinak než v nouzovým režimu, ikdyž účet má administrátorská práva.
Je zvláštní, že ani combofix ani avp nejde pustit jinak než v nouzovým režimu, ikdyž účet má administrátorská práva.
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Spusťte normálním způsobem ještě jednou comobofix, ale v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Posílám log a k tomu obrázek azbuky v combofixu (mám v systému nastavenou češtinu). Kdyby už nebyla příležitost, tak Vám (a nejen Vám) přeji pěkný nový rok 
.
ComboFix 12-12-31.01 - Rychetsky Miroslav 31.12.2012 22:04:42.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1029.18.894.519 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikacн\64dlls.exe
c:\documents and settings\Administrator\Data aplikacн\intel64.exe
c:\documents and settings\Administrator\Data aplikacн\Kernel32.exe
c:\documents and settings\Administrator\Data aplikacн\localsys64.exe
c:\documents and settings\Administrator\Data aplikacн\ntos.exe
c:\documents and settings\Administrator\Data aplikacн\oembios.exe
c:\documents and settings\Administrator\Data aplikacн\sdra64.exe
c:\documents and settings\Administrator\Data aplikacн\sdra73.exe
c:\documents and settings\Administrator\Data aplikacн\swin32.exe
c:\documents and settings\Administrator\Data aplikacн\twex.exe
c:\documents and settings\Administrator\Data aplikacн\twext.exe
c:\documents and settings\Administrator\Data aplikacн\win32avs.exe
c:\documents and settings\Administrator\Data aplikacн\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w-ny c:\docume~1\ADMINI~1\OKOLNT~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w- c:\docume~1\ADMINI~1\OKOLNS~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----w-y c:\docume~1\ADMINI~1\OBLBEN~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----r-ka Start c:\docume~1\ADMINI~1\NABDKA~1
2012-12-30 09:41 . 2007-12-15 11:06 -------- dc-h--w-blony c:\docume~1\ADMINI~1\?ablony
2012-12-30 09:41 . 2012-12-30 09:42 -------- dc----w- c:\documents and settings\Administrator
2012-12-26 09:47 . 2012-12-26 09:47 -------- d-----w- c:\program files\Common Files\Skype
2012-12-26 09:01 . 2012-12-26 09:01 -------- d-----w- c:\program files\Common Files\Java
2012-12-26 09:01 . 2012-12-26 09:00 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-26 09:01 . 2012-12-26 09:00 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-25 22:20 . 2012-12-25 22:20 -------- d-----w- c:\program files\Defraggler
2012-12-25 20:03 . 2012-12-25 20:03 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2012-12-25 18:53 . 2012-12-25 21:29 -------- d-----w- c:\program files\trend micro
2012-12-23 18:50 . 2012-12-23 18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-19 17:08 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2012-12-19 16:58 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\Video Download Converter
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\VideoDownloadConverter_4z
2012-12-03 13:50 . 2012-12-30 10:19 -------- d-----w- c:\program files\iWin Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:00 . 2012-02-04 14:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-26 09:00 . 2012-02-04 14:31 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-26 08:55 . 2012-10-07 08:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 08:55 . 2011-07-01 07:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-31 18:43 . 2012-10-31 18:43 5069267 ----a-w- c:\program files\moorhuhn_we.exe
2012-10-30 22:51 . 2011-03-14 11:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-04-11 23:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2007-12-23 14:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2007-12-23 14:23 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2007-12-23 14:23 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2007-12-23 14:23 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-19 16:52 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2008-04-11 23:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2007-12-23 14:23 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-10-25 16:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2007-12-23 14:23 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-01 11:28 . 2011-03-26 09:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabidka Start^Programy^Po spusteni^_uninst_.lnk]
path=c:\documents and settings\Administrator\Nabidka Start\Programy\Po spusteni\_uninst_.lnk
backup=c:\windows\pss\_uninst_.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabidka Start^Programy^Po spusteni^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Nabidka Start\Programy\Po spusteni\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 06:29 67752 -c--a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 06:49 16126464 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\2d0712\\SM2d0_2132.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [19.3.2012 17:52 20624]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2008 0:20 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 19:54 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2008 0:20 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8.4.2011 16:17 176848]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11.3.2011 23:55 2296696]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2011 23:55 25088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 12:33 738504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [18.12.2007 20:06 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [18.12.2007 20:51 64896]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [26.12.2008 13:59 99648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-31 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-13 22:50]
.
2012-12-31 c:\windows\Tasks\User_Feed_Synchronization-{748F7282-5954-46C1-843E-AA83577893B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25403
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-31 22:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-31 22:14:19
ComboFix-quarantined-files.txt 2012-12-31 21:14
.
Pre-Run: 5 212 213 248
Post-Run: 5 547 761 664
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 97FB02BD87C897D61266499197FF6B81
.ComboFix 12-12-31.01 - Rychetsky Miroslav 31.12.2012 22:04:42.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1029.18.894.519 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikacн\64dlls.exe
c:\documents and settings\Administrator\Data aplikacн\intel64.exe
c:\documents and settings\Administrator\Data aplikacн\Kernel32.exe
c:\documents and settings\Administrator\Data aplikacн\localsys64.exe
c:\documents and settings\Administrator\Data aplikacн\ntos.exe
c:\documents and settings\Administrator\Data aplikacн\oembios.exe
c:\documents and settings\Administrator\Data aplikacн\sdra64.exe
c:\documents and settings\Administrator\Data aplikacн\sdra73.exe
c:\documents and settings\Administrator\Data aplikacн\swin32.exe
c:\documents and settings\Administrator\Data aplikacн\twex.exe
c:\documents and settings\Administrator\Data aplikacн\twext.exe
c:\documents and settings\Administrator\Data aplikacн\win32avs.exe
c:\documents and settings\Administrator\Data aplikacн\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w-ny c:\docume~1\ADMINI~1\OKOLNT~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w- c:\docume~1\ADMINI~1\OKOLNS~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----w-y c:\docume~1\ADMINI~1\OBLBEN~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----r-ka Start c:\docume~1\ADMINI~1\NABDKA~1
2012-12-30 09:41 . 2007-12-15 11:06 -------- dc-h--w-blony c:\docume~1\ADMINI~1\?ablony
2012-12-30 09:41 . 2012-12-30 09:42 -------- dc----w- c:\documents and settings\Administrator
2012-12-26 09:47 . 2012-12-26 09:47 -------- d-----w- c:\program files\Common Files\Skype
2012-12-26 09:01 . 2012-12-26 09:01 -------- d-----w- c:\program files\Common Files\Java
2012-12-26 09:01 . 2012-12-26 09:00 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-26 09:01 . 2012-12-26 09:00 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-25 22:20 . 2012-12-25 22:20 -------- d-----w- c:\program files\Defraggler
2012-12-25 20:03 . 2012-12-25 20:03 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2012-12-25 18:53 . 2012-12-25 21:29 -------- d-----w- c:\program files\trend micro
2012-12-23 18:50 . 2012-12-23 18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-19 17:08 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2012-12-19 16:58 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\Video Download Converter
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\VideoDownloadConverter_4z
2012-12-03 13:50 . 2012-12-30 10:19 -------- d-----w- c:\program files\iWin Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:00 . 2012-02-04 14:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-26 09:00 . 2012-02-04 14:31 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-26 08:55 . 2012-10-07 08:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 08:55 . 2011-07-01 07:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-31 18:43 . 2012-10-31 18:43 5069267 ----a-w- c:\program files\moorhuhn_we.exe
2012-10-30 22:51 . 2011-03-14 11:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-04-11 23:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2007-12-23 14:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2007-12-23 14:23 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2007-12-23 14:23 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2007-12-23 14:23 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-19 16:52 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2008-04-11 23:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2007-12-23 14:23 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-10-25 16:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2007-12-23 14:23 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-01 11:28 . 2011-03-26 09:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabidka Start^Programy^Po spusteni^_uninst_.lnk]
path=c:\documents and settings\Administrator\Nabidka Start\Programy\Po spusteni\_uninst_.lnk
backup=c:\windows\pss\_uninst_.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabidka Start^Programy^Po spusteni^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Nabidka Start\Programy\Po spusteni\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 06:29 67752 -c--a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 06:49 16126464 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\2d0712\\SM2d0_2132.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [19.3.2012 17:52 20624]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2008 0:20 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 19:54 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2008 0:20 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8.4.2011 16:17 176848]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11.3.2011 23:55 2296696]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2011 23:55 25088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 12:33 738504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [18.12.2007 20:06 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [18.12.2007 20:51 64896]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [26.12.2008 13:59 99648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-31 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-13 22:50]
.
2012-12-31 c:\windows\Tasks\User_Feed_Synchronization-{748F7282-5954-46C1-843E-AA83577893B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25403
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-31 22:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-31 22:14:19
ComboFix-quarantined-files.txt 2012-12-31 21:14
.
Pre-Run: 5 212 213 248
Post-Run: 5 547 761 664
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 97FB02BD87C897D61266499197FF6B81
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Nastala po tomto skenu nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, problém s USB a občasné vytuhnutí
No není to extra lepší, ale třeba to není způsobené virem. Pokud je to dle Vás čisté, tak děkuji za rady 
.
.-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Ještě zkuste:
Start>tento počítač>(pravým myšítkem) vlastnosti>vlastnosti systému>obnovení. Zaškrtněte políčko "Vypnout nástroj Obnovení systému na všech jednotkách". Restartujte PC a dejte (opět v nouz. systému) ještě jeden log CF.
Start>tento počítač>(pravým myšítkem) vlastnosti>vlastnosti systému>obnovení. Zaškrtněte políčko "Vypnout nástroj Obnovení systému na všech jednotkách". Restartujte PC a dejte (opět v nouz. systému) ještě jeden log CF.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Chová se to stále stejně. CF hlásí, že je zapnutý rez štít avastu, přitom avast není vůbec zaplý. Píše to také o těch 2 složkách a nějakém rootkitu (viz předchozí příspěvky). Přikládám log:
ComboFix 13-01-04.01 - Rychetsky Miroslav 04.01.2013 13:25:49.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1029.18.894.572 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\64dlls.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\intel64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\Kernel32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\localsys64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\ntos.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\oembios.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra73.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\swin32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twex.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twext.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\win32avs.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2013-01-03 10:31 . 2013-01-03 10:31 -------- d-----w- c:\program files\Common Files\Skype
2013-01-03 10:31 . 2013-01-03 10:31 -------- d-----r- c:\program files\Skype
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w-ny c:\docume~1\ADMINI~1\OKOLNT~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w- c:\docume~1\ADMINI~1\OKOLNS~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----w-y c:\docume~1\ADMINI~1\OBLBEN~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----r-ka Start c:\docume~1\ADMINI~1\NABDKA~1
2012-12-30 09:41 . 2007-12-15 11:06 -------- dc-h--w-blony c:\docume~1\ADMINI~1\?ablony
2012-12-30 09:41 . 2012-12-30 09:42 -------- dc----w- c:\documents and settings\Administrator
2012-12-26 09:01 . 2012-12-26 09:01 -------- d-----w- c:\program files\Common Files\Java
2012-12-26 09:01 . 2012-12-26 09:00 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-26 09:01 . 2012-12-26 09:00 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-25 22:20 . 2012-12-25 22:20 -------- d-----w- c:\program files\Defraggler
2012-12-25 20:03 . 2012-12-25 20:03 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2012-12-25 18:53 . 2012-12-25 21:29 -------- d-----w- c:\program files\trend micro
2012-12-23 18:50 . 2012-12-23 18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-19 17:08 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2012-12-19 16:58 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\Video Download Converter
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\VideoDownloadConverter_4z
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:00 . 2012-02-04 14:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-26 09:00 . 2012-02-04 14:31 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-26 08:55 . 2012-10-07 08:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 08:55 . 2011-07-01 07:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-31 18:43 . 2012-10-31 18:43 5069267 ----a-w- c:\program files\moorhuhn_we.exe
2012-10-30 22:51 . 2011-03-14 11:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-04-11 23:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2007-12-23 14:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2007-12-23 14:23 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2007-12-23 14:23 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2007-12-23 14:23 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-19 16:52 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2008-04-11 23:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2007-12-23 14:23 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-10-25 16:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2007-12-23 14:23 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-01 11:28 . 2011-03-26 09:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabidka Start^Programy^Po spusteni^_uninst_.lnk]
path=c:\documents and settings\Administrator\Nabidka Start\Programy\Po spusteni\_uninst_.lnk
backup=c:\windows\pss\_uninst_.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabidka Start^Programy^Po spusteni^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Nabidka Start\Programy\Po spusteni\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 06:29 67752 -c--a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 06:49 16126464 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Antivirus"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\2d0712\\SM2d0_2132.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [19.3.2012 17:52 20624]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2008 0:20 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 19:54 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2008 0:20 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8.4.2011 16:17 176848]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11.3.2011 23:55 2296696]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2011 23:55 25088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 12:33 738504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [18.12.2007 20:06 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [18.12.2007 20:51 64896]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [26.12.2008 13:59 99648]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-13 22:50]
.
2013-01-03 c:\windows\Tasks\User_Feed_Synchronization-{748F7282-5954-46C1-843E-AA83577893B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25403
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-04 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-01-04 13:33:10
ComboFix-quarantined-files.txt 2013-01-04 12:33
ComboFix2.txt 2012-12-31 21:14
.
Pre-Run: 5 344 464 896
Post-Run: 5 345 193 984
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 09683B0BCCEA22919A422605A086940F
ComboFix 13-01-04.01 - Rychetsky Miroslav 04.01.2013 13:25:49.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1029.18.894.572 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\64dlls.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\intel64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\Kernel32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\localsys64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\ntos.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\oembios.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra73.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\swin32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twex.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twext.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\win32avs.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2013-01-03 10:31 . 2013-01-03 10:31 -------- d-----w- c:\program files\Common Files\Skype
2013-01-03 10:31 . 2013-01-03 10:31 -------- d-----r- c:\program files\Skype
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w-ny c:\docume~1\ADMINI~1\OKOLNT~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc-h--w- c:\docume~1\ADMINI~1\OKOLNS~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----w-y c:\docume~1\ADMINI~1\OBLBEN~1
2012-12-30 09:41 . 2007-12-15 18:50 -------- dc----r-ka Start c:\docume~1\ADMINI~1\NABDKA~1
2012-12-30 09:41 . 2007-12-15 11:06 -------- dc-h--w-blony c:\docume~1\ADMINI~1\?ablony
2012-12-30 09:41 . 2012-12-30 09:42 -------- dc----w- c:\documents and settings\Administrator
2012-12-26 09:01 . 2012-12-26 09:01 -------- d-----w- c:\program files\Common Files\Java
2012-12-26 09:01 . 2012-12-26 09:00 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-26 09:01 . 2012-12-26 09:00 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-25 22:20 . 2012-12-25 22:20 -------- d-----w- c:\program files\Defraggler
2012-12-25 20:03 . 2012-12-25 20:03 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2012-12-25 18:53 . 2012-12-25 21:29 -------- d-----w- c:\program files\trend micro
2012-12-23 18:50 . 2012-12-23 18:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-19 17:08 . 2008-06-24 12:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2012-12-19 16:58 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\Video Download Converter
2012-12-07 17:58 . 2012-12-07 17:58 -------- d-----w- c:\program files\VideoDownloadConverter_4z
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:00 . 2012-02-04 14:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-26 09:00 . 2012-02-04 14:31 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-26 08:55 . 2012-10-07 08:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 08:55 . 2011-07-01 07:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-31 18:43 . 2012-10-31 18:43 5069267 ----a-w- c:\program files\moorhuhn_we.exe
2012-10-30 22:51 . 2011-03-14 11:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-04-11 23:20 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2007-12-23 14:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2007-12-23 14:23 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2007-12-23 14:23 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2007-12-23 14:23 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-19 16:52 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2008-04-11 23:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2007-12-23 14:23 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2010-10-25 16:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2007-12-23 14:23 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-01 11:28 . 2011-03-26 09:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabidka Start^Programy^Po spusteni^_uninst_.lnk]
path=c:\documents and settings\Administrator\Nabidka Start\Programy\Po spusteni\_uninst_.lnk
backup=c:\windows\pss\_uninst_.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabidka Start^Programy^Po spusteni^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Nabidka Start\Programy\Po spusteni\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 06:29 67752 -c--a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 06:49 16126464 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Antivirus"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\2d0712\\SM2d0_2132.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [19.3.2012 17:52 20624]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2008 0:20 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 19:54 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2008 0:20 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8.4.2011 16:17 176848]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11.3.2011 23:55 2296696]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2011 23:55 25088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.3.2011 12:33 738504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [18.12.2007 20:06 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [18.12.2007 20:51 64896]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [26.12.2008 13:59 99648]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-13 22:50]
.
2013-01-03 c:\windows\Tasks\User_Feed_Synchronization-{748F7282-5954-46C1-843E-AA83577893B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25403
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-04 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-01-04 13:33:10
ComboFix-quarantined-files.txt 2013-01-04 12:33
ComboFix2.txt 2012-12-31 21:14
.
Pre-Run: 5 344 464 896
Post-Run: 5 345 193 984
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 09683B0BCCEA22919A422605A086940F
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Stále se to vrací. Stáhněte Avenger: http://forum.viry.cz/viewtopic.php?f=11&t=19832 , spusťte a do bílého okna zkopírujte:
a klikněte na >Execute<. PC bude restartován.Files to delete:
c:\documents and settings\Rychetský Miroslav\Data aplikací\64dlls.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\intel64.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\Kernel32.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\localsys64.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\ntos.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\oembios.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\sdra64.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\sdra73.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\swin32.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\twex.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\twext.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\win32avs.exe
c:\documents and settings\Rychetský Miroslav\Data aplikací\wsnpoema.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, problém s USB a občasné vytuhnutí
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Fri Jan 04 22:05:09 2013
22:05:09: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\64dlls.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\64dlls.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\intel64.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\intel64.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\Kernel32.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\Kernel32.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\localsys64.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\localsys64.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\ntos.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\ntos.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\oembios.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\oembios.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\sdra64.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\sdra64.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\sdra73.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\sdra73.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\swin32.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\swin32.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\twex.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\twex.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\twext.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\twext.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\win32avs.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\win32avs.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\wsnpoema.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\wsnpoema.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Completed script processing.
*******************
Finished! Terminate.
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Fri Jan 04 22:05:09 2013
22:05:09: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\64dlls.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\64dlls.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\intel64.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\intel64.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\Kernel32.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\Kernel32.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\localsys64.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\localsys64.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\ntos.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\ntos.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\oembios.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\oembios.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\sdra64.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\sdra64.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\sdra73.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\sdra73.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\swin32.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\swin32.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\twex.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\twex.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\twext.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\twext.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\win32avs.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\win32avs.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\wsnpoema.exe"
Deletion of file "c:\documents and settings\Rychetsky' Miroslav\Data aplikaci'\wsnpoema.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Completed script processing.
*******************
Finished! Terminate.
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Tam je průšvih s tím, že část slova názvu adresáře je napsána latinkou a část azbukou a Utility nejsou schopny to přečíst. Tyto soubory:
je třeba smazat, všechno jsou to viry a díky tomu, že to vypadá takto:c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\64dlls.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\intel64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\Kernel32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\localsys64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\ntos.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\oembios.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra64.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\sdra73.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\swin32.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twex.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\twext.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\win32avs.exe
c:\documents and settings\Rychetskэ Miroslav\Data aplikacн\wsnpoema.exe
utility to nepřečtou. Otevřte příslušný adresář (nejlépe v nouz. režimu) a zkuste to smazat ručně.c:\documents and settings\Rychetskэ Miroslav\Data aplikacн
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, problém s USB a občasné vytuhnutí
Hm zajímavé, jak jednoduše se vir může schovat i před tak mocnými nástroji. A je to ještě horší. Buď ten avenger tu složku smazal (i když psal, že jednotlivé soubory smazat nemůže) nebo se složka nedá standartně (průzkumník, vyhledávání) najít. Složka (složka Data aplikací bez azbuky v umístění je, ale ony soubory ne) ani soubory prostě neexistují. Podotýkám, že zobrazení skrytých souborů a složek zapnuté mám.
Napadá Vás ještě něco?
Napadá Vás ještě něco?
Přispějete na provoz fóra?