VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosím kontrolu logu - pomalejší ntb

https://forum.viry.cz:443/viewtopic.php?t=137526

Stránka 3 z 3

Re: prosím kontrolu logu - pomalejší ntb

Napsal: 21 dub 2014 16:18
od Márty84
Pouzijte nejprve toto http://www.bleepingcomputer.com/downloa ... ool/dl/51/

Re: prosím kontrolu logu - pomalejší ntb

Napsal: 21 dub 2014 17:24
od xjamie
mám log :)


ComboFix 14-04-20.01 - Veronika 21.04.2014 18:01:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.570 [GMT 2:00]
Spuštěný z: c:\documents and settings\Veronika\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Services.reg
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-21 do 2014-04-21 )))))))))))))))))))))))))))))))
.
.
2014-04-21 08:06 . 2014-04-21 08:07 -------- d-----w- c:\program files\Defraggler
2014-04-21 07:55 . 2014-04-21 07:55 -------- d-----w- c:\program files\CCleaner
2014-04-20 20:06 . 2014-04-20 20:06 -------- d-----w- c:\documents and settings\Administrator
2014-04-18 22:04 . 2014-04-18 22:04 -------- d-----w- c:\documents and settings\Veronika\Data aplikací\Malwarebytes
2014-04-18 22:04 . 2014-04-18 22:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-04-18 22:01 . 2014-04-21 07:27 -------- d-----w- c:\program files\trend micro
2014-04-18 20:26 . 2014-04-18 20:38 -------- d-----w- c:\documents and settings\Veronika\Data aplikací\BSplayer
2014-04-18 20:25 . 2014-04-20 21:27 -------- d-----w- c:\program files\BSPlayer
2014-04-08 20:28 . 2014-04-08 20:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2014-03-31 19:51 . 2014-03-31 19:51 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-18 20:45 . 2013-01-27 18:38 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-18 20:45 . 2013-01-27 18:38 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 19:51 . 2013-04-22 16:38 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-31 19:51 . 2011-05-05 11:16 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-31 19:51 . 2013-04-22 16:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-31 19:51 . 2013-04-22 16:38 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-03-31 19:51 . 2011-05-05 11:16 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-31 19:51 . 2011-05-05 11:16 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-31 19:51 . 2011-05-05 11:16 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-31 19:51 . 2011-05-05 11:14 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-31 19:50 . 2013-04-22 16:38 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-31 19:50 . 2013-04-22 16:38 252208 ----a-w- c:\windows\system32\drivers\aswndis2.sys
2014-03-06 17:58 . 2010-08-09 18:24 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2010-08-09 18:23 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-12 20:35 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2010-08-09 18:24 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2010-08-09 18:24 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-31 19:51 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-26 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-31 3854640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [22.4.2013 18:38 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [22.4.2013 18:38 252208]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [22.4.2013 18:38 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [22.4.2013 18:38 180760]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22.4.2013 18:38 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 13:16 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.5.2011 13:16 411552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.3.2011 21:27 218688]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [22.4.2013 18:38 67824]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [22.4.2013 18:38 109048]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [11.2.2011 17:07 3221120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-31 19:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211k455l0484wu75w4752u11r
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://portal.allianz.cz/+CSCOL+/csvrloader32.cab
FF - ProfilePath - c:\documents and settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\ye9wm325.default-1382639557984\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-21 18:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-04-21 18:21:34
ComboFix-quarantined-files.txt 2014-04-21 16:21
.
Před spuštěním: Volných bajtů: 52 902 969 344
Po spuštění: Volných bajtů: 52 920 967 168
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D7B0B4B2DD294663E33357BF6C24FC2F
A36C5E4F47E84449FF07ED3517B43A31

Re: prosím kontrolu logu - pomalejší ntb

Napsal: 21 dub 2014 18:13
od Márty84
:arrow: Napiste mi velikost adresare plochy :) (C:\Documents and Settings\Veronika\Plocha)


:!: Presunte ComboFix na plochu, jinak to nebude fungovat!
:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Re: prosím kontrolu logu - pomalejší ntb

Napsal: 21 dub 2014 19:15
od xjamie
je možný, aby měla 62 GB??? :shock: :shock:

Re: prosím kontrolu logu - pomalejší ntb

Napsal: 21 dub 2014 19:48
od xjamie
tady je další log:


ComboFix 14-04-20.01 - Veronika 21.04.2014 20:23:28.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.543 [GMT 2:00]
Spuštěný z: c:\documents and settings\Veronika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Veronika\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-21 do 2014-04-21 )))))))))))))))))))))))))))))))
.
.
2014-04-21 08:06 . 2014-04-21 08:07 -------- d-----w- c:\program files\Defraggler
2014-04-21 07:55 . 2014-04-21 07:55 -------- d-----w- c:\program files\CCleaner
2014-04-20 20:06 . 2014-04-20 20:06 -------- d-----w- c:\documents and settings\Administrator
2014-04-18 22:04 . 2014-04-18 22:04 -------- d-----w- c:\documents and settings\Veronika\Data aplikací\Malwarebytes
2014-04-18 22:04 . 2014-04-18 22:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-04-18 22:01 . 2014-04-21 07:27 -------- d-----w- c:\program files\trend micro
2014-04-18 20:26 . 2014-04-18 20:38 -------- d-----w- c:\documents and settings\Veronika\Data aplikací\BSplayer
2014-04-18 20:25 . 2014-04-20 21:27 -------- d-----w- c:\program files\BSPlayer
2014-04-08 20:28 . 2014-04-08 20:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2014-03-31 19:51 . 2014-03-31 19:51 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-18 20:45 . 2013-01-27 18:38 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-18 20:45 . 2013-01-27 18:38 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 19:51 . 2013-04-22 16:38 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-31 19:51 . 2011-05-05 11:16 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-31 19:51 . 2013-04-22 16:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-31 19:51 . 2013-04-22 16:38 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-03-31 19:51 . 2011-05-05 11:16 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-31 19:51 . 2011-05-05 11:16 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-31 19:51 . 2011-05-05 11:16 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-31 19:51 . 2011-05-05 11:14 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-31 19:50 . 2013-04-22 16:38 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-31 19:50 . 2013-04-22 16:38 252208 ----a-w- c:\windows\system32\drivers\aswndis2.sys
2014-03-06 17:58 . 2010-08-09 18:24 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2010-08-09 18:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2010-08-09 18:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2010-08-09 18:23 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2010-08-09 18:23 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-12 20:35 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2010-08-09 18:24 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2010-08-09 18:24 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-31 19:51 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-26 17:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-26 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-10 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-10 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-26 349552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-31 3854640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [22.4.2013 18:38 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [22.4.2013 18:38 252208]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [22.4.2013 18:38 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [22.4.2013 18:38 180760]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22.4.2013 18:38 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 13:16 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.5.2011 13:16 411552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.3.2011 21:27 218688]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [9.8.2010 13:00 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [9.8.2010 13:00 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [9.8.2010 13:00 58800]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [22.4.2013 18:38 67824]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [22.4.2013 18:38 109048]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [9.8.2010 20:25 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [9.8.2010 13:08 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [9.8.2010 12:44 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [9.8.2010 20:25 61552]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [26.5.2010 19:41 305520]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [11.2.2011 17:07 3221120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.8.2010 12:25 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [9.8.2010 12:26 82384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-31 19:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aod255&r=0xph0211k455l0484wu75w4752u11r
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://portal.allianz.cz/+CSCOL+/csvrloader32.cab
FF - ProfilePath - c:\documents and settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\ye9wm325.default-1382639557984\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-21 20:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2828)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\WebCam\S6000\S6000Mnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2014-04-21 20:45:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-21 18:45
ComboFix2.txt 2014-04-21 16:21
.
Před spuštěním: Volných bajtů: 52 934 131 712
Po spuštění: Volných bajtů: 52 782 927 872
.
- - End Of File - - DC30606A1FACD4DF3A8D890AA60B7F57
A36C5E4F47E84449FF07ED3517B43A31

Re: prosím kontrolu logu - pomalejší ntb

Napsal: 22 dub 2014 09:09
od Márty84
xjamie píše:je možný, aby měla 62 GB??? :shock: :shock:
Mozny to je :D Asi tam mate nejakou slozku s filmama, pisnickama, nebo fotkama :) Kazdopadne to ten pocitac brzdi. Takze premistit, at ma maximalne 200 - 300 MB :)


:arrow: Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

:arrow:
vyosek píše: :arrow: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

:arrow: Pak napiste, jestli nastala nejaka zmena.

Re: prosím kontrolu logu - pomalejší ntb

Napsal: 22 dub 2014 13:17
od xjamie
tak plocha už má 4,52 kB :D
pc se načítá rychle, a vůbec se zrychlilo všechno... mě se to už zdá v pořádku....

takže moc moc moc děkuji za pomoc :wub:

Re: prosím kontrolu logu - pomalejší ntb

Napsal: 22 dub 2014 17:48
od Márty84
To jsem moc rad, ze je to v poradku :happy:

Nemate vubec zac! :)

Mejte se krasne a treba zase nekdy :bye:

:closed:
Všechny časy jsou v UTC+01:00
Stránka 3 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz