VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pomalé nabíhání PC

https://forum.viry.cz:443/viewtopic.php?t=130205

Stránka 2 z 2

Re: Pomalé nabíhání PC

Napsal: 12 kvě 2013 21:00
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Pomalé nabíhání PC

Napsal: 12 kvě 2013 21:49
od Momoum
ComboFix 13-05-12.01 - Uživatel 11.05.2013 22:38:48.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1277 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents
c:\windows\EventSystem.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\wininit.ini
.
---- Předchozí spuštění -------
.
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-11 do 2013-05-11 )))))))))))))))))))))))))))))))
.
.
2013-05-11 04:32 . 2013-05-11 04:32 -------- d---a-w- c:\windows\VDLL.DLL
2013-05-11 04:32 . 2013-05-11 04:32 -------- d---a-w- c:\windows\system32\runouce.exe
2013-05-11 04:32 . 2013-05-11 04:32 -------- d---a-w- c:\windows\RUNDL132.EXE
2013-05-11 04:32 . 2013-05-11 04:32 -------- d---a-w- c:\windows\logo_1.exe
2013-05-11 04:31 . 2013-05-11 18:29 -------- d-----w- c:\program files\trend micro
2013-05-11 04:01 . 2013-05-11 04:01 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-05-11 04:00 . 2013-05-11 04:00 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-11 04:00 . 2013-05-11 04:00 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-11 04:00 . 2013-05-11 04:00 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-05-11 04:00 . 2013-05-11 04:00 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-05-11 04:00 . 2013-05-11 04:00 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-05-11 04:00 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2013-05-11 04:00 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2013-05-11 04:00 . 2013-05-11 04:00 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-05-11 03:59 . 2013-05-11 04:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2013-05-11 03:30 . 2013-05-11 03:52 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Download Manager
2013-05-11 03:10 . 2013-05-11 03:10 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Malwarebytes
2013-05-11 03:09 . 2013-05-11 03:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-05-10 11:31 . 2013-05-10 11:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2013-05-10 09:05 . 2013-05-10 09:07 -------- d-----w- c:\program files\VirtualDJ
2013-04-29 14:16 . 2013-04-29 14:16 -------- d-----w- c:\program files\Common Files\xing shared
2013-04-29 14:16 . 2013-04-29 14:16 153736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-04-29 14:16 . 2013-04-29 14:16 124504 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-04-29 14:15 . 2013-04-29 14:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-04-29 14:15 . 2013-04-29 14:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-25 13:27 . 2013-04-25 13:27 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\RealNetworks
2013-04-25 13:26 . 2013-04-25 13:26 -------- d-----w- c:\program files\RealNetworks
2013-04-25 13:26 . 2013-04-25 13:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RealNetworks
2013-04-23 06:20 . 2013-04-23 06:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2013-04-13 19:12 . 2013-04-13 19:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 18:18 . 2012-06-01 15:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-26 18:18 . 2012-06-01 15:39 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-12 19:55 . 2013-03-12 19:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 19:55 . 2012-12-03 16:03 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 19:55 . 2012-12-03 16:03 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 19:55 . 2012-05-24 09:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 08:35 . 2009-09-28 13:36 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:54 . 2009-09-28 13:35 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:54 . 2009-07-15 08:47 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2009-09-28 13:36 920064 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2009-09-28 13:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2009-09-28 13:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 02:00 . 2009-09-28 13:36 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2009-09-28 13:33 385024 ----a-w- c:\windows\system32\html.iec
2013-02-12 00:32 . 2008-04-13 22:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2012-12-09 10:39 . 2012-12-09 10:39 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-12-20 5237256]
"Nástroj WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-12-20 5237256]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Rainmeter.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-04-26 12:33 3111744 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
c:\program files\DivX\DivX Media Server\DivXMediaServer.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-09 16:50 116648 ----atw- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-07-14 19:35 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-09-23 13:04 15512424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-09-23 13:04 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-09-23 14:28 1634112 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2012-06-14 12:02 743104 ----a-w- c:\program files\PowerStrip\PStrip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2012-06-06 13:00 20065936 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-11-09 19:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-05-24 09:14 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-04-29 14:16 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Documents and Settings\\Uživatel\\Local Settings\\Data aplikací\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [4.3.2011 13:23 11352]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [10.1.2011 14:50 91904]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [23.8.2012 17:56 69016]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [6.3.2013 2:21 39056]
R2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [20.12.2012 7:38 1155088]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [19.9.2012 22:02 248248]
R2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [19.9.2012 22:10 1177536]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [15.10.2012 15:54 100368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.3.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 20:27 19472]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28.9.2009 15:38 9472]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [10.1.2011 14:50 25088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 13:55 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2012 12:46 1691480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [28.5.2012 21:45 1668352]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [30.12.2012 17:26 11520]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [5.8.2012 1:46 14416]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 18:18]
.
2013-05-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-CC12615693194DB-Uživatel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-05-10 04:09]
.
2013-05-11 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-08-04 09:21]
.
2013-05-11 c:\windows\Tasks\User_Feed_Synchronization-{E54B9D09-654E-4A85-B380-B2B1C21BEECA}.job
- c:\windows\system32\msfeedssync.exe [2009-09-28 13:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://searchou.com/?id=74fd46eb000000000000001d7dc228a6
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\6sgbxg4h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://searchou.com/?q={searchTerms}&id=74fd46eb000000000000001d7dc228a6
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-29 17:28; ffxtlbr@privitize.com; c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\6sgbxg4h.default\extensions\ffxtlbr@privitize.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-11 22:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="717BA34BC9B1CAD32F1B758F093A2DE7BCA4911FE33E35100EB436991459C7742943D8751B580B087AA13B5EA3993917C1C37F6A7246801900DD561A60D2F75E0154B6A1EBD82387F373AA15D6B301C9927E294DD5FCB28C510C7FB0C9CBA8CFAD324DBF97CAEAE5FE028D77FD1EE7F9E0D532FE0794D7E7A76CCEAB0CB1AEE96556FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74C9DB7CE019D40AA5CFEBC9E127BECC74C803F3B1EC3448C36D0192FD0E676BFEE2262F2F6179E46DD4817CE990E89580AB3643F38F43CCCA39CACF0CDDC21A47741D6D31D3A7D1C272B6F36617B3B5637101971B72E7C8F6936CD30EBA90E676FF16EB308D996B35C3023B8380B22E9FC900B6306D1FC94ED10413ED3FAD9D88742A4C5B70C498D9C1D028E9E5984658855006C3FA8071D86435DB15EDE71CA64E3050366C948AE79DD6E30C8E8F91DF620CC25B55C36F0020B8E671A4C979621A9B128FD701D20F97DDED9202170EBDBD85EEC6E7EFE5A9D47577ECA996596490FDF331F41A36D17AFDB8DBF4CA72E3F88B3642300A6A78FFCCA58E584C3AC5D2ED8E89BE18A28BF498611F817B4479A60DE73423A45ACFE52101E162D71B9534AF8D27CDBD4E354468E6BCF95FE9ADDB28843ECE74ABE87156439BA1781A694C732BCFD1C5CBA2DC1BBEA7D3D46146C746C4277A8F638BA33185AE42BDA5FFD2F8AB58DF5CBC79300E7226EE919201B435823EC7F61F81B420FF2DB36B8D25F2C1B13CF9BA22DC3E5006342D7DCB0B85C2FDA0AD3F2E3A078C2BB1AE8A875FE91906B1CA9B50FF1FB89CA4FAB4ABA01A36AA4C0F0E85EB8333E30CE560F3F15D32B1D7E1A2C9543F297B21CE96EB9A81F937DB507D5544172228DDB78212ACF8B4347B4D1026E521B56BE667E2A29D5F94B2944A89FB391D8A258D7ABEAB64E763F4DB59406C82C6A03529EB6318CA483C32CF74D00EEEDAF88578C2E49E8A8739D58258A5D5A53FAEF1769C40D6822AE445193D0057C1561AF16FA26F1C864096FD36143005BBD8A057A1EC01BC5539128270C738ED736FE0862D29CE8E080DF59F0782F3788D5FA3AADC9240B34AF67DF7F0B56547F75BB1651FBFB8B41ED4596222F24A5A279521FA5AECCE24420106CF06E03DFF569707239909586FE11A872A1FBDABE6EFA3A569BBE7DF98B058C67D447638EC12197C9B45F1FDD2FC321CE690AF0C7359F01958C255C7D243006FA4ADAC792EC99535BA2EAAF666E526521BBB9685F42A19926B93C74EEAA6A45E63224E2F108C8E47BA8E9C2CDDCFDD3F11C9EA5F3E62F97E82915B423426CBAFCB3CE4D052495B513AAC5BA909E7C6CE0D100F349776AB64D2274ED428F68F827B93D817A585CD19E561E5B82"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1188)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-05-11 22:48:34
ComboFix-quarantined-files.txt 2013-05-11 20:48
.
Před spuštěním: Volných bajtů: 92 392 734 720
Po spuštění: Volných bajtů: 92 259 803 136
.
- - End Of File - - 4F04EB7BDADDE811A190B79AEAD94628

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 16:38
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Firefox::
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\6sgbxg4h.default\
FF - prefs.js: keyword.URL - hxxp://searchou.com/?q={searchTerms}&id=74fd46eb000000000000001d7dc228a6
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-29 17:28; ffxtlbr@privitize.com; c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\6sgbxg4h.default\extensions\ffxtlbr@privitize.com

Regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 17:14
od Momoum
Zde je log

ComboFix 13-05-12.01 - Uživatel 12.05.2013 17:57:33.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1410 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-12 do 2013-05-12 )))))))))))))))))))))))))))))))
.
.
2013-05-11 04:32 . 2013-05-11 04:32 -------- d---a-w- c:\windows\VDLL.DLL
2013-05-11 04:32 . 2013-05-11 04:32 -------- d---a-w- c:\windows\system32\runouce.exe
2013-05-11 04:32 . 2013-05-11 04:32 -------- d---a-w- c:\windows\RUNDL132.EXE
2013-05-11 04:32 . 2013-05-11 04:32 -------- d---a-w- c:\windows\logo_1.exe
2013-05-11 04:31 . 2013-05-11 18:29 -------- d-----w- c:\program files\trend micro
2013-05-11 04:01 . 2013-05-11 04:01 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-05-11 04:00 . 2013-05-11 04:00 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-11 04:00 . 2013-05-11 04:00 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-11 04:00 . 2013-05-11 04:00 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-05-11 04:00 . 2013-05-11 04:00 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-05-11 04:00 . 2013-05-11 04:00 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-05-11 04:00 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2013-05-11 04:00 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2013-05-11 04:00 . 2013-05-11 04:00 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-05-11 03:59 . 2013-05-11 04:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2013-05-11 03:30 . 2013-05-11 03:52 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Download Manager
2013-05-11 03:10 . 2013-05-11 03:10 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Malwarebytes
2013-05-11 03:09 . 2013-05-11 03:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-05-10 11:31 . 2013-05-10 11:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2013-05-10 09:05 . 2013-05-10 09:07 -------- d-----w- c:\program files\VirtualDJ
2013-04-29 14:16 . 2013-04-29 14:16 -------- d-----w- c:\program files\Common Files\xing shared
2013-04-29 14:16 . 2013-04-29 14:16 153736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-04-29 14:16 . 2013-04-29 14:16 124504 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-04-29 14:15 . 2013-04-29 14:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-04-29 14:15 . 2013-04-29 14:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-25 13:27 . 2013-04-25 13:27 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\RealNetworks
2013-04-25 13:26 . 2013-04-25 13:26 -------- d-----w- c:\program files\RealNetworks
2013-04-25 13:26 . 2013-04-25 13:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RealNetworks
2013-04-23 06:20 . 2013-04-23 06:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2013-04-13 19:12 . 2013-04-13 19:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 18:18 . 2012-06-01 15:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-26 18:18 . 2012-06-01 15:39 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-12 19:55 . 2013-03-12 19:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 19:55 . 2012-12-03 16:03 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 19:55 . 2012-12-03 16:03 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 19:55 . 2012-05-24 09:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 08:35 . 2009-09-28 13:36 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:54 . 2009-09-28 13:35 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:54 . 2009-07-15 08:47 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2009-09-28 13:36 920064 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2009-09-28 13:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2009-09-28 13:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 02:00 . 2009-09-28 13:36 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2009-09-28 13:33 385024 ----a-w- c:\windows\system32\html.iec
2013-02-12 00:32 . 2008-04-13 22:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2012-12-09 10:39 . 2012-12-09 10:39 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-12-20 5237256]
"Nástroj WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-12-20 5237256]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Rainmeter.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-04-26 12:33 3111744 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
c:\program files\DivX\DivX Media Server\DivXMediaServer.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-09 16:50 116648 ----atw- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-07-14 19:35 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-09-23 13:04 15512424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-09-23 13:04 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-09-23 14:28 1634112 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2012-06-14 12:02 743104 ----a-w- c:\program files\PowerStrip\PStrip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2012-06-06 13:00 20065936 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-11-09 19:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-05-24 09:14 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-04-29 14:16 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Documents and Settings\\Uživatel\\Local Settings\\Data aplikací\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [4.3.2011 13:23 11352]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [10.1.2011 14:50 91904]
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [10.1.2011 14:50 25088]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [23.8.2012 17:56 69016]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [6.3.2013 2:21 39056]
R2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [20.12.2012 7:38 1155088]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [19.9.2012 22:02 248248]
R2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [19.9.2012 22:10 1177536]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [28.5.2012 21:45 1668352]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [15.10.2012 15:54 100368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.3.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 20:27 19472]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28.9.2009 15:38 9472]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 13:55 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2012 12:46 1691480]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [30.12.2012 17:26 11520]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [5.8.2012 1:46 14416]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 18:18]
.
2013-05-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-CC12615693194DB-Uživatel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-05-10 04:09]
.
2013-05-12 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-08-04 09:21]
.
2013-05-12 c:\windows\Tasks\User_Feed_Synchronization-{E54B9D09-654E-4A85-B380-B2B1C21BEECA}.job
- c:\windows\system32\msfeedssync.exe [2009-09-28 13:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://searchou.com/?id=74fd46eb000000000000001d7dc228a6
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\6sgbxg4h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - ExtSQL: 2013-03-29 17:28; ffxtlbr@privitize.com; c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\6sgbxg4h.default\extensions\ffxtlbr@privitize.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-12 18:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1628)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(4072)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Raxco\Shared\PDEngine.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-05-12 18:12:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-12 16:12
ComboFix2.txt 2013-05-11 20:48
.
Před spuštěním: Volných bajtů: 91 787 636 736
Po spuštění: Volných bajtů: 92 276 613 120
.
- - End Of File - - C01820B9C0C8158AC2ECC8A1719D79FE

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 18:19
od Rudy
Nastala nějaká změna?

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 18:24
od Momoum
Žádná změna :cry:

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 18:42
od Rudy
Jaká je velikost adresáře c:\documents and settings\Uživatel\Plocha ?

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 18:45
od Momoum
171 MB

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 19:52
od Rudy
To je OK. Pak už může být problém v nějakém korektním naistalovaném programu, nebo v systému. Co jste insaloval těsně před tím, než se problém objevil?

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 20:03
od Momoum
To bude Virtual DJ, mám ho odinstalovat?

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 20:12
od Rudy
Zkuste. Ono to jinak ani nepůjde, prošli jsme vše, co problém obvykle způsobuje. PC je čistý, zbývají tedy korektní instalace, nebo systém. :)

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 20:32
od Momoum
Ok zkusím odinstalovat nějaké programy snad na to dojdu. Při nejhorším zálohuji data a reinstaluji Windows.
Děkuji za Váš čas a snahu. Určitě Vás všem známým doporučím. :thumbsup:

Re: Pomalé nabíhání PC

Napsal: 13 kvě 2013 21:00
od Rudy
Za doporučení děkujeme a vy nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz