VIRY.CZ

Dobry den,
z neznameho duvodu se mi extremne zpomalil cely system, nabeh trva snad pul hodiny. Test ESET antiviru nic neprokazal. Zda se, jakoby to melo souvislost s pristupy na disk. Jakmile uz je aplikace v pameti, tak bezi normalne.

log ma 420 000 znaku (moc?), takze tady je odkaz:

http://www.fibichr.com/log.txt

Zdravím!
Poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Tady je. Opet to trvalo asi sto let, protoze ComboFix vyzaduje restart.


ComboFix 11-12-31.03 - yare 31.12.2011 18:14:29.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4095.2614 [GMT 1:00]
Spuštěný z: c:\users\yare\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\Mozilla Firefox\plugins\npuuseep.dll
c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
c:\program files (x86)\Uninstall.exe
c:\programdata\xml9222.tmp
c:\programdata\xmlA120.tmp
c:\programdata\xmlA1CD.tmp
c:\users\yare\AppData\Roaming\EurekaLog
c:\users\yare\AppData\Roaming\chrtmp
c:\users\yare\AppData\Roaming\Microsoft\Windows\Recent\DMCUltimate.url
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\struct~.ini
c:\windows\system32\java.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\32.ICO
c:\windows\SysWow64\Nagasoft\Codecs\asyncflt.ax
c:\windows\SysWow64\Nagasoft\Codecs\atrc.dll
c:\windows\SysWow64\Nagasoft\Codecs\cook.dll
c:\windows\SysWow64\Nagasoft\Codecs\drvc.dll
c:\windows\SysWow64\Nagasoft\Codecs\raac.dll
c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\SysWow64\Nagasoft\Codecs\WMFDemux.dll
c:\windows\SysWow64\Nagasoft\FFVJPlayer.exe
c:\windows\SysWow64\Nagasoft\GifShower.dll
c:\windows\SysWow64\Nagasoft\Uninstall.exe
c:\windows\SysWow64\Nagasoft\vjocx.dll
c:\windows\SysWow64\Nagasoft\vjocx.exe
c:\windows\SysWow64\nsis_loader.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-28 do 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 17:44 . 2011-12-31 17:44 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-12-31 17:44 . 2011-12-31 17:44 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-12-31 17:44 . 2011-12-31 17:44 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-12-31 17:44 . 2011-12-31 17:44 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-12-31 17:30 . 2011-12-31 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-20 11:37 . 2011-12-31 17:29 -------- d-----w- c:\program files (x86)\TNod User & Password Finder
2011-12-20 11:13 . 2010-11-20 13:27 1219584 ----a-w- c:\windows\system32\rpcrt4.dll
2011-12-20 11:11 . 2010-11-20 13:27 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-12-20 11:10 . 2010-11-20 13:27 812032 ----a-w- c:\windows\system32\wpccpl.dll
2011-12-20 11:09 . 2010-11-20 13:27 182784 ----a-w- c:\windows\system32\WUDFPlatform.dll
2011-12-20 11:07 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-12-20 11:04 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-12-20 11:04 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-12-20 11:03 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-12-20 10:54 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-12-20 10:54 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-20 10:54 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-12-20 10:53 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-12-20 10:52 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-12-20 10:49 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-12-20 10:49 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-12-20 10:41 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-20 10:41 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-20 10:41 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-20 10:41 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-20 10:41 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-20 10:40 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-20 10:40 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-20 10:40 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-20 10:40 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-12-20 10:40 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-12-20 10:40 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-12-20 10:39 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-20 10:39 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-12-20 10:37 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-20 10:36 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-20 10:35 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-20 10:35 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-20 10:35 . 2010-11-20 13:24 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-12-20 10:35 . 2010-11-20 13:24 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-20 10:35 . 2010-11-20 12:16 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-12-20 10:35 . 2010-11-20 12:16 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-12-20 10:35 . 2010-11-20 13:24 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-20 10:35 . 2010-11-20 12:16 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-12-20 10:34 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-12-20 10:34 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2011-12-20 10:34 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2011-12-20 10:34 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2011-12-20 10:34 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-12-20 10:34 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2011-12-20 10:34 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2011-12-20 10:34 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2011-12-20 10:34 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2011-12-20 10:34 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-12-20 10:34 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2011-12-20 10:34 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-20 10:33 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-20 10:18 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-20 10:18 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-12-20 10:17 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-20 10:17 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-12-20 10:17 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-12-20 10:17 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-12-20 10:17 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-12-20 10:17 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-12-20 10:15 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-20 10:15 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-20 10:15 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-20 10:15 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-12-20 10:15 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-20 10:15 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-12-20 10:13 . 2011-12-20 10:13 -------- d-----w- c:\users\yare\AppData\Local\ESET
2011-12-20 09:59 . 2011-12-20 09:59 -------- d-----w- c:\program files\ESET
2011-12-20 08:40 . 2011-12-20 09:02 2221042 ----a-w- C:\BdUninstallTool2011.12.20-09.40.46.reg
2011-12-19 14:34 . 2011-12-19 14:34 -------- d-----w- C:\found.001
2011-12-05 02:45 . 2011-12-05 02:45 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 04:26 . 2011-12-20 10:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2002-01-01 06:15 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2002-01-01 06:15 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2002-01-01 06:15 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2002-01-01 06:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2002-01-01 06:15 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2002-01-01 06:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2002-01-01 06:15 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2002-01-01 06:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-06-15 02:18 . 2010-06-15 02:18 74672 ----a-w- c:\program files (x86)\fraps64.dat
2010-06-15 02:18 . 2010-06-15 02:18 2176944 ----a-w- c:\program files (x86)\fraps.exe
2010-06-15 02:15 . 2010-06-15 02:15 159744 ----a-w- c:\program files (x86)\frapslcd.dll
2010-06-15 01:54 . 2010-06-15 01:54 153008 ----a-w- c:\program files (x86)\fraps64.dll
2010-06-15 01:54 . 2010-06-15 01:54 206768 ----a-w- c:\program files (x86)\fraps32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\yare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2010-7-13 380928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-11-27 29310]
VirtuaWin.lnk - c:\program files (x86)\VirtuaWin\VirtuaWin.exe [2010-1-10 126464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 135664]
R2 MyIPLocalSrv;MyIP;c:\program files (x86)\JulioTrujilloLeon\MyIP\MyIpLocalSrv.exe [2010-01-07 19456]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 cpuz130;cpuz130;c:\users\yare\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DB2NTSECSERVER_TACOM20;DB2 Security Server (TACOM20);c:\program files (x86)\Quest Software\Toad for Data Analysis 2.0\DB2 Client\BIN\db2sec.exe [2007-07-23 14112]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-02 1038088]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-16 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 135664]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 BMFMySQL;BMFMySQL;c:\program files (x86)\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [2005-10-22 4431872]
S2 DB2MGMTSVC_TACM251;DB2 Management Service (TACM251);c:\program files (x86)\Quest Software\Toad for Data Analysts 2.5.1\SQLLIB\BIN\db2mgmtsvc.exe [2009-02-19 38688]
S2 DB2MGMTSVC_TACOM20;DB2 Management Service (TACOM20);c:\program files (x86)\Quest Software\Toad for Data Analysis 2.0\DB2 Client\BIN\db2mgmtsvc.exe [2007-07-23 35616]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-07-12 50688]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-10-01 948224]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-07-12 690688]
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files (x86)\MPICH2\bin\smpd.exe [2010-02-22 458752]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [2005-11-07 21120]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 19:39]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 19:39]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2673813320-3445317176-263111677-1001Core.job
- c:\users\yare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-17 13:14]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2673813320-3445317176-263111677-1001UA.job
- c:\users\yare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-17 13:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"combofix"="c:\combofix\CF10126.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: ĘąÓĂUUSeeĎÂÔŘ - c:\program files (x86)\uusee\geturltodown.htm
IE: ĘąÓĂUUSeeĽÓËٲĄ·Ĺ - c:\program files (x86)\uusee\geturltoplay.htm
IE: {{998A88A0-A355-809B-831C-B83A80000991} - http://www.ugege.com/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{857B3875-EB68-4BD2-B82B-09A2C5B8FC74}: NameServer = 172.18.146.18,172.18.145.35
FF - ProfilePath - c:\users\yare\AppData\Roaming\Mozilla\Firefox\Profiles\iccfo9bi.default\
FF - prefs.js: browser.search.selectedEngine - Titulky.com
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-AsioReg - CTASIO.DLL
HKLM-Run-TNOD UP - c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-VJOcx2.0 - c:\windows\system32\Nagasoft\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files (x86)\VirtuaWin\modules\WinList.exe
c:\program files (x86)\totalcmd\TOTALCMD.EXE
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
c:\users\yare\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2011-12-31 19:00:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-31 18:00
.
Před spuštěním: 23 448 780 800 bytes free
Po spuštění: 24 706 691 072 bytes free
.
- - End Of File - - 6C894387693033BC9B2201A327C11E4B

1. Odinstalujte cracklý Eset a použijte některé free řešení: http://www.viry.cz/forum/viewforum.php?f=29 .
2. Ještě dočistíme. Přesuňte ComboFix na plochu. otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files (x86)\Google\Update

Driver::
gupdate
gupdatem

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu comboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.



3. Tento program: c:\program files (x86)\JulioTrujilloLeon\MyIP máte v PC vědomě?

1. ESET odinstalovavam dodatecne po ComboFixu. Kazdopadne ten system nezpomaluje, pred instalaci to bylo stejny.
2. Log nize.
3. Ano, ale neni uz potreba, tak sem ho odstranil.

Zatim beze zmeny, je to silene iritujici, zacinam zvazovat reinstall Win7 :


ComboFix 11-12-31.03 - yare 02.01.2012 0:34.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4095.2438 [GMT 1:00]
Spuštěný z: c:\users\yare\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\yare\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.79\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.79\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.79\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.79\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.79\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.79\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.79\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.79\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files (x86)\Google\Update\Download\{F62CFF1F-F1B2-4B52-A077-DE6094301407}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-02 do 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-01 23:46 . 2012-01-01 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 23:46 . 2012-01-01 23:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-01 23:14 . 2012-01-01 23:14 -------- d-----w- c:\programdata\SpywareTerminator2012Upgrade
2011-12-20 11:37 . 2011-12-31 17:29 -------- d-----w- c:\program files (x86)\TNod User & Password Finder
2011-12-20 11:13 . 2010-11-20 13:27 1219584 ----a-w- c:\windows\system32\rpcrt4.dll
2011-12-20 11:11 . 2010-11-20 13:27 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-12-20 11:10 . 2010-11-20 13:27 812032 ----a-w- c:\windows\system32\wpccpl.dll
2011-12-20 11:09 . 2010-11-20 13:27 182784 ----a-w- c:\windows\system32\WUDFPlatform.dll
2011-12-20 11:04 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-12-20 11:04 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-12-20 11:03 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-12-20 10:54 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-12-20 10:54 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-20 10:54 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-12-20 10:53 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-12-20 10:52 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-12-20 10:49 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-12-20 10:49 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-12-20 10:41 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-20 10:41 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-20 10:41 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-20 10:41 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-20 10:41 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-20 10:40 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-20 10:40 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-20 10:40 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-20 10:40 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-12-20 10:39 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-20 10:39 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-12-20 10:37 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-20 10:36 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-20 10:35 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-20 10:35 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-20 10:35 . 2010-11-20 13:24 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-12-20 10:35 . 2010-11-20 13:24 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-20 10:35 . 2010-11-20 12:16 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-12-20 10:35 . 2010-11-20 12:16 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-12-20 10:35 . 2010-11-20 13:24 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-20 10:35 . 2010-11-20 12:16 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-12-20 10:34 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-12-20 10:34 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2011-12-20 10:34 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2011-12-20 10:34 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2011-12-20 10:34 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-12-20 10:34 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-12-20 10:34 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-20 10:33 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-20 10:18 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-20 10:18 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-12-20 10:17 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-20 10:17 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-12-20 10:17 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-12-20 10:17 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-12-20 10:17 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-12-20 10:17 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-12-20 10:15 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-20 10:15 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-20 10:15 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-20 10:15 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-20 10:13 . 2011-12-20 10:13 -------- d-----w- c:\users\yare\AppData\Local\ESET
2011-12-20 09:59 . 2011-12-20 09:59 -------- d-----w- c:\program files\ESET
2011-12-20 08:40 . 2011-12-20 09:02 2221042 ----a-w- C:\BdUninstallTool2011.12.20-09.40.46.reg
2011-12-19 14:34 . 2011-12-19 14:34 -------- d-----w- C:\found.001
2011-12-05 02:45 . 2011-12-05 02:45 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 04:26 . 2011-12-20 10:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2002-01-01 06:15 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2002-01-01 06:15 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2002-01-01 06:15 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2002-01-01 06:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2002-01-01 06:15 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2002-01-01 06:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2002-01-01 06:15 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2002-01-01 06:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-06-15 02:18 . 2010-06-15 02:18 74672 ----a-w- c:\program files (x86)\fraps64.dat
2010-06-15 02:18 . 2010-06-15 02:18 2176944 ----a-w- c:\program files (x86)\fraps.exe
2010-06-15 02:15 . 2010-06-15 02:15 159744 ----a-w- c:\program files (x86)\frapslcd.dll
2010-06-15 01:54 . 2010-06-15 01:54 153008 ----a-w- c:\program files (x86)\fraps64.dll
2010-06-15 01:54 . 2010-06-15 01:54 206768 ----a-w- c:\program files (x86)\fraps32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-31_17.51.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-31 17:33 . 2011-12-31 17:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-01 23:50 . 2012-01-01 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-31 17:33 . 2011-12-31 17:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-01 23:50 . 2012-01-01 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-01-01 23:48 422020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-31 17:31 422020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-07 00:03 . 2012-01-01 23:48 2331260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2673813320-3445317176-263111677-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SpywareTerminator2012Setup"="c:\programdata\SpywareTerminator2012Upgrade\ST2012UpgradeSetup.exe" [2012-01-01 4715352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\yare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2010-7-13 380928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-11-27 29310]
VirtuaWin.lnk - c:\program files (x86)\VirtuaWin\VirtuaWin.exe [2010-1-10 126464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DB2MGMTSVC_TACM251;DB2 Management Service (TACM251);c:\program files (x86)\Quest Software\Toad for Data Analysts 2.5.1\SQLLIB\BIN\db2mgmtsvc.exe [2009-02-19 38688]
R2 DB2MGMTSVC_TACOM20;DB2 Management Service (TACOM20);c:\program files (x86)\Quest Software\Toad for Data Analysis 2.0\DB2 Client\BIN\db2mgmtsvc.exe [2007-07-23 35616]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-07-12 50688]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-10-01 948224]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-07-12 690688]
R2 MyIPLocalSrv;MyIP;c:\program files (x86)\JulioTrujilloLeon\MyIP\MyIpLocalSrv.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 cpuz130;cpuz130;c:\users\yare\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DB2NTSECSERVER_TACOM20;DB2 Security Server (TACOM20);c:\program files (x86)\Quest Software\Toad for Data Analysis 2.0\DB2 Client\BIN\db2sec.exe [2007-07-23 14112]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-02 1038088]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-16 30192]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 BMFMySQL;BMFMySQL;c:\program files (x86)\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [2005-10-22 4431872]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files (x86)\MPICH2\bin\smpd.exe [2010-02-22 458752]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [2005-11-07 21120]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2673813320-3445317176-263111677-1001Core.job
- c:\users\yare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-17 13:14]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2673813320-3445317176-263111677-1001UA.job
- c:\users\yare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-17 13:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AsioReg"="CTASIO.DLL" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU]
"combofix"="c:\combofix\CF6139.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: ĘąÓĂUUSeeĎÂÔŘ - c:\program files (x86)\uusee\geturltodown.htm
IE: ĘąÓĂUUSeeĽÓËٲĄ·Ĺ - c:\program files (x86)\uusee\geturltoplay.htm
IE: {{998A88A0-A355-809B-831C-B83A80000991} - http://www.ugege.com/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{857B3875-EB68-4BD2-B82B-09A2C5B8FC74}: NameServer = 172.18.146.18,172.18.145.35
FF - ProfilePath - c:\users\yare\AppData\Roaming\Mozilla\Firefox\Profiles\iccfo9bi.default\
FF - prefs.js: browser.search.selectedEngine - Titulky.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
c:\program files (x86)\VirtuaWin\modules\WinList.exe
c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
c:\program files (x86)\Spyware Terminator\SpywareTerminator.exe
.
**************************************************************************
.
Celkový čas: 2012-01-02 01:15:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-02 00:14
ComboFix2.txt 2011-12-31 18:00
.
Před spuštěním: 24 477 786 112 bytes free
Po spuštění: 23 876 116 480 bytes free
.
- - End Of File - - 1226D636AF300677599EBB5E10656A00

Jo, taky sem pustil Spyware Terminator 2012, Full Scan. Vysledek: 0 Infections.

Log již vypadá OK. Zkuste obnovu systému k datu, kdy korektně fungoval.

Bohuzel, takovy bod neexistuje. Je tu nastavena celkem mala cast disku pro body obnovy, a problem trva uz dlouho.

Stale ale zkousim prijit na to, jestli problem nejak nesouvisi s diskem (nebo radicem), na kterem sou ten system instalovanej. Je hrozne podezrely, ze jakmile je neco nacteny v pameti, bezi to bez problemu, ale kdyz se loaduje z disku, tak to hrozne trva (a jak sem rekl na zacatku, boot je silene dlouhej).

Treba s tim souvisi i tento vysledek jednoducheho benchmarku HD ze Sandry.... jako by mel hrozne dlouhej access time.

Zkuste se podívat do správce zařízení>řadiče IDE/ATA>kanály prim/sek. Klikněte pravým myšítkem>vlastnosti>nastavení a zkontrolujte, zda je zapnut režim IDE. pokud ne, zapněte, uložte nastavení a restartujte PC.

Jestli mate na mysli DMA rezim, tak ten je zapnuty. Na nastaveni BIOSu uz sem koukal, nic moc sem nevykoukal, ale muzu to zkusit znova. Zacina to vypadat na reinstall Jenom doufam, ze to neni hardwarova chyba, to by bylo zle

Ještě se podíváme na rootkity. Udělejte sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.

Tak problem se vytratil po projeti disku checkdiskem z recovery console z instal. DVD Win7 (chkdsk /r).

Diky moc za pomoc, zda se, ze ted uz je cisto

J.

Nemáte zač!