zpomalené načítání některých stránek...

[sixmonsters]

Dobrý den, prosím o radu.
Asi před třemi dny se mi občasně začalo zpomalovat načítání některých stránek, které obvykle nabíhají normální rychlostí. Např. idnes, bandzone a další. Někdy se třeba nenačtou vůbec. Problémy s připojením to asi nebudou, protože jiné stránky mi v tu samou chvíli normálně jedou.
Předem díky za odpověď.
z.



Tady je DDS log

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Administrator at 1:54:21 on 2011-06-04
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1369 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Documents and Settings\Administrator\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://qip.ru
uSearch Page = hxxp://search.qip.ru
uDefault_Page_URL = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://search.qip.ru/ie
uSearchAssistant = hxxp://search.qip.ru/ie
uURLSearchHooks: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\documents and settings\administrator\data aplikací\microsoft\internet explorer\qipsearchbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\data aplikací\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\documents and settings\administrator\data aplikací\microsoft\internet explorer\qipsearchbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
uRun: [QIP Internet Guardian] c:\documents and settings\administrator\data aplikací\qipguard\QipGuard.exe /p
uRun: [Infium] "c:\program files\qip 2010\qip.exe" /autorun
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.128.0.89 10.128.2.89
TCP: Interfaces\{03B9B368-2175-4F45-AA24-42D4820D5E28} : DhcpNameServer = 10.128.0.89 10.128.2.89
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\data aplikací\mozilla\firefox\profiles\dsqgnh0c.default\
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2010-9-1 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2010-9-1 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-1 294608]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-6-4 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-1 40384]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-1 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-1 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S4 Dmafosrhds;Dmafosrhds; [x]
.
=============== Created Last 30 ================
.
2011-06-03 23:30:29 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-06-03 23:30:26 -------- d-----w- c:\documents and settings\administrator\data aplikací\Spyware Terminator
2011-06-03 23:30:21 -------- d-----w- c:\program files\Spyware Terminator
2011-05-29 18:29:34 -------- d-----w- c:\program files\Easy Subtitles Synchronizer
2011-05-17 07:14:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-28 02:49:59 2 ----a-w- c:\windows\system32\Dvbpws.dll
2011-03-07 05:33:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2004-12-21 12:31:42 420352 ----a-w- c:\program files\AUTOOFF .exe
.
============= FINISH: 1:54:46,92 ===============

[vyosek]

Zdravim a pekny den preji

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe ale nespoustejte

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  DDS::
  uStart Page = hxxp://qip.ru
  uSearch Page = hxxp://search.qip.ru
  uDefault_Page_URL = hxxp://qip.ru
  uDefault_Search_URL = hxxp://search.qip.ru
  uSearch Bar = hxxp://search.qip.ru/ie
  uSearchAssistant = hxxp://search.qip.ru/ie
  uURLSearchHooks: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\documents and settings\administrator\data aplikací\microsoft\internet explorer\qipsearchbar.dll
  uURLSearchHooks: H - No File
  mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
  BHO: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\documents and settings\administrator\data aplikací\microsoft\internet explorer\qipsearchbar.dll
  TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
  
  Driver::
  Dmafosrhds
  gupdate
  gupdatem
  
  File::
  c:\documents and settings\administrator\data aplikací\microsoft\internet explorer\qipsearchbar.dll
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[sixmonsters]

ComboFix 11-06-04.02 - Administrator 04.06.2011 13:47:00.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1462 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\_\I Strap On My Man
c:\documents and settings\_\I Strap On My Man
c:\windows\system32\Dvbpws.dll
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_Dmafosrhds
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-04 do 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\windows\system32\wbem\snmp
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\windows\system32\oobe
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\windows\srchasst
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\windows\system32\xircom
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\program files\microsoft frontpage
2011-06-04 11:35 . 2011-06-04 11:38 -------- d-----w- C:\_
2011-06-03 23:30 . 2011-06-03 23:30 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-06-03 23:30 . 2011-06-03 23:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2011-06-03 23:30 . 2011-06-03 23:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-06-03 23:30 . 2011-06-03 23:31 -------- d-----w- c:\program files\Spyware Terminator
2011-05-29 18:30 . 2011-05-29 18:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ESS
2011-05-29 18:29 . 2011-05-29 18:29 -------- d-----w- c:\program files\Easy Subtitles Synchronizer
2011-05-17 07:14 . 2011-05-17 07:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2010-09-01 13:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2004-12-21 12:31 . 2010-09-01 21:28 420352 ----a-w- c:\program files\AUTOOFF .exe
2011-05-01 08:17 . 2011-04-23 00:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.

Kód: Vybrat vše

<pre>
c:\program files\AUTOOFF .exe
</pre>

.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2008-04-13 21:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
[-] 2008-04-14 06:51 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
.
[-] 2008-04-14 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
.
.
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680]
"QIP Internet Guardian"="c:\documents and settings\Administrator\Data aplikací\QipGuard\QipGuard.exe" [2010-12-13 187776]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-05-10 6789504]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-06-03 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-07-11 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-24 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 66560]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26508:TCP"= 26508:TCP:BitComet 26508 TCP
"26508:UDP"= 26508:UDP:BitComet 26508 UDP
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [1.9.2010 22:24 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [1.9.2010 22:24 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.9.2010 23:58 294608]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.6.2011 1:30 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.9.2010 23:58 17744]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - HELPSVC
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 21:58]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 21:58]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-630328440-1177238915-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-630328440-1177238915-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.128.0.89 10.128.2.89
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\dsqgnh0c.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-04 13:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-630328440-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,d7,59,cf,d8,16,b6,4a,b4,e6,8e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,fa,17,0d,b8,3f,bf,41,8d,38,21,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,d7,59,cf,d8,16,b6,4a,b4,e6,8e,\
.
[HKEY_USERS\S-1-5-21-1957994488-630328440-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,32,21,fa,75,ec,8b,26,8d,83,92,da,29,c8,84,4e,14,d8,bf,48,4b,bf,17,
8d,26,dd,4c,ae,ce,ed,df,0a,22,9b,83,a7,f9,b6,0d,7d,b2,cb,fc,1a,c0,21,93,4a,\
"??"=hex:82,13,60,2e,97,16,d8,81,a7,00,03,80,67,cc,c4,15
.
[HKEY_USERS\S-1-5-21-1957994488-630328440-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:e6,c9,aa,08,4b,52,37,e9,c0,4a,29,bb,16,6d,5e,9a,42,7f,6b,46,8d,
08,db,17,4a,cd,a0,18,c7,67,64,85,89,c5,73,9c,38,c8,59,10,4a,64,49,00,71,15,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\WINSPOOL.DRV
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\COMRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\credui.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ALCWZRD.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-06-04 13:56:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-04 11:56
.
Před spuštěním: 2 510 766 080
Po spuštění: 2 475 216 896
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2B8F8BACB9B0B8F071E16E554A69F5EB

[vyosek]

Jeste jeden skript pro ComboFix - postup je stejny

Kód: Vybrat vše

KillAll::

Restore::
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\comres.dll
c:\windows\system32\ctfmon.exe
c:\windows\System32\wscntfy.exe
c:\windows\System32\regsvc.dll

RenV::
c:\program files\AUTOOFF .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"QuickTime Task"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-]
"Adobe Reader Speed Launcher"="-
"Adobe ARM"=-
"DivXUpdate"=-

File::
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-630328440-1177238915-500.job
 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-630328440-1177238915-500.job

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\dsqgnh0c.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

RegLock::
[HKEY_USERS\S-1-5-21-1957994488-630328440-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1957994488-630328440-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1957994488-630328440-1177238915-500\Software\SecuROM\License information*]

[sixmonsters]

ComboFix 11-06-04.02 - Administrator 04.06.2011 15:58:41.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1426 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-630328440-1177238915-500.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-630328440-1177238915-500.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-630328440-1177238915-500.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-630328440-1177238915-500.job
.
c:\windows\system32\comres.dll . . . je infikován!!
.
c:\windows\system32\ctfmon.exe . . . je infikován!!
.
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
c:\windows\System32\regsvc.dll . . . je infikován!!
.
c:\windows\System32\wscntfy.exe . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-04 do 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\windows\system32\wbem\snmp
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\windows\system32\oobe
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\windows\srchasst
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\windows\system32\xircom
2011-06-04 11:52 . 2011-06-04 11:52 -------- d-----w- c:\program files\microsoft frontpage
2011-06-03 23:30 . 2011-06-03 23:30 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-06-03 23:30 . 2011-06-03 23:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2011-06-03 23:30 . 2011-06-03 23:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-06-03 23:30 . 2011-06-04 12:17 -------- d-----w- c:\program files\Spyware Terminator
2011-05-29 18:30 . 2011-05-29 18:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ESS
2011-05-29 18:29 . 2011-05-29 18:29 -------- d-----w- c:\program files\Easy Subtitles Synchronizer
2011-05-17 07:14 . 2011-05-17 07:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2010-09-01 13:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2004-12-21 12:31 . 2010-09-01 21:28 420352 ----a-w- c:\program files\AUTOOFF.exe
2011-05-01 08:17 . 2011-04-23 00:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 23:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
[-] 2008-04-14 06:51 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
.
[-] 2008-04-14 . 0AB43CE7EFFAD6B4914AE3C1B489AAA1 . 66560 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
.
.
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680]
"QIP Internet Guardian"="c:\documents and settings\Administrator\Data aplikací\QipGuard\QipGuard.exe" [2010-12-13 187776]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-05-10 6789504]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-06-03 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-07-11 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 66560]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26508:TCP"= 26508:TCP:BitComet 26508 TCP
"26508:UDP"= 26508:UDP:BitComet 26508 UDP
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [1.9.2010 22:24 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [1.9.2010 22:24 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.9.2010 23:58 294608]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.6.2011 1:30 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.9.2010 23:58 17744]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 21:58]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.128.0.89 10.128.2.89
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\dsqgnh0c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-04 16:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-630328440-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,32,21,fa,75,ec,8b,26,8d,83,92,da,29,c8,84,4e,14,d8,bf,48,4b,bf,17,
8d,26,dd,4c,ae,ce,ed,df,0a,22,9b,83,a7,f9,b6,0d,7d,b2,cb,fc,1a,c0,21,93,4a,\
"??"=hex:82,13,60,2e,97,16,d8,81,a7,00,03,80,67,cc,c4,15
.
[HKEY_USERS\S-1-5-21-1957994488-630328440-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:e6,c9,aa,08,4b,52,37,e9,c0,4a,29,bb,16,6d,5e,9a,42,7f,6b,46,8d,
08,db,17,4a,cd,a0,18,c7,67,64,85,89,c5,73,9c,38,c8,59,10,4a,64,49,00,71,15,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'explorer.exe'(3676)
c:\windows\system32\COMRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\credui.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-06-04 16:06:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-04 14:06
.
Před spuštěním: 9 990 246 400
Po spuštění: 9 978 892 288
.
- - End Of File - - A0205372D69BA4AB2DD213AF43FF4934

[vyosek]

Mate instal. CD - system je poskozeny a chybi mu dulezite soubory

[sixmonsters]

důležité? zdá si mi, že všechno jede... i ten interent je lepší.
instal cd někde mám. musím komplet přeinstalovat nebo se to jen nějak opraví?

[vyosek]

Nektere soubory jsou poskozene, nektere chybi...ono chod PC neni jen internet...bude stacit provest tzv opravnou instalaci - ta prepise a doplni systemove soubory ale data zustanou zachovana...

[sixmonsters]

dobře, zkusím to. momentálně ale nemůžu najít instalační cd... každopádně Vám děkuji za rady. kdyby něco, zase se ozvu.
tohle vlákno tedy můžete zavřít.

mějte se a ještě jednou děkuji za ochotu.
z.

[vyosek]

Vlakno nebudu uzavirat z jednoho prosteho duvodu - pokud byste mel roblem, napiste sem, abychom vedeli co se delalo atd...

Prozatim nemate zac