Prosim o kontrolu - pomale PC

[vyosek]

Zkusime nejdrive CF a pak se podivame po rootkitech, tohle by mohl mit na svedomi...

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Drusik]

tady je log z combofix:

ComboFix 10-10-18.06 - Drusik 19.10.2010 19:52:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2966 [GMT 2:00]
Spuštěný z: c:\documents and settings\Drusik\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Drusik\Data aplikací\Desktopicon
c:\documents and settings\Drusik\Data aplikací\Desktopicon\config.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-19 do 2010-10-19 )))))))))))))))))))))))))))))))
.

2010-10-18 15:02 . 2010-10-18 15:02 -------- d-----w- c:\program files\Defraggler
2010-10-18 13:19 . 2010-10-18 13:19 -------- d-----w- C:\_OTM
2010-10-17 18:57 . 2010-10-19 13:14 -------- d-----w- c:\program files\trend micro
2010-10-17 18:57 . 2010-10-17 18:57 -------- d-----w- C:\rsit
2010-10-17 09:58 . 2010-10-17 09:58 -------- d-----w- c:\documents and settings\Drusik\Data aplikací\ValuSoft
2010-10-17 09:52 . 2010-10-17 09:59 -------- d-----w- c:\program files\Prison Tycoon 4
2010-10-16 14:44 . 2010-10-16 18:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2010-10-16 14:44 . 2010-10-16 17:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-10-13 13:35 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 13:35 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 13:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 18:28 . 2010-10-12 18:29 -------- d-----w- c:\documents and settings\Drusik\Data aplikací\U3
2010-10-04 18:30 . 2010-10-04 18:30 -------- d-----w- c:\program files\MyPlayCity.com
2010-09-30 13:23 . 2010-09-30 13:23 -------- d-----w- c:\program files\FreeTime
2010-09-30 13:17 . 2010-09-30 13:17 -------- d-----w- c:\program files\FormatFactory
2010-09-28 19:11 . 2010-09-30 12:44 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Drusik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-8-31 49220]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\Counter-Strike Source\\hl2.exe"=
"d:\\Hry\\Steam\\steamapps\\garande\\counter-strike source\\hl2.exe"=
"d:\\Hry\\MOHPA\\mohpa.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Programy\\uTorrent\\uTorrent.exe"=
"d:\\Hry\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"d:\\Hry\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Hry\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Hry\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Team17 Software Ltd\\WormsForts\\wf.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Drusik\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Hry\\EA Sports\\Fifa 11\\Game\\fifa.exe"=
"d:\\Hry\\StarCraft II\\StarCraft II.exe"=
"d:\\Hry\\StarCraft II\\Versions\\Base16755\\SC2.exe"=

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9.8.2010 11:28 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2010 11:29 165584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.6.2009 15:41 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2010 11:29 17744]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.5.2010 11:22 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.5.2010 11:22 8320]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S4 gupdate1ca0deabb627742;Služba Google Update (gupdate1ca0deabb627742);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2009 14:15 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.6.2009 17:33 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 12:14]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 12:15]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 12:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.Google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
.
.
Celkový čas: 2010-10-19 19:58:23
ComboFix-quarantined-files.txt 2010-10-19 17:58

Před spuštěním: Volných bajtů: 162 407 931 904
Po spuštění: Volných bajtů: 162 362 114 048

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5AD0D7584F177CC99507EBBE665098AA

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\program files\Alwil Software\Avast5\snxPlugins.dll
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

Tohle c:\program files\Stylish Profile pouzivate Je to velmi casto oznacovano jako spyware...

[Drusik]

nevim zda jsem to udelal spravne snad jo postupoval jsem podle navodu a co se tyka c:\program files\Stylish Profile ne to vidim poprve to nepouzivam nevim k cemu to je

Kód: Vybrat vše

http://www.virustotal.com/file-scan/report.html?id=dbfa6c757c7fca0b9ea56b1882a5e9d759cc60f344b8bb679ae579a2f591efd1-1287512233

[vyosek]

Nejak mi to VT nechce jet, byly tam nejake nalezy antiviru

Tohle c:\program files\Stylish Profile pouzivate Je to velmi casto oznacovano jako spyware...

[Drusik]

ne nepouzivam vidim to poprve ani nevim k cemu to je jinak stranka asi nesla nic to by mi tam nejak vybehlo ne? radsi prikladam popis :

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: snxPlugins.dll
Submission date: 2010-10-19 18:17:13 (UTC)
Current status: queued (#7402)

Additional informationShow all
MD5 : 8313710f26f97e720e18deb84b0fd818
SHA1 : 1e06cec751230d88054871d620d63d20c422e188
SHA256: dbfa6c757c7fca0b9ea56b1882a5e9d759cc60f344b8bb679ae579a2f591efd1
File size : 152160 bytes
First seen: 2010-09-08 07:55:50
Last seen : 2010-10-19 18:17:13
VT Community
This file has never been reviewed by any VT Community member. Be the first one to comment on it!

[vyosek]

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  services.msc

• Kliknete na OK
• Najdete sluzby nize
• Google Software Updater
• U kazde provedte toto
  • Klik na ni pravym mysidlem a zvolit Vlastnosti
  • Nyní klik na Zastavit
  • Typ spousteni nastavit na Zakazano
  • Potvrdte kliknutim na OK

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Folder::
  c:\program files\Stylish Profile
  
  File::
  c:\windows\Tasks\Google Software Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
  
  DDS::
  IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Drusik]

log:

ComboFix 10-10-18.06 - Drusik 19.10.2010 20:40:00.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2850 [GMT 2:00]
Spuštěný z: c:\documents and settings\Drusik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Drusik\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Stylish Profile
c:\program files\Stylish Profile\ct.htm
c:\program files\Stylish Profile\enlbrdr.dll
c:\program files\Stylish Profile\hoticon.ico
c:\program files\Stylish Profile\tomapi.js
c:\program files\Stylish Profile\tommain.js
c:\program files\Stylish Profile\uninstall.exe
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-19 do 2010-10-19 )))))))))))))))))))))))))))))))
.

2010-10-18 15:02 . 2010-10-18 15:02 -------- d-----w- c:\program files\Defraggler
2010-10-18 13:19 . 2010-10-18 13:19 -------- d-----w- C:\_OTM
2010-10-17 18:57 . 2010-10-19 13:14 -------- d-----w- c:\program files\trend micro
2010-10-17 18:57 . 2010-10-17 18:57 -------- d-----w- C:\rsit
2010-10-17 09:58 . 2010-10-17 09:58 -------- d-----w- c:\documents and settings\Drusik\Data aplikací\ValuSoft
2010-10-17 09:52 . 2010-10-17 09:59 -------- d-----w- c:\program files\Prison Tycoon 4
2010-10-16 14:44 . 2010-10-16 18:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2010-10-16 14:44 . 2010-10-16 17:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-10-13 13:35 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 13:35 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 13:34 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 18:28 . 2010-10-12 18:29 -------- d-----w- c:\documents and settings\Drusik\Data aplikací\U3
2010-10-04 18:30 . 2010-10-04 18:30 -------- d-----w- c:\program files\MyPlayCity.com
2010-09-30 13:23 . 2010-09-30 13:23 -------- d-----w- c:\program files\FreeTime
2010-09-30 13:17 . 2010-09-30 13:17 -------- d-----w- c:\program files\FormatFactory
2010-09-28 19:11 . 2010-09-30 12:44 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Drusik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-8-31 49220]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\Counter-Strike Source\\hl2.exe"=
"d:\\Hry\\Steam\\steamapps\\garande\\counter-strike source\\hl2.exe"=
"d:\\Hry\\MOHPA\\mohpa.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Programy\\uTorrent\\uTorrent.exe"=
"d:\\Hry\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"d:\\Hry\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Hry\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Hry\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Team17 Software Ltd\\WormsForts\\wf.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Drusik\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Hry\\EA Sports\\Fifa 11\\Game\\fifa.exe"=
"d:\\Hry\\StarCraft II\\StarCraft II.exe"=
"d:\\Hry\\StarCraft II\\Versions\\Base16755\\SC2.exe"=

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9.8.2010 11:28 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2010 11:29 165584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.6.2009 15:41 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2010 11:29 17744]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.5.2010 11:22 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.5.2010 11:22 8320]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S4 gupdate1ca0deabb627742;Služba Google Update (gupdate1ca0deabb627742);c:\program files\Google\Update\GoogleUpdate.exe [26.7.2009 14:15 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.6.2009 17:33 717296]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.Google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Stylish Profile - c:\program files\Stylish Profile\uninstall.exe


.
Celkový čas: 2010-10-19 20:43:50
ComboFix-quarantined-files.txt 2010-10-19 18:43
ComboFix2.txt 2010-10-19 17:58

Před spuštěním: Volných bajtů: 162 368 393 216
Po spuštění: Volných bajtů: 162 352 005 120

- - End Of File - - 307B67F25C700A5C3D78736FDFBBA414

[vyosek]

Log vypada cisty, PC stale nabiha pomalu

[Drusik]

Ano stale je to pomale nabiha to pres 3 minuty

[vyosek]

Jaky tam mate procesor

[Drusik]

napisu celou sestavu : CPU: Intel core 2 duo 2.66 Ghz. Graf: Nvidia 8800 GT. Ram:4 GB Ram - Corsair. MB:asus P5K premium. Chtel jsem se zeptat muze to byt HDD? dvakrat jsem takovy problem uz mel nevedel jsem si rady a tak jsem HDD naformatoval pokazde tou pomalou kompletni formataci po te jsem nainstaloval OS a bylo to v phohode cca po 3 mesicich se to opet stalo pomaly chod PC pomale nabyhani OS.

[vyosek]

No tak se na disk podivame Sestava vypada slusna, tam by problem byt nemel...
Otestujte HD pomoci HD Tune http://www.stahuj.centrum.cz/utility_a_ ... g/hd-tune/

• Udelejte testy Benchmark a Error Scan - dejte screeny
• Dejte screen ze zalozky Health
• Scree udelate kdyz klilknete na tu modrou disketku a pak jej sem dejte dle tohoto navdou http://www.viry.cz/forum/viewtopic.php?f=15&t=14114 - zajima Vas jen cast "zaslani na forum" samozrejme

[Drusik]

Tak tady to je :

BENCHMARK :

Uploaded with ImageShack.us


ERRORSCAN :

Uploaded with ImageShack.us


HEALTH :

[vyosek]

Prvni je nejaky divny - poprosim kolegu at na to mrkne Takze Vas prosim o strpeni

Zbyle dva vypadaji OK