VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

spomalený pc,

https://forum.viry.cz:443/viewtopic.php?t=101369

Stránka 1 z 1

spomalený pc,

Napsal: 23 kvě 2010 21:27
od labtor
Ahojte. Dúfam že píšem do dobrej sekcie.(som tu nový) Vlastne píšem za svoju kamarátku ktorá má už dlhšie problém s PC. vraj odvtedy ako mala nejaký USB kľúč vo svojom PC.používa antivír od Esetu. budem ju citovať:
"mám spomalený pc..nefungujú mi niektoré programy..musím ich polopate otvárať, že nie dvojklik, ale musím dať na to pravým že otvoriť pomocou .. potom napr od vtedy jak mi ten zvuk začal blbnúť sa mi nedá vypnúť pc pomocou alt f4
ale ten zvuk mi už neblbne.. ja neviem.. keď vypnem pc tak ždy sa ma askne, že ukončiť ten program, lebo inak sa nevypne.."
tiež spomínala nejaký súbor dog.exe a že pri vypínaní PC jej to vypisuje niečo. Osobne som ten počítač nevidel... :roll: Dúfam že tieto informácie pomôžu k vyriešeniu.A vopred vám ďakujem.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-05-23 22:07:16
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (81%) free of 76 GB
Total RAM: 2039 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:07:43, on 23. 5. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Hudba\Winamp\winampa.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\windows\fonts\winlgoon.exe
D:\ICQ7.1\ICQ.exe
C:\windows\fonts\winlgoon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
D:\Hudba\Winamp\winamp.exe
C:\windows\fonts\hid.exe
C:\windows\fonts\hid.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\fonts\winlgoon.exe
C:\WINDOWS\explorer.exe
C:\windows\fonts\hid.exe
C:\windows\fonts\dogs.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Film\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] D:\Hudba\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SYTIEM] C:\windows\fonts\winlgoon.exe
O4 - HKCU\..\Run: [ICQ] "D:\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\RunOnce: [WiDUpdate] C:\windows\fonts\winlgoon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winmpa.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2700259234
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E2F399F-1C68-452B-93CB-71DDED2F3EC2}: NameServer = 213.151.200.30 213.151.208.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E2F399F-1C68-452B-93CB-71DDED2F3EC2}: NameServer = 213.151.200.30 213.151.208.161
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Self extract service (UnzipService) - Unknown owner - C:\WINDOWS\System32\Mseus.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8441 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-07 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-07 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-05-21 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-05-21 2515552]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-07 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-18 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-18 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-18 138008]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-07 827392]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-10-19 949376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-07-30 98304]
"QuickTime Task"=D:\Film\QuickTime\qttask.exe [2009-01-05 413696]
"WinampAgent"=D:\Hudba\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-06 39408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
"SYTIEM"=C:\windows\fonts\winlgoon.exe [2010-04-21 860232]
"ICQ"=D:\ICQ7.1\ICQ.exe [2010-05-08 133368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiDUpdate"=C:\windows\fonts\winlgoon.exe [2010-04-21 860232]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
winmpa.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Administrator\Desktop\utorrent.exe"="C:\Documents and Settings\Administrator\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\QIP\QIP\qip.exe"="D:\QIP\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"D:\ICQ7.1\ICQ.exe"="D:\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"D:\ICQ7.1\aolload.exe"="D:\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\ICQ7.1\ICQ.exe"="D:\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"D:\ICQ7.1\aolload.exe"="D:\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d09f2e4-6e31-11dd-8091-d633c3077d0c}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee068d4-8090-11dc-bff5-001a4b6f94aa}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee068d6-8090-11dc-bff5-001a4b6f94aa}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c3e529e-0bff-11de-80ca-001a4b6f94aa}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{826dc10e-bec1-11dc-8027-001a4b6f94aa}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Main.exe
shell\open\command - I:\Main.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94ccedb7-b5eb-11de-8272-001a4b6f94aa}]
shell\AutoRun\command - K:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e2a7782-8606-11dc-bff7-bed378668a0b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e2a7783-8606-11dc-bff7-bed378668a0b}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c42d2a14-b2b5-11de-8269-001cbf0c1d11}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Main.exe
shell\open\command - G:\Main.exe


======List of files/folders created in the last 1 months======

2010-05-23 22:07:16 ----D---- C:\rsit
2010-05-23 22:07:16 ----D---- C:\Program Files\trend micro
2010-05-16 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-04-25 15:25:29 ----D---- C:\Program Files\Common Files\Blizzard Entertainment

======List of files/folders modified in the last 1 months======

2010-05-23 22:07:24 ----D---- C:\WINDOWS\Prefetch
2010-05-23 22:07:16 ----RD---- C:\Program Files
2010-05-23 22:06:08 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #4.txt
2010-05-23 21:40:16 ----D---- C:\WINDOWS\Temp
2010-05-23 17:48:24 ----RSD---- C:\WINDOWS\Fonts
2010-05-23 17:43:48 ----D---- C:\WINDOWS\system32
2010-05-23 17:43:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-23 12:31:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-21 14:48:00 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2010-05-21 13:56:20 ----D---- C:\Documents and Settings\Administrator\Application Data\ICQ
2010-05-17 03:53:18 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2010-05-16 15:03:19 ----D---- C:\WINDOWS
2010-05-16 03:01:24 ----HD---- C:\WINDOWS\inf
2010-05-16 03:01:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-16 03:01:16 ----D---- C:\Program Files\Outlook Express
2010-05-15 14:39:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-15 01:09:13 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss
2010-05-14 12:37:22 ----D---- C:\Documents and Settings\Administrator\Application Data\BSplayer
2010-05-12 14:20:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-10 11:22:23 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-05-08 23:39:40 ----D---- C:\Program Files\ICQ6Toolbar
2010-05-08 14:57:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-08 14:48:21 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-30 15:44:41 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2010-04-25 15:25:29 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-10-19 15424]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-10-19 512096]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-09 288768]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-01-02 1160320]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetLink Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-12-15 160256]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-26 100992]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-16 5707744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-28 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-07 201920]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 Mseu;Mseu; C:\WINDOWS\system32\drivers\Mseu.sys []
S3 a1z589hd;a1z589hd; C:\WINDOWS\system32\drivers\a1z589hd.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-10-19 552064]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2008-09-08 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
S2 UnzipService;Self extract service; C:\WINDOWS\System32\Mseus.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-06 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: spomalený pc,

Napsal: 23 kvě 2010 22:31
od motji
Dobrý večer :)
Kamarádka to má parádně zavirované :roll: :D .

:arrow: Zapojte do pc všechny usb klíče, flashky...co používáte


:arrow: Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

Re: spomalený pc,

Napsal: 23 kvě 2010 22:44
od labtor
ako sa to dá z týchto logov zistiť?

edit:
hlavne to ma zaujímalo ako tie šmejdy rozlíšiť od nešmejdov :D
...

Re: spomalený pc,

Napsal: 23 kvě 2010 22:54
od motji
Jak to myslíte?
Usbfix viry rovnou odstraní, ale pak budeme stejně pokračovat dál.

V logu ze Rsitu jdou vidět procesy, které běží, dále co se spouští po startu, různé klíče v registrech a podobně. Kromě legálních souborů tam vidím i pár šmejdů :)

Re: spomalený pc,

Napsal: 24 kvě 2010 09:56
od labtor
tak prikladám dalsie citanie :)




############################## | UsbFix V6.114 |

User : Administrator (Administrators) # PREDNOTE
Update on 17/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 23:48:38 | 23. 5. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : Eset NOD32 Antivirus 2.70 2.70 [ Enabled | Updated ]

C:\ -> Lokálny pevný disk # 74,5 Go (60 Go free) # NTFS
D:\ -> Lokálny pevný disk # 74,54 Go (57,02 Go free) [Lokálny disk] # NTFS
E:\ -> Disk CD-ROM
F:\ -> Disk CD-ROM
G:\ -> Disk CD-ROM # 8,48 Mo (0 Mo free) [MOBILE_CONNECT] # CDFS
H:\ -> Lokálny pevný disk # 232,83 Go (1,68 Go free) [USB-HDD] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-842925246-329068152-725345543-1003
Deleted ! C:\Recycler\S-1-5-21-842925246-329068152-725345543-500
Deleted ! D:\test.exe
Deleted ! D:\Recycler\S-1-5-21-842925246-329068152-725345543-500
(!) Not deleted ! G:\autorun.inf
(!) Not deleted ! G:\autorun.exe

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{2d09f2e4-6e31-11dd-8091-d633c3077d0c}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{3ee068d4-8090-11dc-bff5-001a4b6f94aa}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{3ee068d6-8090-11dc-bff5-001a4b6f94aa}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{7c3e529e-0bff-11de-80ca-001a4b6f94aa}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{826dc10e-bec1-11dc-8027-001a4b6f94aa}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{94ccedb7-b5eb-11de-8272-001a4b6f94aa}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9e2a7782-8606-11dc-bff7-bed378668a0b}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9e2a7783-8606-11dc-bff7-bed378668a0b}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{c42d2a14-b2b5-11de-8269-001cbf0c1d11}\Shell\AutoRun\Command

################## | Listing of the present files |

[18. 10. 2007 11:08|--a------|0] C:\AUTOEXEC.BAT
[18. 10. 2007 13:37|--a------|90] C:\bcmwl5.log
[18. 10. 2007 11:03|---hs----|211] C:\boot.ini
[18. 10. 2007 11:08|--a------|0] C:\CONFIG.SYS
[07. 06. 2009 15:21|--a------|7858888] C:\Firefox Setup 3.0.10.exe
[18. 10. 2007 11:08|-rahs----|0] C:\IO.SYS
[18. 10. 2007 11:08|-rahs----|0] C:\MSDOS.SYS
[04. 08. 2004 14:00|-rahs----|47564] C:\NTDETECT.COM
[02. 11. 2008 22:58|-rahs----|250048] C:\ntldr
[27. 09. 2009 19:15|--a------|432] C:\Odkaz na Zdie–an‚ dokumenty.lnk
[?|?|?] C:\pagefile.sys
[18. 10. 2007 13:20|--a------|201] C:\setup.log
[23. 05. 2010 23:51|--a------|2902] C:\UsbFix.txt
[07. 11. 2007 09:00|--a------|17734] D:\eula.1028.txt
[07. 11. 2007 09:00|--a------|17734] D:\eula.1031.txt
[07. 11. 2007 09:00|--a------|10134] D:\eula.1033.txt
[07. 11. 2007 09:00|--a------|17734] D:\eula.1036.txt
[07. 11. 2007 09:00|--a------|17734] D:\eula.1040.txt
[07. 11. 2007 09:00|--a------|118] D:\eula.1041.txt
[07. 11. 2007 09:00|--a------|17734] D:\eula.1042.txt
[07. 11. 2007 09:00|--a------|17734] D:\eula.2052.txt
[07. 11. 2007 09:00|--a------|17734] D:\eula.3082.txt
[07. 11. 2007 09:00|--a------|1110] D:\globdata.ini
[07. 11. 2007 09:03|--a------|562688] D:\install.exe
[07. 11. 2007 09:00|--a------|843] D:\install.ini
[07. 11. 2007 09:03|--a------|76304] D:\install.res.1028.dll
[07. 11. 2007 09:03|--a------|96272] D:\install.res.1031.dll
[07. 11. 2007 09:03|--a------|91152] D:\install.res.1033.dll
[07. 11. 2007 09:03|--a------|97296] D:\install.res.1036.dll
[07. 11. 2007 09:03|--a------|95248] D:\install.res.1040.dll
[07. 11. 2007 09:03|--a------|81424] D:\install.res.1041.dll
[07. 11. 2007 09:03|--a------|79888] D:\install.res.1042.dll
[07. 11. 2007 09:03|--a------|75792] D:\install.res.2052.dll
[07. 11. 2007 09:03|--a------|96272] D:\install.res.3082.dll
[07. 11. 2007 09:00|--a------|5686] D:\vcredist.bmp
[07. 11. 2007 09:09|--a------|1442522] D:\VC_RED.cab
[07. 11. 2007 09:12|--a------|232960] D:\VC_RED.MSI
[01. 06. 2007 12:25|-r-------|102400] G:\AutoRun.exe
[05. 06. 2007 17:36|-r-------|46] G:\AUTORUN.INF
[01. 06. 2007 12:25|-r-------|106496] G:\DataCard_Setup.exe
[01. 06. 2007 12:25|-r-------|139264] G:\DataCard_Setup64.exe
[01. 06. 2007 12:25|-r-------|6144] G:\ResetDevice.exe
[05. 06. 2007 17:36|-r-------|4150] G:\Signal.ico
[06. 06. 2007 21:18|-r-------|843] G:\SysConfig.dat
[17. 08. 2009 16:29|--ah-----|4096] H:\._.Trashes
[17. 08. 2009 17:11|--ah-----|4096] H:\._.TemporaryItems
[30. 04. 2008 12:39|--a------|31961600] H:\ANJ.doc
[05. 12. 2009 02:32|--a------|4378392] H:\totalcmd.zip

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# H:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_PREDNOTE.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.114 ! |

Re: spomalený pc,

Napsal: 24 kvě 2010 17:10
od motji
:arrow: Používá jednotku I? V USBfixu ji nevidím, že byla připojená.

:arrow: Zapojte do pc všechny usb klíče, flashky...co používáte

:!: Zazálohujte si důležitá data, pro jistotu :)

:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Re: spomalený pc,

Napsal: 26 kvě 2010 17:58
od motji
Jak to tu vypadá? :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz