Re: Vypínání/zapínání PC. Sekání při datovém přenosu?
Napsal: 27 bře 2012 20:47
Spíš spustte combofix v nouzáku bez skriptu.
Vy jste mi ale tvrdý oříšek
Vy jste mi ale tvrdý oříšek
ComboFix 12-03-26.01 - kundibal 28.03.2012 14:55:31.8.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3327.2885 [GMT 2:00]
Spuštěný z: c:\documents and settings\kundibal\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bjrvlvcn
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-18 11:40 . 2012-03-18 11:40 -------- d-----w- c:\documents and settings\kundibal\Local Settings\Application Data\SKIDROW
2012-03-16 18:08 . 2012-03-16 18:08 -------- d-----w- C:\rsit
2012-03-15 11:42 . 2012-03-15 11:42 -------- d-----w- c:\windows\Installer
2012-03-12 21:10 . 2012-03-24 12:25 -------- d-----w- c:\documents and settings\kundibal\Application Data\dvdcss
2012-03-08 08:32 . 2012-03-08 08:32 -------- d-----w- c:\documents and settings\postgres
2012-03-07 18:20 . 2012-03-07 18:20 -------- d-----w- c:\documents and settings\kundibal\Application Data\ElevatedDiagnostics
2012-03-05 20:10 . 2012-03-05 20:10 -------- d-----w- c:\documents and settings\kundibal\.thumbnails
2012-03-05 20:08 . 2012-03-05 20:08 -------- d-----w- c:\program files\Blender Foundation
2012-03-05 16:23 . 2012-03-05 16:23 -------- d-----w- c:\program files\Lavalys
2012-03-05 16:17 . 2012-03-05 16:17 -------- d-----w- c:\documents and settings\kundibal\Application Data\FreeStone Group
2012-03-05 16:16 . 2012-03-05 16:16 -------- d-----w- c:\program files\Video Card Stability Test
2012-03-03 10:40 . 2012-03-03 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RELOADED
2012-02-27 20:15 . 2012-02-27 20:15 1492 ----a-w- C:\user.js
2012-02-27 20:15 . 2012-03-07 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TheBflix
2012-02-27 20:15 . 2012-02-27 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 07:11 . 2011-07-20 05:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:10 . 2011-03-26 10:23 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10 . 2011-03-26 10:23 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10 . 2011-03-26 10:23 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10 . 2011-03-26 10:23 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10 . 2011-03-26 10:23 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 04:10 . 2011-03-26 10:23 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:10 . 2011-03-26 10:23 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10 . 2011-03-26 10:23 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10 . 2011-03-26 10:23 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10 . 2011-03-26 10:23 13415040 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-10 03:04 . 2010-10-16 11:05 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04 . 2010-10-16 11:05 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04 . 2010-10-16 11:05 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04 . 2010-10-16 11:05 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04 . 2010-10-16 11:05 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-12 16:53 . 2008-04-13 23:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 07:50 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-04 17:18 . 2011-08-04 16:13 1834688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-18_07.00.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-23 12:00 . 2012-03-28 12:52 589636 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2012-03-18 06:41 589636 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2012-03-28 12:52 122426 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2012-03-18 06:41 122426 c:\windows\system32\perfc009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-10 108352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^kundibal^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=c:\windows\pss\Warkeys Update.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2011-06-04 07:40 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-03 16:35 136176 ----atw- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\poxnora\\LaunchPad.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\condition zero\\hl.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"e:\\Program Files\\Steam\\steamapps\\steam210576\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysql
.
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [20.12.2011 20:47 4544]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2011 17:53 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2011 17:53 307288]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2011 17:53 19544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [19.1.2012 18:09 84608]
S2 DokanMounter;DokanMounter;c:\program files\Capsa.cz\dokanLibrary0.5.3\mounter.exe [19.1.2012 18:09 22016]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4.6.2011 9:27 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.5.2011 11:36 652360]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;"d:\db poker\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "d:\db poker\data\" --> d:\db poker\bin\pg_ctl.exe [?]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [3.6.2011 20:54 569728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.6.2011 9:27 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\garena\safedrv.sys --> e:\garena\safedrv.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.5.2011 11:36 20464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [28.12.2010 0:50 31124344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [4.6.2011 9:28 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [4.6.2011 9:28 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [4.6.2011 9:28 121856]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [26.3.2011 12:24 2136224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003Core.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1035525444-725345543-1003UA.job
- c:\documents and settings\kundibal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 15:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1035525444-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,04,24,1a,58,25,42,a3,81,39,82,eb,7a,b7,cc,97,4d,0f,2a,04,f6,
e5,ca,c3,1d,77,58,57,25,c8,22,ec,13,4d,c2,59,dd,fd,e9,a2,24,b5,18,30,82,61,\
"rkeysecu"=hex:93,fb,26,f0,5f,97,92,2b,75,48,ee,0f,22,71,1c,c3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1844)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-03-28 15:14:33
ComboFix-quarantined-files.txt 2012-03-28 13:14
ComboFix2.txt 2012-03-26 16:00
ComboFix3.txt 2012-03-18 07:04
.
Před spuštěním: 2 440 855 552 bytes free
Po spuštění: 2 421 874 688 bytes free
.
- - End Of File - - 8D54F7CF9E09EA2D85776CC1301A62A3
Jinak k vlastnostem PC: dnes se ráno zase zapl
a po spuštění stále některé aplikace mají určitý delay a pak se spustí naráz.