VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu, spomalený PC

https://forum.viry.cz:443/viewtopic.php?t=102465

Stránka 2 z 4

Re: Prosím o kontrolu, spomalený PC

Napsal: 08 črc 2010 21:58
od slejdo
PC už pracuje dobre a rýchlo, ale nejde mi prirodzeným spôsobom otvoriť disk C, ani D. Stále to otvorí, ako keby som dal možnosť ,,hľadať".. Keď chcem otvoriť nejaký z diskov, musím stlačiť pravé tlačidlo myši a tak dať otvoriť... :(

Re: Prosím o kontrolu, spomalený PC

Napsal: 08 črc 2010 22:08
od vyosek
:arrow: Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Re: Prosím o kontrolu, spomalený PC

Napsal: 08 črc 2010 22:29
od slejdo
############################## | UsbFix 7.016 | [Deletion]

User: GTX (Administrator) # ERATHIA [ ]
Updated 05/07/10 by El Desaparecido / C_XX
Started at 23:27:12 | 08/07/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Sempron(tm) Processor 2800+
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Windows Firewall: Enabled
Antivirus: AVG Anti-Virus Free 9.0 [Enabled | Updated]
RAM -> 511 Mb
C:\ (%systemdrive%) -> Fixed drive # 20 Gb (8 Mb free - 39%) [] # NTFS
D:\ -> Fixed drive # 55 Gb (9 Mb free - 16%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 968 Mb (968 Mb free - 100%) [KINGSTON] # FAT32

################## | Files # Infected Folders |

Deleted ! D:\msvcr71.dll
Not deleted ! G:\AUTORUN.INF

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[08/07/2010 - 19:35:36 | HD ] C:\$AVG
[05/03/2010 - 18:11:10 | A | 0] C:\AUTOEXEC.BAT
[05/07/2010 - 13:48:21 | SH | 211] C:\boot.ini
[08/07/2010 - 15:32:48 | HD ] C:\Config.Msi
[05/03/2010 - 18:11:10 | A | 0] C:\CONFIG.SYS
[05/03/2010 - 18:17:15 | D ] C:\Documents and Settings
[08/07/2010 - 15:48:07 | ASH | 536399872] C:\hiberfil.sys
[05/03/2010 - 18:11:10 | RASH | 0] C:\IO.SYS
[20/03/2006 - 11:28:10 | A | 2843162624] C:\MI-GTG.mdf
[15/03/2006 - 21:52:58 | A | 30434] C:\MI-GTG.mds
[07/03/2010 - 19:25:54 | D ] C:\Microgaming
[05/03/2010 - 18:11:10 | RASH | 0] C:\MSDOS.SYS
[29/05/2010 - 18:44:15 | A | 5104] C:\NanoRepository.bin
[29/05/2010 - 18:44:15 | A | 5104] C:\NanoRepository.bin.bak
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:34 | RASH | 250032] C:\ntldr
[26/03/2006 - 18:21:03 | A | 358] C:\návod.txt
[08/07/2010 - 15:48:06 | ASH | 805306368] C:\pagefile.sys
[08/07/2010 - 21:03:39 | D ] C:\Program Files
[08/07/2010 - 23:28:55 | SHD ] C:\RECYCLER
[08/07/2010 - 20:42:15 | D ] C:\rsit
[05/04/2010 - 13:17:46 | SHD ] C:\System Volume Information
[08/07/2010 - 23:28:55 | D ] C:\UsbFix
[08/07/2010 - 23:28:58 | A | 905] C:\UsbFix.txt
[08/07/2010 - 19:32:21 | D ] C:\WINDOWS
[11/05/2010 - 15:26:34 | AHC | 44] D:\.picasa.ini
[10/04/2010 - 14:35:08 | RDC ] D:\Andrejka
[05/10/2006 - 19:26:58 | RAC | 196096] D:\binkw32.dll
[24/04/2010 - 12:57:15 | DC ] D:\custom
[21/04/2010 - 18:59:05 | DC ] D:\data
[05/10/2006 - 19:37:50 | RAC | 1038848] D:\dbghelp.dll
[05/03/2010 - 18:52:10 | DC ] D:\Drivers for PC
[05/10/2006 - 19:37:40 | RAC | 8036] D:\EULA.txt
[21/01/2010 - 18:15:12 | DC ] D:\Fotolab
[05/10/2006 - 19:26:58 | RAC | 450103] D:\granny2.dll
[24/04/2010 - 12:57:58 | DC ] D:\hra
[04/07/2010 - 15:46:42 | DC ] D:\logs
[04/07/2010 - 18:40:18 | DC ] D:\marian
[06/11/2006 - 18:28:02 | AC | 19574784] D:\medieval2.exe
[04/07/2010 - 16:40:43 | AC | 2035] D:\medieval2.preference.cfg
[05/10/2006 - 19:37:50 | RAC | 1060864] D:\MFC71.dll
[05/10/2006 - 19:37:50 | RAC | 2179072] D:\mfc71d.dll
[21/04/2010 - 18:33:17 | DC ] D:\miles
[14/06/2010 - 13:19:42 | RD ] D:\Monika
[18/03/2007 - 17:33:07 | RHD ] D:\MSOCache
[05/10/2006 - 19:26:58 | RAC | 393216] D:\mss32.dll
[05/10/2006 - 19:37:50 | RAC | 499712] D:\msvcp71.dll
[05/10/2006 - 19:37:50 | RAC | 765952] D:\msvcp71d.dll
[05/10/2006 - 19:37:50 | RAC | 544768] D:\msvcr71d.dll
[21/04/2010 - 18:43:19 | DC ] D:\packs
[22/04/2010 - 14:56:21 | DC ] D:\preferences
[21/04/2010 - 19:25:00 | RDC ] D:\Program Files
[24/04/2010 - 13:08:25 | DC ] D:\PROGRAMY
[05/10/2006 - 19:37:40 | RAC | 8882] D:\Readme.txt
[08/07/2010 - 23:28:55 | SHD ] D:\RECYCLER
[25/04/2010 - 18:02:07 | DC ] D:\replays
[22/04/2010 - 14:50:11 | DC ] D:\saves
[05/03/2010 - 16:03:18 | SHD ] D:\System Volume Information
[04/07/2010 - 16:40:44 | AC | 45876] D:\system.log.txt
[11/02/2010 - 21:17:55 | AC | 385818] D:\talončik 001.jpg
[07/02/2010 - 13:35:10 | AC | 304094] D:\talončik.jpg
[22/04/2010 - 14:51:48 | DC ] D:\temp
[03/06/2010 - 12:37:50 | ASHC | 8192] D:\Thumbs.db
[01/02/2010 - 10:57:14 | H | 16] G:\AUTORUN.INF
[31/03/2009 - 20:25:48 | AH | 4] G:\_disk_id.pod
[03/11/2008 - 16:37:38 | RSHD ] G:\Recycled

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by Panda USB Vaccine

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_ERATHIA.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

Re: Prosím o kontrolu, spomalený PC

Napsal: 08 črc 2010 22:33
od vyosek
Jedna polozka smazana, zmenilo se neco :???:

Re: Prosím o kontrolu, spomalený PC

Napsal: 08 črc 2010 22:34
od slejdo
zatiaľ nič.. :(

Re: Prosím o kontrolu, spomalený PC

Napsal: 08 črc 2010 22:40
od vyosek
:arrow: Zkuste tohle http://www.dougknox.com/xp/fileassoc/folder_reg.zip - stahnete - rozbalte a pridejte do registru

:arrow: Napiste jestli pomohlo :)

Re: Prosím o kontrolu, spomalený PC

Napsal: 09 črc 2010 20:15
od slejdo
Nepomohlo :) Neviem čím to bude, raz mal podobný problém kamarát, preskenoval PC so SuperAntispywarom a opravilo mu to.. Mne to nepomohlo.. :(

Re: Prosím o kontrolu, spomalený PC

Napsal: 09 črc 2010 20:25
od vyosek
:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
  • Provedte aktualizaci - treti zalozka
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni


:arrow: Takze sken pomoci SuperAntispyware jste delal :???:

Re: Prosím o kontrolu, spomalený PC

Napsal: 09 črc 2010 20:30
od slejdo
áno, našiel niečo, zmazal som to, ale nič sa nezmenilo.. Skúsim teda ten test MBAM, keď sa dokončí a niečo nájde, tak hneď napíšem..

Re: Prosím o kontrolu, spomalený PC

Napsal: 09 črc 2010 21:24
od slejdo
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4296

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

9.7.2010 22:23:37
mbam-log-2010-07-09 (22-23-37).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 185776
Uplynulý čas: 48 min, 23 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 1
Infikované priečinky: 0
Infikované súbory: 2

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
D:\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken.
D:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Adware.WidgiToolbar) -> No action taken.

Re: Prosím o kontrolu, spomalený PC

Napsal: 10 črc 2010 05:00
od vyosek
:arrow: Vse co nasel MBAM smazte a zjistete co PC - pokud stale problemy, pokracujte Combofixem -vizte nize

PROSIM CTETE DUKLADNE NASLEDUJICI NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

Re: Prosím o kontrolu, spomalený PC

Napsal: 10 črc 2010 12:59
od slejdo
ComboFix 10-07-08.02 - GTX 10.07.2010 13:52:01.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.216 [GMT 2:00]
Running from: c:\documents and settings\GTX\My Documents\Preberanie\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\daemon.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-10 11:41 . 2010-07-10 11:41 -------- d-----w- c:\documents and settings\GTX\Application Data\AVG9
2010-07-08 21:31 . 2010-07-08 21:31 -------- d-----w- c:\program files\CleanUp!
2010-07-08 21:29 . 2010-07-08 21:29 184174 ----a-w- C:\UsbFix_Upload_Me_ERATHIA.zip
2010-07-08 21:26 . 2010-07-08 21:29 -------- d-----w- C:\UsbFix
2010-07-08 19:04 . 2010-07-08 19:04 63488 ----a-w- c:\documents and settings\GTX\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-08 19:04 . 2010-07-08 19:04 52224 ----a-w- c:\documents and settings\GTX\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-08 19:04 . 2010-07-08 19:04 117760 ----a-w- c:\documents and settings\GTX\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-08 19:03 . 2010-07-08 19:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-08 18:41 . 2010-07-08 18:42 -------- d-----w- C:\rsit
2010-07-08 17:35 . 2010-07-08 17:35 -------- d-----w- C:\$AVG
2010-07-08 13:36 . 2010-07-08 13:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 13:36 . 2010-07-08 13:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 13:36 . 2010-07-08 13:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 13:36 . 2010-07-08 13:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-08 13:36 . 2010-07-10 10:20 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-08 13:33 . 2010-07-08 13:33 -------- d-----w- c:\program files\AVG
2010-07-08 13:32 . 2010-07-08 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-08 12:49 . 2010-07-08 13:00 -------- d-----w- c:\program files\VITSOFT
2010-07-05 19:12 . 2010-07-05 19:12 -------- d-----w- c:\documents and settings\GTX\DoctorWeb
2010-07-05 17:50 . 2010-07-05 18:11 -------- d-----w- c:\documents and settings\GTX\Application Data\AusLogics
2010-07-05 17:48 . 2010-07-05 17:57 -------- d-----w- c:\program files\Auslogics
2010-07-05 15:17 . 2010-07-05 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-07-05 15:16 . 2010-07-05 15:16 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-07-05 14:36 . 2010-07-05 14:38 -------- d-----w- c:\documents and settings\GTX\.gimp-2.6
2010-07-04 17:10 . 2010-07-04 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-07-04 17:07 . 2010-07-04 17:07 -------- d-----w- c:\documents and settings\GTX\Application Data\Malwarebytes
2010-07-04 17:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-04 17:07 . 2010-07-04 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 17:07 . 2010-07-04 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-04 17:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 16:47 . 2010-07-04 16:47 -------- d-----w- c:\program files\CCleaner
2010-07-04 16:45 . 2007-08-31 10:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-07-04 16:45 . 2007-08-31 10:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-07-04 16:45 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-07-04 16:45 . 2001-08-24 06:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-07-04 16:45 . 1999-11-22 13:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-07-04 16:45 . 1999-11-22 13:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-06-17 16:32 . 2010-06-17 16:32 -------- d-----w- c:\documents and settings\GTX\Application Data\Unity
2010-06-17 16:29 . 2010-06-17 16:29 -------- d-----w- c:\documents and settings\GTX\Local Settings\Application Data\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 15:45 . 2010-03-05 17:18 67872 ----a-w- c:\documents and settings\GTX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-08 19:03 . 2010-04-05 08:54 -------- d-----w- c:\documents and settings\GTX\Application Data\SUPERAntiSpyware.com
2010-07-08 18:42 . 2010-04-05 08:50 -------- d-----w- c:\program files\Trend Micro
2010-07-08 13:21 . 2010-04-07 17:29 -------- d-----w- c:\program files\Panda Security
2010-07-06 17:07 . 2010-04-05 08:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-06 14:30 . 2010-05-15 17:40 -------- d-----w- c:\program files\SweetIM
2010-07-06 14:30 . 2010-05-15 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2010-07-05 16:57 . 2010-03-05 16:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-05 08:09 . 2010-04-06 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-07-04 16:32 . 2010-03-07 15:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-04 15:59 . 2010-04-05 08:30 -------- d-----w- c:\program files\VS Revo Group
2010-05-31 11:27 . 2010-03-05 20:27 -------- d-----w- c:\documents and settings\GTX\Application Data\Skype
2010-05-29 16:44 . 2010-05-27 23:31 5104 ----a-w- C:\NanoRepository.bin
2010-05-23 14:39 . 2010-05-23 14:39 503808 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d42e1e7-n\msvcp71.dll
2010-05-23 14:39 . 2010-05-23 14:39 499712 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d42e1e7-n\jmc.dll
2010-05-23 14:39 . 2010-05-23 14:39 12800 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49aff5b7-n\decora-d3d.dll
2010-05-23 14:39 . 2010-05-23 14:39 61440 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49aff5b7-n\decora-sse.dll
2010-05-23 14:39 . 2010-05-23 14:39 348160 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d42e1e7-n\msvcr71.dll
2010-05-19 18:40 . 2010-03-05 20:28 -------- d-----w- c:\documents and settings\GTX\Application Data\skypePM
2010-05-19 18:38 . 2010-03-05 20:33 -------- d-----w- c:\documents and settings\GTX\Application Data\ICQ
2010-05-18 17:41 . 2010-04-08 13:50 -------- d-----w- c:\documents and settings\GTX\Application Data\Image Zone Express
2010-05-18 17:23 . 2010-03-07 17:26 -------- d-----w- c:\documents and settings\GTX\Application Data\Microgaming
2010-05-15 19:24 . 2010-03-05 20:26 -------- d-----r- c:\program files\Skype
2010-05-14 17:41 . 2010-04-20 16:01 -------- d-----w- c:\documents and settings\GTX\Application Data\Hamachi
2010-05-07 10:55 . 2010-05-07 10:55 255472 ----a-w- c:\documents and settings\GTX\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-24 17:57 . 2010-04-08 13:39 108615 ----a-w- c:\windows\hpoins08.dat
2010-04-22 15:35 . 2010-04-22 15:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 17:23 . 2010-04-21 17:12 2493 ----a-w- c:\program files\system.log.txt
2010-04-20 16:00 . 2010-04-20 16:00 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-18 11:50 . 2010-04-18 11:50 61440 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-444e16a2-n\decora-sse.dll
2010-04-18 11:50 . 2010-04-18 11:50 12800 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-444e16a2-n\decora-d3d.dll
2010-04-18 11:50 . 2010-04-18 11:50 503808 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54e95e7b-n\msvcp71.dll
2010-04-18 11:50 . 2010-04-18 11:50 499712 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54e95e7b-n\jmc.dll
2010-04-18 11:50 . 2010-04-18 11:50 348160 ----a-w- c:\documents and settings\GTX\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54e95e7b-n\msvcr71.dll
2006-11-06 16:28 . 2010-04-21 17:10 19574784 ----a-w- c:\program files\medieval2.exe
2010-04-05 08:45 . 2010-04-05 08:45 23 --sha-w- c:\windows\system32\edacded0.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-08 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\GTX\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-08 13:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-07 18:24 136176 ----atw- c:\documents and settings\GTX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-03-28 12:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\GTX\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 4:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 15:37 5504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8.7.2010 15:36 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8.7.2010 15:36 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8.7.2010 15:34 308136]
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-602162358-839522115-1003Core.job
- c:\documents and settings\GTX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-07 18:24]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-602162358-839522115-1003UA.job
- c:\documents and settings\GTX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-07 18:24]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - c:\documents and settings\GTX\Application Data\Mozilla\Firefox\Profiles\ijo9zjr3.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\documents and settings\GTX\Application Data\Mozilla\Firefox\Profiles\ijo9zjr3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\GTX\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\GTX\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\GTX\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 13:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82161C70]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf86b9fc3
\Driver\ACPI -> ACPI.sys @ 0xf853ccb8
\Driver\atapi -> 0x82161c70
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf83a6bc3
PacketIndicateHandler -> NDIS.sys @ 0xf83b2b21
SendHandler -> NDIS.sys @ 0xf83a6d33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-07-10 13:58:34
ComboFix-quarantined-files.txt 2010-07-10 11:58

Pre-Run: 7 866 998 784 bytes free
Post-Run: 7 862 308 864 voľných bajtov

- - End Of File - - 89F84C75384C6727B69EAF3AD0FC37F0

Re: Prosím o kontrolu, spomalený PC

Napsal: 10 črc 2010 13:01
od slejdo
A už to funguje :) ďakujem..

Re: Prosím o kontrolu, spomalený PC

Napsal: 10 črc 2010 14:57
od vyosek
:arrow: Je super ze otevirani slozek funguje, ale mate tam rootkity jeste :?: Takove mensi stadecko si tam chovate :)

:arrow: Odinstalujte vsechny emulatory virtualnich jednotek (Deamon Tools, Alcohol 120%, PowerISO apod)

:arrow: Stahnete SPTD http://www.duplexsecure.com/en/downloads
  • Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
  • Ulozte na plochu a spustte
  • Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
  • Ulozte na plochu a spustte
  • Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    "%userprofile%\plocha\mbr" -t
  • Kliknete na OK
  • Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
:arrow: Dejte logy z Gmeru - viz muj podpis

Re: Prosím o kontrolu, spomalený PC

Napsal: 10 črc 2010 19:31
od slejdo
Ako sa tam tie rootkity dostali? Existuje nejaký antirootkitový program, niečo na spôsob MBAM, ktorý by ich odhalil a zmazal? Tu je ten log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Všechny časy jsou v UTC+01:00
Stránka 2 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz