Pomalý běh internetu
Napsal: 27 zář 2010 12:13
Ahoj potřebuji poradit internet začal jít zpomaleně a pořád se ukazuje stránka nenalezena nevím jestli se přesně vyjadřuji ale je to jako kdybych nebyl připojen internet a clickli na iconu Opery a chtěl se připojit na sít až po druhém kliknutí se stránka objeví. Už dnes po druhý se PC samovolně restartovalo diky předem za možnou pomoc
Ještě k této věci ne vín jestli to má s tím co dělat ale když chci cokoliv odkliknout myší musím třikrát kliknout než se cokoliv otevře
tady je log
ComboFix 10-09-26.04 - user 27.09.2010 12:38:45.50.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.223 [GMT 2:00]
SpuÜtýnř z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Kerio WinRoute Firewall *enabled* {916dafda-8250-4a1d-9095-000da68ac4da}
.
((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Data aplikacÝ\Messenger
Naka×enß kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vylÚŔena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-08-27 do 2010-09-27 )))))))))))))))))))))))))))))))
.
2010-09-27 10:04 . 2010-09-27 10:04 -------- d-----w- c:\program files\HD Tune
2010-09-24 12:08 . 2004-09-15 19:10 516096 ------w- c:\windows\system32\ati2sgag.exe
2010-09-24 11:03 . 2010-09-24 11:03 -------- d-----w- c:\program files\VS Revo Group
2010-09-24 10:32 . 2010-09-24 10:32 -------- d-----w- c:\program files\Ask.com
2010-09-24 10:32 . 2010-09-24 10:48 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-09-23 17:46 . 2008-12-03 15:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-09-23 17:46 . 2002-11-14 20:32 55808 ----a-w- c:\windows\system32\devcon.exe
2010-09-23 17:29 . 2010-09-23 17:29 -------- d-----w- c:\program files\MultiRes
2010-09-23 17:07 . 2010-09-23 17:07 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-09-21 07:34 . 2010-09-21 07:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-15 10:44 . 2010-09-24 11:39 -------- d-----w- c:\program files\Google
2010-09-15 10:44 . 2010-09-15 10:44 -------- d-----w- c:\windows\system32\Adobe
2010-09-15 10:32 . 2010-09-15 10:32 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-09-15 10:32 . 2010-09-15 10:32 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-09-15 10:24 . 2010-09-23 17:50 -------- d-----w- c:\program files\Driver Checker
2010-09-02 17:12 . 2010-09-02 17:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-02 16:22 . 2010-09-07 05:53 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-02 16:22 . 2010-09-08 16:10 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-01 13:18 . 2010-09-01 13:18 -------- d-----w- c:\program files\Samsung
2010-08-29 13:39 . 2010-08-29 13:39 -------- d-----w- c:\program files\NVIDIA Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 09:30 . 2010-04-05 11:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-27 09:29 . 2008-10-22 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-24 12:05 . 2010-02-02 12:16 451072 ----a-w- c:\windows\Radeon Omega Drivers v2.6.87 Uninstall.exe
2010-09-24 11:44 . 2010-05-09 14:39 -------- d-----w- c:\program files\ATI Technologies
2010-09-24 11:32 . 2010-05-06 16:46 -------- d-----w- c:\program files\3D Driving-School
2010-09-23 17:23 . 2009-10-03 14:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-23 13:12 . 2008-10-26 06:54 -------- d-----w- c:\program files\EA Sports
2010-09-18 07:01 . 2010-08-03 12:26 -------- d-----w- c:\program files\Mafia
2010-09-15 10:33 . 2008-10-17 21:30 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-09-15 10:32 . 2009-04-21 09:49 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2010-09-15 10:32 . 2008-10-17 21:33 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2010-09-15 10:32 . 2008-10-17 21:33 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-09-15 10:32 . 2008-10-17 21:33 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2010-09-15 10:32 . 2008-10-17 21:33 217088 ----a-w- c:\windows\Alcrmv.exe
2010-09-01 13:18 . 2009-05-18 11:09 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-09-01 12:08 . 2008-10-17 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-26 10:54 . 2009-06-08 05:52 -------- d-----w- c:\program files\trend micro
2010-08-04 08:52 . 2009-04-21 08:57 -------- d-----w- c:\program files\COMODO
2010-08-01 17:00 . 2010-08-01 17:00 -------- d-----w- c:\program files\Creative
2010-07-04 15:03 . 2006-03-02 12:00 91866 ----a-w- c:\windows\system32\perfc005.dat
2010-07-04 15:03 . 2006-03-02 12:00 469558 ----a-w- c:\windows\system32\perfh005.dat
2010-07-01 10:08 . 2010-05-31 09:40 61 --sh--w- c:\windows\cnerolf.dat
2010-01-06 12:46 . 2010-01-06 12:23 209 ----a-w- c:\program files\operaprefs_default.ini
2009-11-20 18:11 . 2009-11-20 18:11 15828 ----a-w- c:\program files\license.rtf
2009-11-20 18:01 . 2009-11-20 18:01 832296 ----a-w- c:\program files\opera.exe
2009-11-20 18:01 . 2009-11-20 18:01 4450088 ----a-w- c:\program files\opera.dll
2009-11-20 18:00 . 2009-11-20 18:00 653419 ----a-w- c:\program files\encoding.bin
2009-06-17 13:41 . 2009-06-17 13:41 3870 ----a-w- c:\program files\lngcode.txt
2004-02-26 12:35 . 2004-02-26 12:35 7904 ----a-w- c:\program files\html40_entities.dtd
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"SoundMan"="SOUNDMAN.EXE" [2010-09-15 577536]
"AtiPTA"="atiptaxx.exe" [2005-11-23 344064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\opera.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.1.2009 11:14 64160]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v2.6.87\ATI Tray Tools\atitray.sys [14.11.2005 0:43 9088]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1.6.2010 19:00 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4.6.2010 11:55 229312]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19.2.2010 17:00 148744]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [3.2.2010 21:50 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [3.2.2010 21:50 56960]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [24.6.2008 10:36 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 pbfilter;pbfilter; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.10.2009 19:15 721904]
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'
2010-09-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Dopl˛kovř sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uStart Page = about:
mStart Page =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentß°e Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-27 12:51
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
skenovßnÝ skrytřch proces¨ ...
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
skenovßnÝ skrytřch soubor¨ ...
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
**************************************************************************
.
--------------------- ZAMKNUT╔ KL═╚E V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,4a,67,15,5b,a9,6a,5b,cd,e9,29,0d,e8,6d,03,26,ab,ed,d4,03,b1,05,91,
9e,12,18,64,cd,52,6a,9b,30,35,dd,39,6d,c6,2c,07,28,e0,cc,4d,3d,fe,d3,a7,b4,\
"??"=hex:8a,95,0c,91,36,dd,90,2c,2c,e3,05,7a,7a,8f,80,cc
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:01,38,c0,f0,9f,86,ce,1b,9b,97,ec,02,a1,a1,36,1d,98,51,81,c5,8c,
68,61,8a,14,b7,48,c9,32,14,df,e7,50,bc,54,d5,aa,8d,f6,19,7a,aa,ed,ff,ce,8b,\
"rkeysecu"=hex:03,a4,a8,d4,d9,9b,91,ef,48,52,9f,6c,1c,34,21,ac
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="94BC918E2C4269FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74CBA7FD869164D67943A9DAF0BB27E5CA0871BA1BF258214A2B46CC3317BD969CA7D9109AEE3ACC44C0854D43EAFD1CD2ED18D3AE9FE39AEF52B2BCC4B0A24F0A43E1AFA766FAE5E05ACF200AB17257CC5BAFAE25A25B10D678773827BFECD2AF8563CB22FD613E8A3EEC370B6D8CB930681441CB251616BE423DA46BFF91203A2DA62945546F8238FBA25A879C7E9C183095EA6C91F14094EF90C3C4C82806BEE000A43174BD7CC231E0B6F411BF8B947D8D08BA80F68A9792EC1CC0901FCD89F9F4628DB5876AD2F4D7DCC11EE4932CA9E37151086CF142E04CDA211C2BFC2EAB73CF13A42F18E759C958F9C437A6501A944D3F1CB9316AB659730337854A6FB6A27110046BB3C2E09854B4E798292CB6EB919F20ECC7C215D952774391B846F7D563A2D81170981B18E5544DAABFA0583F0FBEFDA6A9DB39ED6028A7D47E158DAA8E675F59F4C91D78847CE911467F6A4D5D8F6A82FCFFD7C7C7A63A2DF473B1197D3428A3FDBF064DE00F32EACA0E1B268CE494EB1ED0B71BB131C6B41C015D0AC82B0893899A4DF1121ED223B767B32BE40DE0A5E59DC985D0F897A1CDF5070853910221F64A97B3191A947D9BA6A49FED4627B71F4E834BEF5335B73B751EA54FE66E45C226E8868F9C75777C44AC566F630A57F2897A9D115D37A1EE26DDB60A16949ACBD56FE704A9FF2546FAC1545575DF26F5FC57F1BFA5CAAC9FB6E08833488AA2223B7791934B81C859894CD0067AEAEFA0945E4347DEE1FF4A51353AB8864C59FC6DD36462D533B77A379A50E5F200AB11A592AC9B36373F3838B47DABA4E3E5F1B08196D6FDD9B65F5497AFCBA5F98F4893E449EF946236E3E011428A5D1196C9B68289C7A00EB62FB624BEB37CED2FC539D4B867156915F028A893DECAB422AC5280F700F1240D42419BB8FD98496D4751AFC6BFC86821881389E59F349874B9B5F1C9D33228F745FB5932F67CC225AF5C83BCA457F1F3B6E0BEC4EE3521AD9A01F42EAB1F1B5D025733FA96D249ABFDB3208B5B51CF6C0847932012A9D92B161E999B498F6F2CA7084CE6C393E098D32D38ED1FE6B79757E6D506DF8396A036936DA683A5BE819C08A75FEDE02D99D099E1BD696B1FCF69C444D22C3E300D44C70660AACF920C4961F0BF536095C1E73F71F1333E6BA3BA450533F4592957D9D76BFB1C967032BFACC8CFED82246130A372EE850B54F885F58AF7DF86E512C779B8B8AB068627E761598DB2650AFD268AB034CAF7E3DFB9895D526A1D33E5FF82797D2C1F4EF45996BF4DE42C993072D9479C655546984A1B659964453C96DC2D3D05FA43C4558F5B707"
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\locator.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkovř Ŕas: 2010-09-27 12:59:12 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2010-09-27 10:59
P°ed spuÜtýnÝm: Volnřch bajt¨: 56á286á420á992
Po spuÜtýnÝ: Volnřch bajt¨: 56á264á716á288
Current=6 Default=6 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 5D8308479A9420CCD7AD6D9747E7FCFB
Ještě k této věci ne vín jestli to má s tím co dělat ale když chci cokoliv odkliknout myší musím třikrát kliknout než se cokoliv otevře
tady je log
ComboFix 10-09-26.04 - user 27.09.2010 12:38:45.50.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.223 [GMT 2:00]
SpuÜtýnř z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Kerio WinRoute Firewall *enabled* {916dafda-8250-4a1d-9095-000da68ac4da}
.
((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Data aplikacÝ\Messenger
Naka×enß kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vylÚŔena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-08-27 do 2010-09-27 )))))))))))))))))))))))))))))))
.
2010-09-27 10:04 . 2010-09-27 10:04 -------- d-----w- c:\program files\HD Tune
2010-09-24 12:08 . 2004-09-15 19:10 516096 ------w- c:\windows\system32\ati2sgag.exe
2010-09-24 11:03 . 2010-09-24 11:03 -------- d-----w- c:\program files\VS Revo Group
2010-09-24 10:32 . 2010-09-24 10:32 -------- d-----w- c:\program files\Ask.com
2010-09-24 10:32 . 2010-09-24 10:48 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-09-23 17:46 . 2008-12-03 15:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-09-23 17:46 . 2002-11-14 20:32 55808 ----a-w- c:\windows\system32\devcon.exe
2010-09-23 17:29 . 2010-09-23 17:29 -------- d-----w- c:\program files\MultiRes
2010-09-23 17:07 . 2010-09-23 17:07 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-09-21 07:34 . 2010-09-21 07:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-15 10:44 . 2010-09-24 11:39 -------- d-----w- c:\program files\Google
2010-09-15 10:44 . 2010-09-15 10:44 -------- d-----w- c:\windows\system32\Adobe
2010-09-15 10:32 . 2010-09-15 10:32 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-09-15 10:32 . 2010-09-15 10:32 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-09-15 10:24 . 2010-09-23 17:50 -------- d-----w- c:\program files\Driver Checker
2010-09-02 17:12 . 2010-09-02 17:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-02 16:22 . 2010-09-07 05:53 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-02 16:22 . 2010-09-08 16:10 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-01 13:18 . 2010-09-01 13:18 -------- d-----w- c:\program files\Samsung
2010-08-29 13:39 . 2010-08-29 13:39 -------- d-----w- c:\program files\NVIDIA Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 09:30 . 2010-04-05 11:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-27 09:29 . 2008-10-22 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-24 12:05 . 2010-02-02 12:16 451072 ----a-w- c:\windows\Radeon Omega Drivers v2.6.87 Uninstall.exe
2010-09-24 11:44 . 2010-05-09 14:39 -------- d-----w- c:\program files\ATI Technologies
2010-09-24 11:32 . 2010-05-06 16:46 -------- d-----w- c:\program files\3D Driving-School
2010-09-23 17:23 . 2009-10-03 14:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-23 13:12 . 2008-10-26 06:54 -------- d-----w- c:\program files\EA Sports
2010-09-18 07:01 . 2010-08-03 12:26 -------- d-----w- c:\program files\Mafia
2010-09-15 10:33 . 2008-10-17 21:30 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-09-15 10:32 . 2009-04-21 09:49 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2010-09-15 10:32 . 2008-10-17 21:33 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2010-09-15 10:32 . 2008-10-17 21:33 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-09-15 10:32 . 2008-10-17 21:33 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2010-09-15 10:32 . 2008-10-17 21:33 217088 ----a-w- c:\windows\Alcrmv.exe
2010-09-01 13:18 . 2009-05-18 11:09 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-09-01 12:08 . 2008-10-17 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-26 10:54 . 2009-06-08 05:52 -------- d-----w- c:\program files\trend micro
2010-08-04 08:52 . 2009-04-21 08:57 -------- d-----w- c:\program files\COMODO
2010-08-01 17:00 . 2010-08-01 17:00 -------- d-----w- c:\program files\Creative
2010-07-04 15:03 . 2006-03-02 12:00 91866 ----a-w- c:\windows\system32\perfc005.dat
2010-07-04 15:03 . 2006-03-02 12:00 469558 ----a-w- c:\windows\system32\perfh005.dat
2010-07-01 10:08 . 2010-05-31 09:40 61 --sh--w- c:\windows\cnerolf.dat
2010-01-06 12:46 . 2010-01-06 12:23 209 ----a-w- c:\program files\operaprefs_default.ini
2009-11-20 18:11 . 2009-11-20 18:11 15828 ----a-w- c:\program files\license.rtf
2009-11-20 18:01 . 2009-11-20 18:01 832296 ----a-w- c:\program files\opera.exe
2009-11-20 18:01 . 2009-11-20 18:01 4450088 ----a-w- c:\program files\opera.dll
2009-11-20 18:00 . 2009-11-20 18:00 653419 ----a-w- c:\program files\encoding.bin
2009-06-17 13:41 . 2009-06-17 13:41 3870 ----a-w- c:\program files\lngcode.txt
2004-02-26 12:35 . 2004-02-26 12:35 7904 ----a-w- c:\program files\html40_entities.dtd
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"SoundMan"="SOUNDMAN.EXE" [2010-09-15 577536]
"AtiPTA"="atiptaxx.exe" [2005-11-23 344064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\opera.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.1.2009 11:14 64160]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v2.6.87\ATI Tray Tools\atitray.sys [14.11.2005 0:43 9088]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1.6.2010 19:00 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4.6.2010 11:55 229312]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19.2.2010 17:00 148744]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [3.2.2010 21:50 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [3.2.2010 21:50 56960]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [24.6.2008 10:36 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 pbfilter;pbfilter; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.10.2009 19:15 721904]
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'
2010-09-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Dopl˛kovř sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uStart Page = about:
mStart Page =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentß°e Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-27 12:51
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
skenovßnÝ skrytřch proces¨ ...
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
skenovßnÝ skrytřch soubor¨ ...
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
**************************************************************************
.
--------------------- ZAMKNUT╔ KL═╚E V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,4a,67,15,5b,a9,6a,5b,cd,e9,29,0d,e8,6d,03,26,ab,ed,d4,03,b1,05,91,
9e,12,18,64,cd,52,6a,9b,30,35,dd,39,6d,c6,2c,07,28,e0,cc,4d,3d,fe,d3,a7,b4,\
"??"=hex:8a,95,0c,91,36,dd,90,2c,2c,e3,05,7a,7a,8f,80,cc
[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:01,38,c0,f0,9f,86,ce,1b,9b,97,ec,02,a1,a1,36,1d,98,51,81,c5,8c,
68,61,8a,14,b7,48,c9,32,14,df,e7,50,bc,54,d5,aa,8d,f6,19,7a,aa,ed,ff,ce,8b,\
"rkeysecu"=hex:03,a4,a8,d4,d9,9b,91,ef,48,52,9f,6c,1c,34,21,ac
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="94BC918E2C4269FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74CBA7FD869164D67943A9DAF0BB27E5CA0871BA1BF258214A2B46CC3317BD969CA7D9109AEE3ACC44C0854D43EAFD1CD2ED18D3AE9FE39AEF52B2BCC4B0A24F0A43E1AFA766FAE5E05ACF200AB17257CC5BAFAE25A25B10D678773827BFECD2AF8563CB22FD613E8A3EEC370B6D8CB930681441CB251616BE423DA46BFF91203A2DA62945546F8238FBA25A879C7E9C183095EA6C91F14094EF90C3C4C82806BEE000A43174BD7CC231E0B6F411BF8B947D8D08BA80F68A9792EC1CC0901FCD89F9F4628DB5876AD2F4D7DCC11EE4932CA9E37151086CF142E04CDA211C2BFC2EAB73CF13A42F18E759C958F9C437A6501A944D3F1CB9316AB659730337854A6FB6A27110046BB3C2E09854B4E798292CB6EB919F20ECC7C215D952774391B846F7D563A2D81170981B18E5544DAABFA0583F0FBEFDA6A9DB39ED6028A7D47E158DAA8E675F59F4C91D78847CE911467F6A4D5D8F6A82FCFFD7C7C7A63A2DF473B1197D3428A3FDBF064DE00F32EACA0E1B268CE494EB1ED0B71BB131C6B41C015D0AC82B0893899A4DF1121ED223B767B32BE40DE0A5E59DC985D0F897A1CDF5070853910221F64A97B3191A947D9BA6A49FED4627B71F4E834BEF5335B73B751EA54FE66E45C226E8868F9C75777C44AC566F630A57F2897A9D115D37A1EE26DDB60A16949ACBD56FE704A9FF2546FAC1545575DF26F5FC57F1BFA5CAAC9FB6E08833488AA2223B7791934B81C859894CD0067AEAEFA0945E4347DEE1FF4A51353AB8864C59FC6DD36462D533B77A379A50E5F200AB11A592AC9B36373F3838B47DABA4E3E5F1B08196D6FDD9B65F5497AFCBA5F98F4893E449EF946236E3E011428A5D1196C9B68289C7A00EB62FB624BEB37CED2FC539D4B867156915F028A893DECAB422AC5280F700F1240D42419BB8FD98496D4751AFC6BFC86821881389E59F349874B9B5F1C9D33228F745FB5932F67CC225AF5C83BCA457F1F3B6E0BEC4EE3521AD9A01F42EAB1F1B5D025733FA96D249ABFDB3208B5B51CF6C0847932012A9D92B161E999B498F6F2CA7084CE6C393E098D32D38ED1FE6B79757E6D506DF8396A036936DA683A5BE819C08A75FEDE02D99D099E1BD696B1FCF69C444D22C3E300D44C70660AACF920C4961F0BF536095C1E73F71F1333E6BA3BA450533F4592957D9D76BFB1C967032BFACC8CFED82246130A372EE850B54F885F58AF7DF86E512C779B8B8AB068627E761598DB2650AFD268AB034CAF7E3DFB9895D526A1D33E5FF82797D2C1F4EF45996BF4DE42C993072D9479C655546984A1B659964453C96DC2D3D05FA43C4558F5B707"
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\locator.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkovř Ŕas: 2010-09-27 12:59:12 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2010-09-27 10:59
P°ed spuÜtýnÝm: Volnřch bajt¨: 56á286á420á992
Po spuÜtýnÝ: Volnřch bajt¨: 56á264á716á288
Current=6 Default=6 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 5D8308479A9420CCD7AD6D9747E7FCFB
CHOVAT