Re: Spomalené spúštanie a zamŕzanie PC
Napsal: 20 pro 2011 23:11
Spusťte znovu CF tímto skriptem:
Collect::
C:\WINDOWS\system32\DRIVERS\spnq.sys
Driver::
spnq
Teraz sa mi už zdá že PC reaguje rýchlejšie
Tu je log:
ComboFix 11-12-18.01 - Maxx 20.12.2011 23:25:57.7.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.421.1033.18.3070.2546 [GMT 1:00]
Running from: c:\documents and settings\Maxx\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Maxx\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\grpconv.exe . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-19 18:40 . 2011-12-19 18:40 -------- d-----w- c:\program files\Common Files\Java
2011-12-19 12:27 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-12-19 12:20 . 2011-12-19 12:20 -------- d-----w- c:\windows\ServicePackFiles
2011-12-19 12:16 . 2011-12-19 12:16 -------- d-----w- c:\windows\ie8updates
2011-12-19 11:55 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-19 11:55 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-19 11:55 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-19 11:55 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-19 11:55 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-12-19 11:54 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-12-19 11:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-12-18 20:54 . 2011-12-18 20:54 -------- d-----w- c:\program files\trend micro
2011-12-15 21:49 . 2011-12-15 21:49 -------- d-----w- c:\documents and settings\Maxx\Local Settings\Application Data\SWTOR
2011-12-09 15:52 . 2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 17:58 . 2009-02-10 11:45 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-20 17:58 . 2009-10-16 15:28 280736 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-20 17:58 . 2009-02-10 11:45 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-12 07:20 . 2011-05-19 13:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 04:54 . 2010-07-02 07:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2010-04-05 11:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-27 20:52 . 2009-02-10 11:45 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-01 11:35 . 2009-02-10 11:40 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-10 21:26 . 2011-03-22 17:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-20_19.24.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-20 22:39 . 2011-12-20 22:39 16384 c:\windows\temp\Perflib_Perfdata_7d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 634880]
"WLSS"="c:\program files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"Wow Video&Audio"="c:\program files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 951856]
"SMBTray"="c:\program files\Compal\Smart Battery\SMBTray.exe" [2007-05-03 525872]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-06 3076144]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\Maxx\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\qoobox\Quarantine\C\Program Files\ESET\MiNODLogin\MiNODLogin.exe.vir [2011-4-10 125952]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 561213]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Maxx^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Maxx^Start Menu^Programs^Startup^Registrace Need for Speed™ Undercover.lnk]
backup=c:\windows\pss\Registrace Need for Speed™ Undercover.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Maxx^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
path=c:\documents and settings\Maxx\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-21 19:28 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 -c--a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 -c--a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Research\\Microsoft WorldWide Telescope\\WWTExplorer.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars - The Old Republic\\launcher.exe"=
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9.2.2009 21:22 9856]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.2.2009 19:15 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.9.2011 17:16 974944]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [25.11.2008 5:31 29263712]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 9:15 1021256]
R3 CamFilter;CamFilter;c:\windows\system32\drivers\Camfilter.sys [11.5.2007 15:56 16640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [15.3.2009 20:10 33792]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 6:24 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate1c9a4e2fa428f40;Služba Google Update (gupdate1c9a4e2fa428f40);c:\program files\Google\Update\GoogleUpdate.exe [14.3.2009 21:25 133104]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [14.8.2011 22:02 20328]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.3.2009 21:25 133104]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16.3.2009 18:37 47360]
S3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys --> c:\windows\system32\Drivers\Tetris.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - project
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-20 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 08:20]
.
2011-12-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-14 19:02]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 20:25]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 20:25]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1383384898-839522115-1004Core.job
- c:\documents and settings\Maxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-28 20:21]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1383384898-839522115-1004UA.job
- c:\documents and settings\Maxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-28 20:21]
.
2011-12-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-01-02 17:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
FF - ProfilePath - c:\documents and settings\Maxx\Application Data\Mozilla\Firefox\Profiles\3m5vybgw.Maxx\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,a3,06,c1,4f,a3,53,40,9f,c9,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,a3,06,c1,4f,a3,53,40,9f,c9,53,\
.
[HKEY_USERS\S-1-5-21-1177238915-1383384898-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:87,5c,23,2e,59,9c,b0,f8,1e,5a,e8,64,01,8f,f0,d7,84,77,1a,22,9d,6e,35,
b3,8f,74,2c,26,e6,60,72,91,e4,53,dc,42,ee,92,f9,a0,7a,e6,88,83,6f,bc,59,b1,\
"??"=hex:d0,96,31,cc,25,4d,2f,a7,55,b4,50,87,33,ea,85,a6
.
[HKEY_USERS\S-1-5-21-1177238915-1383384898-839522115-1004\Software\SecuROM\license information*]
"datasecu"=hex:fd,d6,40,25,24,3b,9e,2d,fe,6f,29,6a,cb,70,1c,10,c0,c0,6c,22,d1,
d2,06,c7,61,1a,d7,03,75,a5,a0,49,ba,e0,90,72,6f,ba,28,31,df,23,c1,18,83,85,\
"rkeysecu"=hex:d6,d1,4b,0c,ee,cc,d6,3b,30,d8,77,42,9f,3f,69,3d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(620)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\WIDCOMM\Bluetooth Software\btkeyind.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2011-12-20 23:45:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 22:45
ComboFix2.txt 2011-12-20 20:24
ComboFix3.txt 2011-12-20 19:28
ComboFix4.txt 2011-12-18 21:53
ComboFix5.txt 2011-12-20 22:19
.
Pre-Run: 15 047 294 976 bytes free
Post-Run: 26 adresárov, 15 044 665 344 voľných bajtov
.
- - End Of File - - B9469F1ABE91EC3F3CD6597693BF6CB7
