Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

winlogon zaťažuje PC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 149
Registrován: 16 led 2008 07:49

winlogon zaťažuje PC

#1 Příspěvek od kekesko »

Zdravím, winlogon exe. mi berie veľa pamäti a zaťažuje aj procesor.
Obrázek
Pridávam log z RSITu:

Logfile of random's system information tool 1.08 (written by random/random)
Run by BOBO at 2011-03-08 14:05:33
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (6%) free of 80 GB
Total RAM: 1919 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:05:49, on 8.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Your Uninstaller 2010\urmain.exe
C:\Program Files\Your Uninstaller 2010\urmain.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\HiJackThis\RSIT.exe
C:\Program Files\trend micro\BOBO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\DOCUME~1\BOBO\LOCALS~1\Temp\nos_uninstall_Adobe.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

--
End of file - 5282 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{DF11BF71-AC8F-4B9D-A266-D43B15436CCC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-12-16 423232]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall Adobe Download Manager"=C:\DOCUME~1\BOBO\LOCALS~1\Temp\nos_uninstall_Adobe.dll [2011-03-08 66112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-01-09 395640]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-02-19 2423752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CE8SIIFGSU]
C:\DOCUME~1\BOBO\LOCALS~1\Temp\Rqc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-01-11 1230704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
C:\Program Files\Essentials Codec Pack\update.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Revo Uninstaller]
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe -hunter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-02-19 2423752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE [2004-12-21 1044480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BOBO^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.OR~\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2
"JavaQuickStarterService"=2
"ServiceLayer"=3
"SandraAgentSrv"=3
"ose"=3
"NVSvc"=2
"NMIndexingService"=3
"NBService"=3
"idsvc"=3
"BlueSoleil Hid Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDIDL~1\DVDShell.dll [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"EditLevel"=0
"NoCommonGroups"=0
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDrives"=0
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\BOBO\Application Data\uTorrent\utorrent.exe"="C:\Documents and Settings\BOBO\Application Data\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\BOBO\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\BOBO\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Internet Download Manager\IDMan.exe"="C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Mio DigiWalker\Mio Transfer.exe"="C:\Program Files\Mio DigiWalker\Mio Transfer.exe:*:Enabled:MioTransfer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-03-08 12:12:13 ----D---- C:\Program Files\RAR Password Cracker
2011-03-07 13:08:12 ----D---- C:\All naughty
2011-03-02 00:26:19 ----D---- C:\Náčelník V.had
2011-02-28 23:04:42 ----D---- C:\Ashampoo.WinOptimizer.7.v7.25.Incl.Keygen.and.Patch-Lz0
2011-02-27 17:50:45 ----D---- C:\Program Files\Common Files\Skype
2011-02-23 02:37:58 ----D---- C:\Korzickí bratia _sk
2011-02-19 20:42:36 ----D---- C:\Program Files\HSDPA USB Modem
2011-02-13 14:25:11 ----D---- C:\1148 clothed-unclothed pics
2011-02-13 13:42:46 ----D---- C:\NQ-2010.Q3-EU
2011-02-13 03:56:25 ----D---- C:\Documents and Settings\BOBO\Application Data\DDMSettings
2011-02-13 03:54:46 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-02-13 03:54:46 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-02-12 23:19:18 ----D---- C:\Princezna a chudas

======List of files/folders modified in the last 1 months======

2011-03-08 14:05:48 ----D---- C:\Documents and Settings\BOBO\Application Data\uTorrent
2011-03-08 14:05:36 ----D---- C:\Program Files\trend micro
2011-03-08 14:05:30 ----D---- C:\WINDOWS\Prefetch
2011-03-08 14:05:17 ----D---- C:\HiJackThis
2011-03-08 13:54:33 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2011-03-08 13:51:52 ----HD---- C:\WINDOWS\inf
2011-03-08 13:47:58 ----RD---- C:\Program Files
2011-03-08 13:47:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-03-08 13:40:18 ----D---- C:\WINDOWS\temp
2011-03-08 13:38:55 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-08 13:22:09 ----D---- C:\Documents and Settings\BOBO\Application Data\Skype
2011-03-08 13:08:42 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2011-03-08 12:36:34 ----D---- C:\Documents and Settings\BOBO\Application Data\skypePM
2011-03-08 11:49:35 ----A---- C:\WINDOWS\IfoEdit.INI
2011-03-08 11:20:35 ----D---- C:\DivX
2011-03-08 11:10:41 ----D---- C:\DVD
2011-03-08 11:09:12 ----D---- C:\Documents and Settings\BOBO\Application Data\dvdcss
2011-03-08 10:44:13 ----D---- C:\Documents and Settings\BOBO\Application Data\DMCache
2011-03-08 10:15:05 ----A---- C:\Documents and Settings\BOBO\Application Data\DVDSubEdit.ini
2011-03-08 09:50:00 ----A---- C:\WINDOWS\NeroDigital.ini
2011-03-08 08:07:21 ----A---- C:\WINDOWS\DVDIdlePro.INI
2011-03-08 03:34:01 ----D---- C:\MyAudio
2011-03-08 03:18:34 ----D---- C:\AllokMP3toAMRFolder
2011-03-08 02:05:45 ----D---- C:\WINDOWS
2011-03-08 01:46:34 ----D---- C:\VobBlanker
2011-03-08 00:56:06 ----D---- C:\Documents and Settings\BOBO\Application Data\Vso
2011-03-08 00:38:34 ----D---- C:\Documents and Settings\BOBO\Application Data\ICQ
2011-03-07 20:09:48 ----D---- C:\Program Files\JDownloader
2011-03-07 18:35:06 ----D---- C:\Program Files\Mozilla Firefox
2011-03-04 23:42:31 ----D---- C:\WINDOWS\system32\drivers
2011-03-04 08:57:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-02 00:37:21 ----D---- C:\Program Files\RapidShareManager
2011-03-01 12:57:25 ----D---- C:\Foto film
2011-03-01 10:03:55 ----D---- C:\torrenty up
2011-03-01 09:08:35 ----A---- C:\Documents and Settings\BOBO\Application Data\DVDSubEditLastFile0.txt
2011-03-01 00:22:02 ----D---- C:\Program Files\Opera
2011-02-28 09:21:32 ----D---- C:\Demux_DVD
2011-02-28 08:17:46 ----D---- C:\downloads
2011-02-27 17:50:47 ----SHD---- C:\WINDOWS\Installer
2011-02-27 17:50:45 ----D---- C:\Program Files\Common Files
2011-02-26 13:07:12 ----D---- C:\Program Files\SUPERAntiSpyware
2011-02-25 02:44:11 ----A---- C:\WINDOWS\VobEdit.INI
2011-02-22 23:03:15 ----D---- C:\Archa_cz
2011-02-20 23:16:49 ----D---- C:\Documents and Settings\BOBO\Application Data\IDM
2011-02-19 22:24:40 ----D---- C:\WINDOWS\system32
2011-02-19 22:23:55 ----D---- C:\WINDOWS\WinSxS
2011-02-19 21:11:49 ----D---- C:\WINDOWS\Help
2011-02-19 21:11:49 ----D---- C:\Program Files\Microsoft ActiveSync
2011-02-19 21:07:58 ----RSD---- C:\WINDOWS\assembly
2011-02-19 21:04:46 ----D---- C:\WINDOWS\Registration
2011-02-19 21:04:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-13 04:30:45 ----D---- C:\Documents and Settings\BOBO\Application Data\DivX
2011-02-13 03:55:41 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2011-02-13 03:55:31 ----D---- C:\Program Files\DivX
2011-02-10 23:35:34 ----D---- C:\Documents and Settings\BOBO\Application Data\AnvSoft
2011-02-10 23:35:31 ----D---- C:\Program Files\AnvSoft
2011-02-10 23:25:38 ----A---- C:\Documents and Settings\BOBO\Application Data\AutoGK.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2004-10-19 28207]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2010-10-06 33408]
R1 IDMTDI;IDMTDI; C:\WINDOWS\system32\DRIVERS\idmtdi.sys [2010-09-02 76896]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PSINKNC;PSINKNC; C:\WINDOWS\system32\DRIVERS\psinknc.sys [2010-12-16 130376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-22 23936]
R2 PSINAflt;PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile; C:\WINDOWS\system32\DRIVERS\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc; C:\WINDOWS\system32\DRIVERS\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [2010-12-16 113096]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2004-09-21 11604]
R3 Cap713x;Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-05-18 328320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-11 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-10 10604128]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-10-14 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2004-12-01 22488]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2010-10-06 145504]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe []
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2004-12-13 106496]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

-----------------EOF-----------------

Ďakujem.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: winlogon zaťažuje PC

#2 Příspěvek od Rudy »

Dejte log z ComboFix. Winlogon, pokud vidím, odebírá 0% syst. prostředků.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 149
Registrován: 16 led 2008 07:49

Re: winlogon zaťažuje PC

#3 Příspěvek od kekesko »

Rudy píše:Dejte log z ComboFix. Winlogon, pokud vidím, odebírá 0% syst. prostředků.
Dík za pomoc.
Ale na obrázku je že zaberá 151MB pamäte.

Tu je log z COmbo Fix:

ComboFix 11-03-08.06 - BOBO 09.03.2011 10:54:22.9.2 - x86
Running from: c:\documents and settings\BOBO\My Documents\Downloads\Programs\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\sys.txt
c:\windows\system32\drivers\wopwu.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_iblmypv
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 09:50 . 2011-03-09 09:50 389120 ----a-w- c:\windows\system32\CF12391.exe
2011-03-08 13:18 . 2011-03-08 13:18 388096 ----a-r- c:\documents and settings\BOBO\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-08 11:12 . 2011-03-08 11:12 -------- d-----w- c:\program files\RAR Password Cracker
2011-03-07 12:08 . 2011-03-07 22:22 -------- d-----w- C:\All naughty
2011-02-27 16:50 . 2011-02-27 16:50 -------- d-----w- c:\program files\Common Files\Skype
2011-02-19 19:42 . 2011-02-19 21:22 -------- d-----w- c:\program files\HSDPA USB Modem
2011-02-13 13:25 . 2011-02-25 23:46 -------- d-----w- C:\1148 clothed-unclothed pics
2011-02-13 12:42 . 2011-02-13 12:42 -------- d-----w- C:\NQ-2010.Q3-EU
2011-02-13 02:56 . 2011-02-13 02:56 -------- d-----w- c:\documents and settings\BOBO\Application Data\DDMSettings
2011-02-13 02:54 . 2010-07-12 18:36 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-02-13 02:54 . 2010-07-12 18:36 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-02-08 01:10 . 2011-02-13 03:30 -------- d-----w- c:\documents and settings\BOBO\Application Data\DivX
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 01:44 . 2011-02-05 01:45 737280 ----a-w- c:\windows\iun6002.exe
2011-02-01 21:36 . 2011-02-01 21:36 1415145 ----a-w- C:\v_cze_fa30.zip
2011-02-01 21:36 . 2011-02-01 21:36 1462078 ----a-w- C:\v_cze_fj30.zip
2011-02-01 21:33 . 2011-02-01 21:33 705046 ----a-w- C:\v_slo_fa11.zip
2011-01-19 13:40 . 2011-01-19 13:40 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-01-19 04:38 . 2011-01-19 04:38 389120 ----a-w- c:\windows\system32\CF19781.exe
2010-12-20 17:09 . 2010-10-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-16 17:39 . 2010-12-16 17:39 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2010-12-16 17:12 . 2010-12-16 17:12 113096 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2010-12-16 17:12 . 2010-12-16 17:12 111944 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2010-12-16 17:12 . 2010-12-16 17:12 130376 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2010-12-16 17:12 . 2010-12-16 17:12 97352 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2010-12-16 17:12 . 2010-12-16 17:12 141768 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-08-30 06:25 . 2010-09-07 09:52 47616 ----a-w- c:\program files\cache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-09-02 13:22 70264 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-09 395640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-19 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^BOBO^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\BOBO\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 01:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 21:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-02-26 07:03 16125440 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-02-19 09:50 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SandraAgentSrv"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"idsvc"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\BOBO\\Application Data\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\BOBO\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mio DigiWalker\\Mio Transfer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6.9.2010 16:36 76896]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [16.12.2010 18:12 130376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [16.12.2010 18:19 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [16.12.2010 18:12 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [16.12.2010 18:12 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [16.12.2010 18:12 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [16.12.2010 18:12 113096]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [9.6.2004 23:14 328320]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28.2.2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-18 c:\windows\Tasks\User_Feed_Synchronization-{DF11BF71-AC8F-4B9D-A266-D43B15436CCC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-25 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Office Excel -
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\BOBO\Application Data\Mozilla\Firefox\Profiles\0f3wpv1u.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.sk
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\BOBO\Application Data\IDM\idmmzcc3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CE8SIIFGSU - c:\docume~1\BOBO\LOCALS~1\Temp\Rqc.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
MSConfigStartUp-Revo Uninstaller - c:\program files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
AddRemove-HijackThis - c:\hijackthis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5b,dc,40,03,89,a4,4b,46,a3,37,cd,d1,cd,53,76,1e,74,12,cc,0b,63,
99,a2,b9,3c,4b,fe,27,a2,a8,a1,3a,23,68,41,e8,25,a1,55,df,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8d1abf5a-add8-43b9-b771-0971599bab82}]
@Denied: (Full) (Everyone)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\BOBO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
.
- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-09 11:06:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-09 10:06
ComboFix2.txt 2011-01-19 13:53
ComboFix3.txt 2011-01-19 04:53
.
Pre-Run: 7 432 179 712 bytes free
Post-Run: 7 344 328 704 voľných bajtov
.
- - End Of File - - 4520FB59865C922A7D74E4A350A07778


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Včera som to ešte prebehol v Malwarebytes a tu je log:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verzia databázy: 5988

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8.3.2011 15:29:59
mbam-log-2011-03-08 (15-29-59).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 226571
Uplynutý čas: 48 min, 6 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 7
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 7

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XPRepairPro2006 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790777BC765B5332AC96 (Malware.Trace) -> Value: SRS_IT_E8790777BC765B5332AC96 -> Quarantined and deleted successfully.

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\system volume information\_restore{e4eae4ed-ae56-405b-be38-5845808f53c1}\RP85\A0022453.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e4eae4ed-ae56-405b-be38-5845808f53c1}\RP85\A0022454.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e4eae4ed-ae56-405b-be38-5845808f53c1}\RP85\A0022455.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e4eae4ed-ae56-405b-be38-5845808f53c1}\RP85\A0022457.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e4eae4ed-ae56-405b-be38-5845808f53c1}\RP85\A0022459.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e4eae4ed-ae56-405b-be38-5845808f53c1}\RP85\A0022460.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e4eae4ed-ae56-405b-be38-5845808f53c1}\RP85\A0022461.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
(RiskWare.Tool.CK) -> Not selected for removal.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: winlogon zaťažuje PC

#4 Příspěvek od Rudy »

MBAM smazal nějaká AdWary. CF pak následně rootkit. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 149
Registrován: 16 led 2008 07:49

Re: winlogon zaťažuje PC

#5 Příspěvek od kekesko »

Rudy píše:MBAM smazal nějaká AdWary. CF pak následně rootkit. Nastala nějaká změna?
Ano nastala winlogon sa ukludnil a berie len 18 MB pamäte a 0 procesoru.. Asi to fakt pomohlo. Dík
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119506
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: winlogon zaťažuje PC

#6 Příspěvek od Rudy »

Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“