Re: Zpomalení PC
Napsal: 26 zář 2012 09:45
akcia zo vcera 12:13 v nudzovom rezime ide/nejde 
Stránka 2 z 2
Re: Zpomalení PC
Napsal: 26 zář 2012 09:48
Ted se mi podařilo to přesunout ten script na ikonu combofixu přes správce uloh, Combofix se nainstaloval, resp. rozbalil a ted ta běží ty fáze, tak snad to zabere. Jinak nevidím ikony a vůbec nic ani v nouzovým
Re: Zpomalení PC
Napsal: 26 zář 2012 09:56
zde je log:
ComboFix 12-09-24.03 - Administrator 26.09.2012 11:47:06.3.2 - x86
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-26 do 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 16:58 . 2012-09-26 16:58 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-09-26 16:57 . 2006-10-06 17:09 155648 ----a-w- c:\windows\system32\igfxres.dll
2012-09-26 16:47 . 2012-09-26 16:47 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2012-09-26 16:44 . 2012-09-26 16:52 -------- d-----w- c:\documents and settings\Administrator.ADMIN-303BA3AFB
2012-09-26 16:44 . 2012-09-26 16:44 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2012-09-26 11:11 . 2008-04-14 12:00 61440 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\1029\spcplui.dll
2012-09-26 11:09 . 2012-09-26 11:14 -------- d--h--w- c:\documents and settings\Default User.WINXP
2012-09-26 11:09 . 2012-09-26 11:10 -------- d-----w- c:\documents and settings\All Users.WINXP
2012-09-26 11:03 . 2012-09-26 11:14 -------- d-----w- C:\WINXP
2012-09-26 09:30 . 2012-09-26 09:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-26 06:41 . 2012-09-26 06:42 -------- d-----w- c:\windows\_TMP
2012-09-25 21:57 . 2012-09-25 21:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-09-25 21:48 . 2012-09-25 21:48 342 ----a-w- C:\b.bat
2012-09-25 21:32 . 2012-09-25 21:36 -------- d-----w- C:\21e0e1b3ec1e33499190
2012-09-25 21:15 . 2008-04-14 03:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-09-25 21:15 . 2008-04-14 03:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-09-25 21:15 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-09-25 21:15 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-09-25 21:15 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-09-25 21:14 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-09-25 21:14 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-09-25 21:14 . 2008-04-13 20:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-09-25 21:14 . 2008-04-13 22:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-09-25 21:14 . 2008-04-13 20:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-09-25 21:14 . 2008-04-14 03:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-09-25 21:14 . 2008-04-13 22:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-09-25 21:14 . 2008-04-13 20:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-09-25 21:14 . 2001-08-17 10:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-09-25 21:12 . 2001-08-17 11:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-09-25 21:11 . 2001-08-17 11:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2012-09-25 21:10 . 2001-08-17 11:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-09-25 21:09 . 2001-08-17 12:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2012-09-25 21:09 . 2001-08-17 10:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-09-25 21:09 . 2001-08-17 10:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2012-09-25 21:09 . 2001-08-17 10:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-09-25 21:09 . 2001-08-17 12:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2012-09-25 21:09 . 2008-04-13 22:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-09-25 21:09 . 2001-08-17 10:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-09-25 21:09 . 2001-08-17 10:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-09-25 21:09 . 2001-08-17 11:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-09-25 21:09 . 2001-08-17 11:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-09-25 21:09 . 2001-08-17 10:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-09-25 21:09 . 2001-08-17 12:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-09-25 21:09 . 2001-08-17 12:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2012-09-25 21:07 . 2001-08-17 10:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-09-25 21:07 . 2001-08-17 20:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-09-25 21:07 . 2001-08-17 11:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-09-25 21:07 . 2001-08-17 20:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-09-25 21:07 . 2001-08-17 12:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-09-25 21:07 . 2001-08-17 11:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-09-25 21:07 . 2001-08-17 10:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-09-25 21:07 . 2001-08-17 20:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-09-25 21:07 . 2001-08-17 10:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-09-25 21:07 . 2001-08-17 11:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-09-25 21:07 . 2008-04-13 22:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-09-25 21:07 . 2001-08-17 11:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-09-25 21:07 . 2001-08-17 10:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-09-25 21:05 . 2001-08-17 12:56 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2012-09-25 21:04 . 2001-08-17 11:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-09-25 21:03 . 2001-08-17 10:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-09-25 21:02 . 2001-08-17 11:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-09-25 21:01 . 2001-08-17 20:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-09-25 21:00 . 2001-08-17 12:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2012-09-25 20:59 . 2001-08-17 12:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-09-25 20:59 . 2001-08-17 12:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-09-25 20:59 . 2001-08-17 12:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-09-25 20:59 . 2001-08-17 12:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-09-25 20:59 . 2001-08-17 11:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-09-25 20:59 . 2001-08-17 10:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-09-25 20:59 . 2001-08-17 10:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-09-25 20:59 . 2001-08-17 10:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-09-25 20:59 . 2001-08-17 10:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-09-25 20:59 . 2001-08-17 20:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-09-25 20:59 . 2001-08-17 10:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-09-25 20:59 . 2001-08-17 11:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-09-25 20:59 . 2001-08-17 11:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-09-25 20:57 . 2001-08-17 10:11 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2012-09-25 20:57 . 2001-08-17 11:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2012-09-25 20:57 . 2001-08-17 20:36 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2012-09-25 20:57 . 2001-08-17 11:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2012-09-25 20:57 . 2001-08-17 20:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-09-25 20:57 . 2001-08-17 11:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2012-09-25 20:57 . 2001-08-17 10:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-09-25 20:57 . 2008-04-13 22:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-09-25 20:57 . 2008-04-13 22:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-09-25 20:57 . 2001-08-17 11:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-09-25 20:57 . 2001-08-17 12:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-09-25 20:57 . 2008-04-13 22:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-09-25 20:55 . 2001-08-17 11:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2012-09-25 20:54 . 2001-08-17 10:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-09-25 20:54 . 2001-08-17 20:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-09-25 20:54 . 2008-04-14 03:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-09-25 20:54 . 2008-04-14 03:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-09-25 20:54 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-09-25 20:54 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-09-25 20:54 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-09-25 20:54 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-09-25 20:54 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-09-25 20:54 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-09-25 20:53 . 2001-08-17 11:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-09-25 20:53 . 2001-08-17 11:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2012-09-25 20:53 . 2008-04-14 03:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2012-09-25 20:53 . 2001-08-17 11:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2012-09-25 20:53 . 2008-04-14 03:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2012-09-25 20:53 . 2008-04-13 22:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2012-09-25 20:53 . 2001-08-17 10:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-09-25 20:53 . 2001-08-17 20:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-09-25 20:53 . 2001-08-17 11:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2012-09-25 20:53 . 2008-04-13 22:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-09-25 20:53 . 2001-08-17 11:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2012-09-25 20:53 . 2001-08-17 11:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2012-09-25 20:51 . 2001-08-17 11:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-09-25 20:50 . 2001-08-17 20:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-09-25 20:49 . 2001-08-17 10:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2012-09-25 20:48 . 2001-08-17 10:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2012-09-25 20:47 . 2001-08-17 10:10 19996 -c--a-w- c:\windows\system32\dllcache\em556n4.sys
2012-09-25 20:46 . 2008-04-13 22:10 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2012-09-25 20:45 . 2001-08-17 11:52 179584 -c--a-w- c:\windows\system32\dllcache\dac2w2k.sys
2012-09-25 20:44 . 2001-08-17 10:13 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2012-09-25 20:43 . 2001-08-17 11:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-09-25 20:42 . 2001-08-17 12:56 104832 -c--a-w- c:\windows\system32\dllcache\atiraged.dll
2012-09-25 20:41 . 2001-08-17 12:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2012-09-25 20:41 . 2001-08-17 10:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2012-09-25 20:41 . 2001-08-17 12:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2012-09-25 20:41 . 2001-08-17 11:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2012-05-14 07:59 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-07-08 16:18 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-05-14 07:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-03-30 23:50 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2011-09-17 12:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 00:54 . 2009-10-24 00:54 36864 ----a-w- c:\program files\SvcMan.exe
2009-10-24 00:54 . 2009-10-24 00:54 4608 ----a-w- c:\program files\SSPORT.sys
2009-10-24 00:54 . 2009-10-24 00:54 11576 ----a-w- c:\program files\SSPortVista.sys
2009-10-24 00:54 . 2009-10-24 00:54 81920 ----a-w- c:\program files\ssdevm.dll
2009-10-24 00:54 . 2009-10-24 00:54 155648 ----a-w- c:\program files\sskinst.exe
2009-10-24 00:52 . 2009-10-24 00:52 1445 ----a-w- c:\program files\layout.bin
2009-10-24 00:52 . 2009-10-24 00:52 38400 ----a-w- c:\program files\DgivEcpXP.sys
2009-10-24 00:52 . 2009-10-24 00:52 53816 ----a-w- c:\program files\DgivEcpVista.sys
2009-10-24 00:52 . 2009-10-24 00:52 53816 ----a-w- c:\program files\DgivEcp64.sys
2009-10-24 00:52 . 2009-10-24 00:52 41984 ----a-w- c:\program files\DgivEcp.sys
2012-09-07 20:38 . 2012-09-07 20:37 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-29 01:23 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"syncagentsrv"=2 (0x2)
"afcdpsrv"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 SASDIFSV;SASDIFSV;c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 nh1ofazi.sys;nh1ofazi.sys;c:\windows\system32\drivers\nh1ofazi.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 31672389
*NewlyCreated* - 49783251
*Deregistered* - 31672389
*Deregistered* - 49783251
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-115176313-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-25 10:42]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-115176313-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-25 10:42]
.
2012-08-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-115176313-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-08-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-115176313-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-09-25 c:\windows\Tasks\User_Feed_Synchronization-{72B9A595-E6B8-42BD-B07A-F26682678332}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: Interfaces\{C6206B08-4106-4B29-8D37-038B7E909A56}: NameServer = 192.168.22.138
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q25e6m5u.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-49783251.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-26 11:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-115176313-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,1c,31,da,24,6c,cc,43,ba,27,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,1c,31,da,24,6c,cc,43,ba,27,70,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-09-26 11:56:10
ComboFix-quarantined-files.txt 2012-09-26 09:56
ComboFix2.txt 2012-09-26 08:57
ComboFix3.txt 2012-09-25 15:17
.
Před spuštěním: 138 993 197 056 bytes free
Po spuštění: Volných bajtů: 138 978 992 128
.
- - End Of File - - 901DFED092567D5E01036B9CB09F2586
ComboFix 12-09-24.03 - Administrator 26.09.2012 11:47:06.3.2 - x86
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-26 do 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 16:58 . 2012-09-26 16:58 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-09-26 16:57 . 2006-10-06 17:09 155648 ----a-w- c:\windows\system32\igfxres.dll
2012-09-26 16:47 . 2012-09-26 16:47 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2012-09-26 16:44 . 2012-09-26 16:52 -------- d-----w- c:\documents and settings\Administrator.ADMIN-303BA3AFB
2012-09-26 16:44 . 2012-09-26 16:44 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2012-09-26 11:11 . 2008-04-14 12:00 61440 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\1029\spcplui.dll
2012-09-26 11:09 . 2012-09-26 11:14 -------- d--h--w- c:\documents and settings\Default User.WINXP
2012-09-26 11:09 . 2012-09-26 11:10 -------- d-----w- c:\documents and settings\All Users.WINXP
2012-09-26 11:03 . 2012-09-26 11:14 -------- d-----w- C:\WINXP
2012-09-26 09:30 . 2012-09-26 09:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-26 06:41 . 2012-09-26 06:42 -------- d-----w- c:\windows\_TMP
2012-09-25 21:57 . 2012-09-25 21:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-09-25 21:48 . 2012-09-25 21:48 342 ----a-w- C:\b.bat
2012-09-25 21:32 . 2012-09-25 21:36 -------- d-----w- C:\21e0e1b3ec1e33499190
2012-09-25 21:15 . 2008-04-14 03:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-09-25 21:15 . 2008-04-14 03:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-09-25 21:15 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-09-25 21:15 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-09-25 21:15 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-09-25 21:14 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-09-25 21:14 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-09-25 21:14 . 2008-04-13 20:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-09-25 21:14 . 2008-04-13 22:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-09-25 21:14 . 2008-04-13 20:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-09-25 21:14 . 2008-04-14 03:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-09-25 21:14 . 2008-04-13 22:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-09-25 21:14 . 2008-04-13 20:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-09-25 21:14 . 2001-08-17 10:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-09-25 21:12 . 2001-08-17 11:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-09-25 21:11 . 2001-08-17 11:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2012-09-25 21:10 . 2001-08-17 11:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-09-25 21:09 . 2001-08-17 12:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2012-09-25 21:09 . 2001-08-17 10:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-09-25 21:09 . 2001-08-17 10:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2012-09-25 21:09 . 2001-08-17 10:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-09-25 21:09 . 2001-08-17 12:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2012-09-25 21:09 . 2008-04-13 22:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-09-25 21:09 . 2001-08-17 10:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-09-25 21:09 . 2001-08-17 10:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-09-25 21:09 . 2001-08-17 11:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-09-25 21:09 . 2001-08-17 11:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-09-25 21:09 . 2001-08-17 10:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-09-25 21:09 . 2001-08-17 12:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-09-25 21:09 . 2001-08-17 12:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2012-09-25 21:07 . 2001-08-17 10:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-09-25 21:07 . 2001-08-17 20:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-09-25 21:07 . 2001-08-17 11:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-09-25 21:07 . 2001-08-17 20:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-09-25 21:07 . 2001-08-17 12:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-09-25 21:07 . 2001-08-17 11:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-09-25 21:07 . 2001-08-17 10:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-09-25 21:07 . 2001-08-17 20:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-09-25 21:07 . 2001-08-17 10:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-09-25 21:07 . 2001-08-17 11:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-09-25 21:07 . 2008-04-13 22:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-09-25 21:07 . 2001-08-17 11:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-09-25 21:07 . 2001-08-17 10:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-09-25 21:05 . 2001-08-17 12:56 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2012-09-25 21:04 . 2001-08-17 11:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-09-25 21:03 . 2001-08-17 10:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-09-25 21:02 . 2001-08-17 11:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-09-25 21:01 . 2001-08-17 20:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-09-25 21:00 . 2001-08-17 12:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2012-09-25 20:59 . 2001-08-17 12:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-09-25 20:59 . 2001-08-17 12:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-09-25 20:59 . 2001-08-17 12:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-09-25 20:59 . 2001-08-17 12:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-09-25 20:59 . 2001-08-17 11:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-09-25 20:59 . 2001-08-17 10:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-09-25 20:59 . 2001-08-17 10:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-09-25 20:59 . 2001-08-17 10:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-09-25 20:59 . 2001-08-17 10:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-09-25 20:59 . 2001-08-17 20:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-09-25 20:59 . 2001-08-17 10:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-09-25 20:59 . 2001-08-17 11:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-09-25 20:59 . 2001-08-17 11:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-09-25 20:57 . 2001-08-17 10:11 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2012-09-25 20:57 . 2001-08-17 11:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2012-09-25 20:57 . 2001-08-17 20:36 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2012-09-25 20:57 . 2001-08-17 11:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2012-09-25 20:57 . 2001-08-17 20:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-09-25 20:57 . 2001-08-17 11:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2012-09-25 20:57 . 2001-08-17 10:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-09-25 20:57 . 2008-04-13 22:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-09-25 20:57 . 2008-04-13 22:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-09-25 20:57 . 2001-08-17 11:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-09-25 20:57 . 2001-08-17 12:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-09-25 20:57 . 2008-04-13 22:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-09-25 20:55 . 2001-08-17 11:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2012-09-25 20:54 . 2001-08-17 10:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-09-25 20:54 . 2001-08-17 20:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-09-25 20:54 . 2008-04-14 03:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-09-25 20:54 . 2008-04-14 03:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-09-25 20:54 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-09-25 20:54 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-09-25 20:54 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-09-25 20:54 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-09-25 20:54 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-09-25 20:54 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-09-25 20:53 . 2001-08-17 11:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-09-25 20:53 . 2001-08-17 11:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2012-09-25 20:53 . 2008-04-14 03:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2012-09-25 20:53 . 2001-08-17 11:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2012-09-25 20:53 . 2008-04-14 03:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2012-09-25 20:53 . 2008-04-13 22:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2012-09-25 20:53 . 2001-08-17 10:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-09-25 20:53 . 2001-08-17 20:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-09-25 20:53 . 2001-08-17 11:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2012-09-25 20:53 . 2008-04-13 22:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-09-25 20:53 . 2001-08-17 11:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2012-09-25 20:53 . 2001-08-17 11:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2012-09-25 20:51 . 2001-08-17 11:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-09-25 20:50 . 2001-08-17 20:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-09-25 20:49 . 2001-08-17 10:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2012-09-25 20:48 . 2001-08-17 10:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2012-09-25 20:47 . 2001-08-17 10:10 19996 -c--a-w- c:\windows\system32\dllcache\em556n4.sys
2012-09-25 20:46 . 2008-04-13 22:10 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2012-09-25 20:45 . 2001-08-17 11:52 179584 -c--a-w- c:\windows\system32\dllcache\dac2w2k.sys
2012-09-25 20:44 . 2001-08-17 10:13 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2012-09-25 20:43 . 2001-08-17 11:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-09-25 20:42 . 2001-08-17 12:56 104832 -c--a-w- c:\windows\system32\dllcache\atiraged.dll
2012-09-25 20:41 . 2001-08-17 12:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2012-09-25 20:41 . 2001-08-17 10:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2012-09-25 20:41 . 2001-08-17 12:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2012-09-25 20:41 . 2001-08-17 11:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2012-05-14 07:59 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-07-08 16:18 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-05-14 07:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-03-30 23:50 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2011-09-17 12:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 00:54 . 2009-10-24 00:54 36864 ----a-w- c:\program files\SvcMan.exe
2009-10-24 00:54 . 2009-10-24 00:54 4608 ----a-w- c:\program files\SSPORT.sys
2009-10-24 00:54 . 2009-10-24 00:54 11576 ----a-w- c:\program files\SSPortVista.sys
2009-10-24 00:54 . 2009-10-24 00:54 81920 ----a-w- c:\program files\ssdevm.dll
2009-10-24 00:54 . 2009-10-24 00:54 155648 ----a-w- c:\program files\sskinst.exe
2009-10-24 00:52 . 2009-10-24 00:52 1445 ----a-w- c:\program files\layout.bin
2009-10-24 00:52 . 2009-10-24 00:52 38400 ----a-w- c:\program files\DgivEcpXP.sys
2009-10-24 00:52 . 2009-10-24 00:52 53816 ----a-w- c:\program files\DgivEcpVista.sys
2009-10-24 00:52 . 2009-10-24 00:52 53816 ----a-w- c:\program files\DgivEcp64.sys
2009-10-24 00:52 . 2009-10-24 00:52 41984 ----a-w- c:\program files\DgivEcp.sys
2012-09-07 20:38 . 2012-09-07 20:37 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-29 01:23 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"syncagentsrv"=2 (0x2)
"afcdpsrv"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 SASDIFSV;SASDIFSV;c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 nh1ofazi.sys;nh1ofazi.sys;c:\windows\system32\drivers\nh1ofazi.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 31672389
*NewlyCreated* - 49783251
*Deregistered* - 31672389
*Deregistered* - 49783251
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-115176313-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-25 10:42]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-115176313-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-25 10:42]
.
2012-08-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-115176313-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-08-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-115176313-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-09-25 c:\windows\Tasks\User_Feed_Synchronization-{72B9A595-E6B8-42BD-B07A-F26682678332}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: Interfaces\{C6206B08-4106-4B29-8D37-038B7E909A56}: NameServer = 192.168.22.138
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q25e6m5u.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-49783251.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-26 11:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-115176313-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,1c,31,da,24,6c,cc,43,ba,27,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,1c,31,da,24,6c,cc,43,ba,27,70,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-09-26 11:56:10
ComboFix-quarantined-files.txt 2012-09-26 09:56
ComboFix2.txt 2012-09-26 08:57
ComboFix3.txt 2012-09-25 15:17
.
Před spuštěním: 138 993 197 056 bytes free
Po spuštění: Volných bajtů: 138 978 992 128
.
- - End Of File - - 901DFED092567D5E01036B9CB09F2586
Re: Zpomalení PC
Napsal: 26 zář 2012 10:07
preventivne prescanuj s NSC http://www.softpedia.com/progDownload/N ... 04305.html a potom s MBAM
- explorer.exe nejde spustit rucne
- explorer.exe nejde spustit rucne
Re: Zpomalení PC
Napsal: 26 zář 2012 10:09
Explorer nejde pustit. Hned se ukončí.. MBAM taky nejde pustit...
Re: Zpomalení PC
Napsal: 26 zář 2012 10:16
spust rkill podla navodu kolegu http://forum.viry.cz/viewtopic.php?f=13 ... l#p1148170
log vloz a skus spustit explorer.exe
log vloz a skus spustit explorer.exe
Re: Zpomalení PC
Napsal: 26 zář 2012 10:22
zde je log: (explorer.exe) furt to samé..
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/26/2012 12:20:44 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Documents and Settings\Administrator\My Documents\Downloads\Norman_Sinowal_Cleaner.exe (PID: 2412) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 09/26/2012 12:21:25 PM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/26/2012 12:20:44 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Documents and Settings\Administrator\My Documents\Downloads\Norman_Sinowal_Cleaner.exe (PID: 2412) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 09/26/2012 12:21:25 PM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
Re: Zpomalení PC
Napsal: 26 zář 2012 10:39
citat:
Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu
•Do okna vlozte skript nize
•Kód:
:filefind
explorer.exe
•Kliknete na Look
•Tlacitko Look se zmeni na Scanning a zsedne
•Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
•Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu
•Do okna vlozte skript nize
•Kód:
:filefind
explorer.exe
•Kliknete na Look
•Tlacitko Look se zmeni na Scanning a zsedne
•Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
•Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte