Pomalé PC, odvirováno AVG, NOD32 odinstalovan
Napsal: 24 srp 2010 08:24
Dobrý den,
prosím o pomoc. PC se velmi zpomalilo, odinstaloval jsem koupený NOD32 a bylo to výrazně lepší. Po čase se zase zpomalilo. Nainstaloval jsem zpět NOD32 a provedl test. Test běžel, ale po 2 dnech jsem se dostal jen na 24% a tam to jelo velmi pomalu. Nevydržel jsem čekat více než 3 dny. Pak jsem to vypnul, odinstaloval NOD32, použil jsem Combofix, nainstaloval Free AVG - ten také našel nějaké potvůrky. Už se zdálo, že je vše OK, ale dnes to opět běží velmi pomalu.
ComboFix 10-08-17.04 - Richard 24.08.2010 8:52.5.1 - x86
Spuštěný z: c:\docume~1\Richard\Plocha\ComboFix.exe
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-24 do 2010-08-24 )))))))))))))))))))))))))))))))
.
2010-08-20 06:12 . 2010-08-20 06:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-20 02:56 . 2010-08-20 02:56 -------- d-----w- C:\$AVG
2010-08-20 02:33 . 2010-08-20 06:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-20 02:33 . 2010-08-20 06:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-20 02:33 . 2010-08-20 06:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-20 02:33 . 2010-08-20 15:43 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-20 02:33 . 2010-08-20 02:33 -------- d-----w- c:\program files\AVG
2010-08-17 08:20 . 2010-08-17 08:20 390144 ----a-w- c:\windows\system32\CF10281.exe
2010-08-09 06:02 . 2010-08-09 06:02 -------- d-----w- C:\332d97db2a57536c3febfa53
2010-08-03 06:45 . 2010-08-03 06:45 -------- d-----w- C:\fc7d322ab63a425f02eb206f01
2010-08-03 06:44 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 05:11 . 2007-01-10 07:50 -------- d-----w- c:\program files\AEBPR
2010-08-13 09:59 . 2004-08-18 12:00 82828 ----a-w- c:\windows\system32\perfc005.dat
2010-08-13 09:59 . 2004-08-18 12:00 440774 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 13:05 . 2006-08-07 19:40 -------- d-----w- c:\program files\ESET
2010-08-09 08:36 . 2009-03-23 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 10:32 . 2010-07-16 10:29 -------- d-----w- c:\program files\Karaoke Editor
2010-07-01 13:33 . 2007-09-12 20:08 -------- d-----w- c:\program files\Google
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-18 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-18 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-18 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-08-07 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2008-09-29 07:33 . 2008-09-29 05:50 1450245 --sha-w- c:\windows\system32\AdobePDFh.sys
2006-05-03 10:06 . 2007-02-21 14:41 163328 --sh--r- c:\windows\system32\flvDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2007-10-25 956296]
"Google Update"="c:\documents and settings\Richard\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-07-09 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15969280]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-12 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-11 520192]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-20 2065760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-5 618557]
Print Monitor.lnk - c:\program files\canon\PrintMonitor\CPUPVIEW.exe [2010-5-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-20 06:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
2004-03-25 10:35 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-20 21:36 1207080 ----a-w- c:\progra~1\MICROS~2\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
2008-11-06 17:23 772096 ----a-w- c:\program files\MP4 Player\Mp4Player.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-12-03 09:33 2372840 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-12 06:40 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-02-11 00:37 520192 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2006-05-19 16:40 884224 ----a-w- c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvcxmlprov"=2 (0x2)
"gusvcwinmgmt"=2 (0x2)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
R0 Winag16;Winag16;c:\windows\System32\Drivers\Winag16.sys [x]
R0 Winag30;Winag30;c:\windows\System32\Drivers\Winag30.sys [x]
R0 Winci74;Winci74;c:\windows\System32\Drivers\Winci74.sys [x]
R0 Winek84;Winek84;c:\windows\System32\Drivers\Winek84.sys [x]
R0 Winfk38;Winfk38;c:\windows\System32\Drivers\Winfk38.sys [x]
R0 Winfl63;Winfl63;c:\windows\System32\Drivers\Winfl63.sys [x]
R0 Wingm28;Wingm28;c:\windows\System32\Drivers\Wingm28.sys [x]
R0 Winlr41;Winlr41;c:\windows\System32\Drivers\Winlr41.sys [x]
R0 Winry41;Winry41;c:\windows\System32\Drivers\Winry41.sys [x]
R0 Winsy16;Winsy16;c:\windows\System32\Drivers\Winsy16.sys [x]
R0 Winub38;Winub38;c:\windows\System32\Drivers\Winub38.sys [x]
R0 Winyg74;Winyg74;c:\windows\System32\Drivers\Winyg74.sys [x]
R2 aawserviceCiSvcSSDPSRV;Ad-Aware 2007 Service aawserviceCiSvcSSDPSRV;đ%€|x srv [x]
R2 CiSvcSSDPSRV;Indexing Service CiSvcSSDPSRV;đ%€|x srv [x]
R2 clr_optimization_v2.0.50727_32Messenger;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32Messenger;đ%€|x srv [x]
R2 DhcpRpcSs;Klient DHCP DhcpRpcSs;đ%€|x srv [x]
R2 dmadminaspnet_state;Služba správy pro Správce logických disků dmadminaspnet_state;đ%€|x srv [x]
R2 dmadminWmdmPmSN;Služba správy pro Správce logických disků dmadminWmdmPmSN;đ%€|x srv [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
R2 IDriverTServiceLayer;InstallDriver Table Manager IDriverTServiceLayer;đ%€|x srv [x]
R2 LightScribeServiceTrkWksSchedule;LightScribeService Direct Disc Labeling Service LightScribeServiceTrkWksSchedule;đ%€|x srv [x]
R2 MicrosoftPlugPlay;Microsoft Office Groove Audit Service MicrosoftPlugPlay;đ%€|x srv [x]
R2 NetTcpPortSharingS24EventMonitor;Net.Tcp Port Sharing Service NetTcpPortSharingS24EventMonitor;đ%€|x srv [x]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 NlaDcomLaunch;Sledování umístění v síti (NLA) NlaDcomLaunch;đ%€|x srv [x]
R2 NOD32krnRpcLocator;NOD32 Kernel Service NOD32krnRpcLocator;đ%€|x srv [x]
R2 NtmsSvcTlntSvr;Vyměnitelné úložiště NtmsSvcTlntSvr;đ%€|x srv [x]
R2 odservMSIServer;Microsoft Office Diagnostics Service odservMSIServer;đ%€|x srv [x]
R2 RasAutoEventSystem;Správce automatického připojení pomocí vzdáleného přístupu RasAutoEventSystem;đ%€|x srv [x]
R2 RDSessMgrNOD32krnRpcLocator;Správce relací nápovědy ke vzdálené ploše RDSessMgrNOD32krnRpcLocator;đ%€|x srv [x]
R2 RegSrvcServiceLayer;Intel(R) PROSet/Wireless Registry Service RegSrvcServiceLayer;đ%€|x srv [x]
R2 RemoteAccessdmadminWmdmPmSN;Směrování a vzdálený přístup RemoteAccessdmadminWmdmPmSN;đ%€|x srv [x]
R2 RemoteAccessImapiService;Směrování a vzdálený přístup RemoteAccessImapiService;đ%€|x srv [x]
R2 RemoteAccessImapiServiceRemoteAccessImapiService;Směrování a vzdálený přístup RemoteAccessImapiService RemoteAccessImapiServiceRemoteAccessImapiService;đ%€|x srv [x]
R2 S24EventMonitorCiSvc;Intel(R) PROSet/Wireless Service S24EventMonitorCiSvc;đ%€|x srv [x]
R2 SENSAudioSrv;Oznamování systémových událostí SENSAudioSrv;đ%€|x srv [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 stisvcProtectedStorage;Načítání obrázků (WIA) stisvcProtectedStorage;đ%€|x srv [x]
R2 TermServiceBrowser;Terminálová služba TermServiceBrowser;đ%€|x srv [x]
R2 TrkWksCryptSvc;Klient služby sledování distribuovaných propojení TrkWksCryptSvc;đ%€|x srv [x]
R2 TrkWksSchedule;Klient služby sledování distribuovaných propojení TrkWksSchedule;đ%€|x srv [x]
R2 WmdmPmSNNetlogon;Služba sériového čísla přenosného zařízení WmdmPmSNNetlogon;đ%€|x srv [x]
R2 WmiNOD32krnRpcLocator;Rozšíření ovladače WMI WmiNOD32krnRpcLocator;đ%€|x srv [x]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\documents and settings\Richard\Local Settings\Temp\{234ABC07-DAD1-4151-B178-F590F492C13D}\fsgk.sys [x]
R3 FagorPcmcia;Description of FagorPcmcia NT service here;c:\windows\system32\Drivers\FagorPcmcia.sys [2003-07-08 10087]
R3 FTCSER2K;FTDI USB Dual Serial Port Driver;c:\windows\system32\drivers\ftcser2k.sys [2004-03-23 56031]
R3 FTCUSB;FTCUSB.SYS FT2232C IO test driver;c:\windows\system32\drivers\ftcusb.sys [2004-05-05 43235]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2007-06-12 51040]
R3 lptwdmio;LPT port direct access service;c:\progra~1\HAM\UR5EQF~1\LPTWDMIO.SYS [x]
R3 memcard;Ovladač paměťových karet PCMCIA;c:\windows\system32\DRIVERS\memcard.sys [2001-08-17 8320]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 packet_2.1;Packet Driver v2.1;c:\windows\system32\drivers\packet.sys [2000-10-24 10755]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2002-01-08 24576]
R4 gusvcwinmgmt;Google Updater Service gusvcwinmgmt;đ%€|x srv [x]
R4 gusvcxmlprov;Google Updater Service gusvcxmlprov;đ%€|x srv [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-20 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-20 243024]
S1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2006-12-04 3026]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-20 308136]
S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\DRIVERS\DLPortIO.SYS [1999-01-10 3584]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S2 hercul;hercul;c:\windows\system32\DRIVERS\HERCUL.SYS [2002-07-10 4640]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2005-10-03 720470]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2005-10-03 8278]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 06:15]
2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 06:15]
2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{C0CA6F35-C6E9-4200-A7FD-D7701CE743C2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\TRANSLATOR\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\TRANSLATOR\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\TRANSLATOR\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\TRANSLATOR\WEBIE.DLL
TCP: {918D11F8-3B92-45F4-B7BB-51D21899DDE6} = 194.228.41.65,8.8.8.8
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://sberna7.ifoto.cz/snadno-vlozit-fotografie/ilt/ilikethisPhotoUploader2.dll
DPF: {10132C0C-B4E5-11D5-AB9E-444553540000} - hxxp://www.visualradio.de/download/VRPCA.CAB
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://bossdomu.dyndns.org:5070/RtspVaPgDec.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp05.photoprintit.de/microsite/4860/defaults/activex/IPSUploader.cab
FF - ProfilePath - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\xu5nzrbm.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 08:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aawserviceCiSvcSSDPSRV]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcSSDPSRV]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32Messenger]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpRpcSs]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadminaspnet_state]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadminWmdmPmSN]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcwinmgmt]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcxmlprov]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverTServiceLayer]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeServiceTrkWksSchedule]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MicrosoftPlugPlay]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharingS24EventMonitor]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaDcomLaunch]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NOD32krnRpcLocator]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvcTlntSvr]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odservMSIServer]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoEventSystem]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrNOD32krnRpcLocator]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegSrvcServiceLayer]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessdmadminWmdmPmSN]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessImapiService]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessImapiServiceRemoteAccessImapiService]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S24EventMonitorCiSvc]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENSAudioSrv]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcProtectedStorage]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceBrowser]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWksCryptSvc]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWksSchedule]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNNetlogon]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiNOD32krnRpcLocator]
"ImagePath"="đ%€|x\01\09 srv"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2776)
c:\program files\Netropa\Multimedia Keyboard\nhkdll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-24 09:08:32
ComboFix-quarantined-files.txt 2010-08-24 07:08
ComboFix2.txt 2010-08-19 07:51
ComboFix3.txt 2010-08-18 09:54
ComboFix4.txt 2010-08-17 09:21
ComboFix5.txt 2010-08-24 06:50
Před spuštěním: Volných bajtů: 13 945 393 152
Po spuštění: Volných bajtů: 14 039 195 648
- - End Of File - - 3AA34C4F7041991E5AFC7D9EBCDC50F3
prosím o pomoc. PC se velmi zpomalilo, odinstaloval jsem koupený NOD32 a bylo to výrazně lepší. Po čase se zase zpomalilo. Nainstaloval jsem zpět NOD32 a provedl test. Test běžel, ale po 2 dnech jsem se dostal jen na 24% a tam to jelo velmi pomalu. Nevydržel jsem čekat více než 3 dny. Pak jsem to vypnul, odinstaloval NOD32, použil jsem Combofix, nainstaloval Free AVG - ten také našel nějaké potvůrky. Už se zdálo, že je vše OK, ale dnes to opět běží velmi pomalu.
ComboFix 10-08-17.04 - Richard 24.08.2010 8:52.5.1 - x86
Spuštěný z: c:\docume~1\Richard\Plocha\ComboFix.exe
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-24 do 2010-08-24 )))))))))))))))))))))))))))))))
.
2010-08-20 06:12 . 2010-08-20 06:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-20 02:56 . 2010-08-20 02:56 -------- d-----w- C:\$AVG
2010-08-20 02:33 . 2010-08-20 06:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-20 02:33 . 2010-08-20 06:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-20 02:33 . 2010-08-20 06:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-20 02:33 . 2010-08-20 15:43 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-20 02:33 . 2010-08-20 02:33 -------- d-----w- c:\program files\AVG
2010-08-17 08:20 . 2010-08-17 08:20 390144 ----a-w- c:\windows\system32\CF10281.exe
2010-08-09 06:02 . 2010-08-09 06:02 -------- d-----w- C:\332d97db2a57536c3febfa53
2010-08-03 06:45 . 2010-08-03 06:45 -------- d-----w- C:\fc7d322ab63a425f02eb206f01
2010-08-03 06:44 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 05:11 . 2007-01-10 07:50 -------- d-----w- c:\program files\AEBPR
2010-08-13 09:59 . 2004-08-18 12:00 82828 ----a-w- c:\windows\system32\perfc005.dat
2010-08-13 09:59 . 2004-08-18 12:00 440774 ----a-w- c:\windows\system32\perfh005.dat
2010-08-09 13:05 . 2006-08-07 19:40 -------- d-----w- c:\program files\ESET
2010-08-09 08:36 . 2009-03-23 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 10:32 . 2010-07-16 10:29 -------- d-----w- c:\program files\Karaoke Editor
2010-07-01 13:33 . 2007-09-12 20:08 -------- d-----w- c:\program files\Google
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-18 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-18 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-18 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-08-07 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2008-09-29 07:33 . 2008-09-29 05:50 1450245 --sha-w- c:\windows\system32\AdobePDFh.sys
2006-05-03 10:06 . 2007-02-21 14:41 163328 --sh--r- c:\windows\system32\flvDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2007-10-25 956296]
"Google Update"="c:\documents and settings\Richard\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-07-09 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 15969280]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-12 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-11 520192]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-20 2065760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-5 618557]
Print Monitor.lnk - c:\program files\canon\PrintMonitor\CPUPVIEW.exe [2010-5-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-20 06:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
2004-03-25 10:35 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-20 21:36 1207080 ----a-w- c:\progra~1\MICROS~2\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
2008-11-06 17:23 772096 ----a-w- c:\program files\MP4 Player\Mp4Player.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-12-03 09:33 2372840 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-12 06:40 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-02-11 00:37 520192 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2006-05-19 16:40 884224 ----a-w- c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvcxmlprov"=2 (0x2)
"gusvcwinmgmt"=2 (0x2)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
R0 Winag16;Winag16;c:\windows\System32\Drivers\Winag16.sys [x]
R0 Winag30;Winag30;c:\windows\System32\Drivers\Winag30.sys [x]
R0 Winci74;Winci74;c:\windows\System32\Drivers\Winci74.sys [x]
R0 Winek84;Winek84;c:\windows\System32\Drivers\Winek84.sys [x]
R0 Winfk38;Winfk38;c:\windows\System32\Drivers\Winfk38.sys [x]
R0 Winfl63;Winfl63;c:\windows\System32\Drivers\Winfl63.sys [x]
R0 Wingm28;Wingm28;c:\windows\System32\Drivers\Wingm28.sys [x]
R0 Winlr41;Winlr41;c:\windows\System32\Drivers\Winlr41.sys [x]
R0 Winry41;Winry41;c:\windows\System32\Drivers\Winry41.sys [x]
R0 Winsy16;Winsy16;c:\windows\System32\Drivers\Winsy16.sys [x]
R0 Winub38;Winub38;c:\windows\System32\Drivers\Winub38.sys [x]
R0 Winyg74;Winyg74;c:\windows\System32\Drivers\Winyg74.sys [x]
R2 aawserviceCiSvcSSDPSRV;Ad-Aware 2007 Service aawserviceCiSvcSSDPSRV;đ%€|x srv [x]
R2 CiSvcSSDPSRV;Indexing Service CiSvcSSDPSRV;đ%€|x srv [x]
R2 clr_optimization_v2.0.50727_32Messenger;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32Messenger;đ%€|x srv [x]
R2 DhcpRpcSs;Klient DHCP DhcpRpcSs;đ%€|x srv [x]
R2 dmadminaspnet_state;Služba správy pro Správce logických disků dmadminaspnet_state;đ%€|x srv [x]
R2 dmadminWmdmPmSN;Služba správy pro Správce logických disků dmadminWmdmPmSN;đ%€|x srv [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
R2 IDriverTServiceLayer;InstallDriver Table Manager IDriverTServiceLayer;đ%€|x srv [x]
R2 LightScribeServiceTrkWksSchedule;LightScribeService Direct Disc Labeling Service LightScribeServiceTrkWksSchedule;đ%€|x srv [x]
R2 MicrosoftPlugPlay;Microsoft Office Groove Audit Service MicrosoftPlugPlay;đ%€|x srv [x]
R2 NetTcpPortSharingS24EventMonitor;Net.Tcp Port Sharing Service NetTcpPortSharingS24EventMonitor;đ%€|x srv [x]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 NlaDcomLaunch;Sledování umístění v síti (NLA) NlaDcomLaunch;đ%€|x srv [x]
R2 NOD32krnRpcLocator;NOD32 Kernel Service NOD32krnRpcLocator;đ%€|x srv [x]
R2 NtmsSvcTlntSvr;Vyměnitelné úložiště NtmsSvcTlntSvr;đ%€|x srv [x]
R2 odservMSIServer;Microsoft Office Diagnostics Service odservMSIServer;đ%€|x srv [x]
R2 RasAutoEventSystem;Správce automatického připojení pomocí vzdáleného přístupu RasAutoEventSystem;đ%€|x srv [x]
R2 RDSessMgrNOD32krnRpcLocator;Správce relací nápovědy ke vzdálené ploše RDSessMgrNOD32krnRpcLocator;đ%€|x srv [x]
R2 RegSrvcServiceLayer;Intel(R) PROSet/Wireless Registry Service RegSrvcServiceLayer;đ%€|x srv [x]
R2 RemoteAccessdmadminWmdmPmSN;Směrování a vzdálený přístup RemoteAccessdmadminWmdmPmSN;đ%€|x srv [x]
R2 RemoteAccessImapiService;Směrování a vzdálený přístup RemoteAccessImapiService;đ%€|x srv [x]
R2 RemoteAccessImapiServiceRemoteAccessImapiService;Směrování a vzdálený přístup RemoteAccessImapiService RemoteAccessImapiServiceRemoteAccessImapiService;đ%€|x srv [x]
R2 S24EventMonitorCiSvc;Intel(R) PROSet/Wireless Service S24EventMonitorCiSvc;đ%€|x srv [x]
R2 SENSAudioSrv;Oznamování systémových událostí SENSAudioSrv;đ%€|x srv [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 stisvcProtectedStorage;Načítání obrázků (WIA) stisvcProtectedStorage;đ%€|x srv [x]
R2 TermServiceBrowser;Terminálová služba TermServiceBrowser;đ%€|x srv [x]
R2 TrkWksCryptSvc;Klient služby sledování distribuovaných propojení TrkWksCryptSvc;đ%€|x srv [x]
R2 TrkWksSchedule;Klient služby sledování distribuovaných propojení TrkWksSchedule;đ%€|x srv [x]
R2 WmdmPmSNNetlogon;Služba sériového čísla přenosného zařízení WmdmPmSNNetlogon;đ%€|x srv [x]
R2 WmiNOD32krnRpcLocator;Rozšíření ovladače WMI WmiNOD32krnRpcLocator;đ%€|x srv [x]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\documents and settings\Richard\Local Settings\Temp\{234ABC07-DAD1-4151-B178-F590F492C13D}\fsgk.sys [x]
R3 FagorPcmcia;Description of FagorPcmcia NT service here;c:\windows\system32\Drivers\FagorPcmcia.sys [2003-07-08 10087]
R3 FTCSER2K;FTDI USB Dual Serial Port Driver;c:\windows\system32\drivers\ftcser2k.sys [2004-03-23 56031]
R3 FTCUSB;FTCUSB.SYS FT2232C IO test driver;c:\windows\system32\drivers\ftcusb.sys [2004-05-05 43235]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2007-06-12 51040]
R3 lptwdmio;LPT port direct access service;c:\progra~1\HAM\UR5EQF~1\LPTWDMIO.SYS [x]
R3 memcard;Ovladač paměťových karet PCMCIA;c:\windows\system32\DRIVERS\memcard.sys [2001-08-17 8320]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 packet_2.1;Packet Driver v2.1;c:\windows\system32\drivers\packet.sys [2000-10-24 10755]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2002-01-08 24576]
R4 gusvcwinmgmt;Google Updater Service gusvcwinmgmt;đ%€|x srv [x]
R4 gusvcxmlprov;Google Updater Service gusvcxmlprov;đ%€|x srv [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-20 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-20 243024]
S1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2006-12-04 3026]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-20 308136]
S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\DRIVERS\DLPortIO.SYS [1999-01-10 3584]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-07 9728]
S2 hercul;hercul;c:\windows\system32\DRIVERS\HERCUL.SYS [2002-07-10 4640]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2005-10-03 720470]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2005-10-03 8278]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 06:15]
2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 06:15]
2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{C0CA6F35-C6E9-4200-A7FD-D7701CE743C2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\TRANSLATOR\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\TRANSLATOR\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\TRANSLATOR\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\TRANSLATOR\WEBIE.DLL
TCP: {918D11F8-3B92-45F4-B7BB-51D21899DDE6} = 194.228.41.65,8.8.8.8
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://sberna7.ifoto.cz/snadno-vlozit-fotografie/ilt/ilikethisPhotoUploader2.dll
DPF: {10132C0C-B4E5-11D5-AB9E-444553540000} - hxxp://www.visualradio.de/download/VRPCA.CAB
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://bossdomu.dyndns.org:5070/RtspVaPgDec.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp05.photoprintit.de/microsite/4860/defaults/activex/IPSUploader.cab
FF - ProfilePath - c:\documents and settings\Richard\Data aplikací\Mozilla\Firefox\Profiles\xu5nzrbm.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 08:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aawserviceCiSvcSSDPSRV]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcSSDPSRV]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32Messenger]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpRpcSs]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadminaspnet_state]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadminWmdmPmSN]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcwinmgmt]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcxmlprov]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverTServiceLayer]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeServiceTrkWksSchedule]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MicrosoftPlugPlay]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharingS24EventMonitor]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaDcomLaunch]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NOD32krnRpcLocator]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvcTlntSvr]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odservMSIServer]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoEventSystem]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrNOD32krnRpcLocator]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegSrvcServiceLayer]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessdmadminWmdmPmSN]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessImapiService]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessImapiServiceRemoteAccessImapiService]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S24EventMonitorCiSvc]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENSAudioSrv]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcProtectedStorage]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceBrowser]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWksCryptSvc]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWksSchedule]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNNetlogon]
"ImagePath"="đ%€|x\01\09 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiNOD32krnRpcLocator]
"ImagePath"="đ%€|x\01\09 srv"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2776)
c:\program files\Netropa\Multimedia Keyboard\nhkdll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-24 09:08:32
ComboFix-quarantined-files.txt 2010-08-24 07:08
ComboFix2.txt 2010-08-19 07:51
ComboFix3.txt 2010-08-18 09:54
ComboFix4.txt 2010-08-17 09:21
ComboFix5.txt 2010-08-24 06:50
Před spuštěním: Volných bajtů: 13 945 393 152
Po spuštění: Volných bajtů: 14 039 195 648
- - End Of File - - 3AA34C4F7041991E5AFC7D9EBCDC50F3
