Trošinku pomalejší pc

[motji]

Má to tak být

[motji]

Ještě dotaz - máš v pořádku systémový čas?

[lolek169]

Ne nemám,nevím proč ale už 3x se mi sam od sebe resetoval na rok 2002 a pul noc..Takže script proběhnul asi uspěšně restartoval se pc protože to odhalilo rootkita..a pak už nic..jako dřív..jak teď zjístím že je pc v pořádku?

[motji]

Poprosím o ten log z combofixu.
Možná to chce vyměnit CMOS baterii

[lolek169]

ComboFix 10-12-29.02 - komp 06.01.2002 0:05.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.575 [GMT 1:00]
Spuštěný z: c:\documents and settings\komp\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\winspool.drv

Nakažená kopie c:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2001-12-05 do 2002-01-05 )))))))))))))))))))))))))))))))
.

2010-12-03 15:28 . 2010-12-03 15:28 -------- d-----w- C:\Download
2010-11-30 14:59 . 2010-11-30 14:59 -------- d-----w- C:\562dabf31c3f002d52de92f10d8160
2010-10-21 10:09 . 2010-10-21 13:23 1170223 ----a-w- C:\steaml.exe
2010-10-18 08:46 . 2010-10-18 08:46 -------- d-----w- C:\Sounds
2010-10-18 08:40 . 2010-10-18 08:41 -------- d-----w- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 14:31 . 2010-09-30 20:35 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-03-08 02:34 . 2004-08-18 12:00 236544 ----a-w- c:\windows\system32\webcheck.dll
2008-04-14 06:52 . 2010-09-30 20:35 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2008-04-14 06:52 . 2004-08-18 12:00 14336 ----a-w- c:\windows\system32\svchost.exe
2008-04-14 06:52 . 2010-09-30 20:35 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 06:52 . 2010-09-30 20:35 769024 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-04-14 06:52 . 2010-09-30 20:35 18432 ----a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2008-04-14 06:52 . 2004-08-18 12:00 601088 ----a-w- c:\windows\system32\autochk.exe
2008-04-14 06:52 . 2010-09-30 20:53 11325 ------w- c:\windows\system32\drivers\vchnt5.dll
2008-04-14 06:52 . 2004-08-18 12:00 279040 ----a-w- c:\windows\help\tshoot.dll
2008-04-14 06:52 . 2010-09-30 20:35 726590 ----a-w- c:\windows\srchasst\srchui.dll
2008-04-14 06:52 . 2010-09-30 20:35 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2008-04-14 06:52 . 2004-08-18 12:00 33280 ----a-w- c:\windows\help\sstub.dll
2008-04-14 06:51 . 2004-08-18 12:00 34816 ----a-w- c:\windows\help\sniffpol.dll
2008-04-14 06:51 . 2010-09-30 20:35 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 06:51 . 2010-09-30 20:35 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 06:51 . 2010-09-30 20:35 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2008-04-14 06:51 . 2010-09-30 20:35 378880 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 06:51 . 2004-08-18 12:00 245248 ----a-w- c:\windows\apppatch\acspecfc.dll
2008-04-14 06:51 . 2004-08-18 12:00 1852928 ----a-w- c:\windows\apppatch\acgenral.dll
2008-04-14 06:51 . 2004-08-18 12:00 141312 ----a-w- c:\windows\apppatch\aclua.dll
2008-04-14 06:51 . 2004-08-18 12:00 116224 ----a-w- c:\windows\apppatch\acxtrnal.dll
2008-04-14 06:51 . 2010-09-30 20:56 39424 ------w- c:\windows\apppatch\acadproc.dll
2008-04-13 22:15 . 2001-08-17 22:03 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2008-04-13 22:15 . 2001-08-17 22:03 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2007-04-02 16:17 . 2004-08-18 12:00 518944 ----a-w- c:\windows\system32\msexch40.dll
2004-08-18 12:00 . 2010-09-30 20:35 35328 ----a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2004-08-18 12:00 . 2010-09-30 20:35 21504 ----a-w- c:\windows\pchealth\helpctr\binaries\brpinfo.dll
2004-08-18 12:00 . 2010-09-30 20:35 99840 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2004-08-18 12:00 . 2010-09-30 20:35 7168 ----a-w- c:\windows\pchealth\helpctr\binaries\HCAppRes.dll
2004-08-18 12:00 . 2010-09-30 20:34 35328 ----a-w- c:\windows\system32\winchat.exe
2004-08-18 12:00 . 2004-08-18 12:00 3374640 ----a-w- c:\windows\help\Tours\mmTour\tour.exe
2004-08-18 12:00 . 2004-08-18 12:00 152576 ----a-w- c:\windows\help\bnts.dll
2004-08-18 12:00 . 2004-08-18 12:00 10752 ----a-w- c:\windows\system32\pschdprf.dll
2004-08-18 12:00 . 2001-10-24 12:25 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2004-08-18 12:00 . 2001-10-24 12:25 69700 ----a-w- c:\windows\system32\usrshuta.exe
2004-08-18 12:00 . 2001-10-24 12:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2004-08-18 12:00 . 2001-10-24 12:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2004-08-18 12:00 . 2001-10-24 12:25 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2004-08-18 12:00 . 2001-10-24 12:25 8192 ----a-w- c:\windows\system32\streamci.dll
2004-08-18 12:00 . 2001-10-24 12:25 77890 ----a-w- c:\windows\system32\usrdpa.dll
2004-08-18 12:00 . 2001-10-24 12:25 77883 ----a-w- c:\windows\system32\usrrtosa.dll
2004-08-18 12:00 . 2001-10-24 12:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2004-08-18 12:00 . 2001-10-24 12:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2004-08-18 12:00 . 2001-10-24 12:25 69699 ----a-w- c:\windows\system32\usrcoina.dll
2004-08-18 12:00 . 2001-10-24 12:25 61500 ----a-w- c:\windows\system32\usrcntra.dll
2004-08-18 12:00 . 2001-10-24 12:25 53305 ----a-w- c:\windows\system32\usrlbva.dll
2004-08-18 12:00 . 2001-10-24 12:25 49211 ----a-w- c:\windows\system32\usrvpa.dll
2004-08-18 12:00 . 2001-10-24 12:25 49211 ----a-w- c:\windows\system32\usrsdpia.dll
2004-08-18 12:00 . 2001-10-24 12:25 49209 ----a-w- c:\windows\system32\usrv80a.dll
2004-08-18 12:00 . 2001-10-24 12:25 45116 ----a-w- c:\windows\system32\usrvoica.dll
2004-08-18 12:00 . 2001-10-24 12:25 41019 ----a-w- c:\windows\system32\usrsvpia.dll
2004-08-18 12:00 . 2001-10-24 12:25 323641 ----a-w- c:\windows\system32\usrdtea.dll
2004-08-18 12:00 . 2001-10-24 12:25 102457 ----a-w- c:\windows\system32\usrv42a.dll
2004-08-18 12:00 . 2001-10-24 12:25 69632 ----a-w- c:\windows\system32\spnike.dll
2004-08-18 12:00 . 2001-10-24 12:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2004-08-18 12:00 . 2001-10-24 12:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2004-08-18 12:00 . 2001-10-24 12:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2004-08-18 12:00 . 2001-10-24 11:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2004-08-18 12:00 . 2001-10-24 11:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2004-08-18 12:00 . 2001-10-24 11:53 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2004-08-18 12:00 . 2001-08-18 06:37 61508 ----a-w- c:\windows\system32\usrprbda.exe
2004-08-18 12:00 . 2001-08-17 22:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2004-08-18 12:00 . 2001-08-17 22:02 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2004-08-18 12:00 . 2001-08-17 22:01 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2004-08-18 12:00 . 2001-08-17 21:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2004-08-18 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2004-08-18 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2004-08-18 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2004-08-18 12:00 . 2001-08-17 21:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2003-03-18 19:44 . 2003-03-18 19:44 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2003-03-18 19:44 . 2003-03-18 19:44 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2001-11-09 15:01 . 2001-11-09 15:01 24064 ----a-w- c:\windows\system32\ativcoxx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2009-10-30 93376]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2002-01-08 395640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 65536]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-01-09 519584]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-10-1 67128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^komp^Nabídka Start^Programy^Po spuštění^Registration Heroes of Might & Magic 5.LNK]
path=c:\documents and settings\komp\Nabídka Start\Programy\Po spuštění\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-12-10 20:41 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2002-01-08 04:05 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Documents and Settings\\komp\\Local Settings\\Data aplikací\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2010 19:50 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [18.8.2004 13:00 14336]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.12.2010 21:41 247096]
S2 AsusGIO;AsusGIO;\??\c:\program files\ASUS\Ai Booster\AsusGIO.sys --> c:\program files\ASUS\Ai Booster\AsusGIO.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2002-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{0348DB9B-2D6C-4C98-98EB-DA2B88995C6B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{C96DABC5-EA7D-4D6D-9759-57EBB3F88E89}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2002-01-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-10-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-01-06 00:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5768)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
.
**************************************************************************
.
Celkový čas: 2002-01-06 00:26:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2002-01-05 23:26
ComboFix2.txt 2002-01-05 08:56

Před spuštěním: 8 727 597 056
Po spuštění: 8 978 178 048

- - End Of File - - 2BF58EE129F90BC75530E686003BA455

[motji]

Nedal jsi mi špatný log?

[lolek169]

Ne.ted sem udělal scan combofixem a tohle my vyšlo.Co je na tom špatně?

[motji]

Je to jako by ten samý log co předtím. Použil jsi ten skript?

[lolek169]

Ano použil,ale prostě co ho použiju tak se combofix spustí..pak mi to hodí hlašku že to nalezlo rootkit a že chce restart dal sem restart a po restartu se nic nedělo. a ten steaml.exe tam furt je.mám ten script znova aplikovat?

[motji]

Ano.

A ještě jedna věc -spust Gmer. Já tu budu večer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

[lolek169]

GMER LOG




GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2002-01-06 02:28:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.3.06
Running: gmer.exe; Driver: C:\DOCUME~1\komp\LOCALS~1\Temp\ufayraoc.sys


---- System - GMER 1.0.15 ----

SSDT spde.sys ZwEnumerateKey [0xF7734DA4]
SSDT spde.sys ZwEnumerateValueKey [0xF7735132]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7670B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7670B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1Port2Path0Target4Lun0 8676C1F8
Device \Driver\a7htzy9c \Device\Scsi\a7htzy9c1 854B9500
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1 8676C1F8
Device \Driver\a7htzy9c \Device\Scsi\a7htzy9c1Port3Path0Target0Lun0 854B9500
Device 867D71F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 851961F8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[motji]

Ještě poprosím o druhý log z gmeru

[lolek169]

mám takový 2 problémy
1,Když sem zapnul GMER tak se něco asi skenovalo a pak se to vyplo(gmer se vypnul) a když sem to zapnul po druhý tak se to oskenovalo tak sem to savenul na plochu..a je to jenom jeden log..o druhem nic nevím.
2,když sem tedkom zapnul gmer tak mi to po začátku skenu hodilo modrou obrazovku..

EDIT:Ted sem spustil gmer a vše šlo bez problému ale opět tu mám jenom jeden log.

[motji]

Ten druhý musíšudělat. Podívej se pořádně na návod gmeru, co mám v podpise

[lolek169]

už mám první log,a dělá se na druhým,bohužel to bude trošinku na dýl než 10minut,už se o scanuje cca 15minut