Prosím o kontrolu logu DDS

Zpráva

KenobiCzech · #1 Příspěvek od **KenobiCzech** » 29 říj 2013 18:09

Prosím o kontrolu logu z DDS, log z RSIT nebylo možné provést, Hijackthis hlásil chybu a odmítl pokračovat.
PC je zpomalený, vytížení procesoru je skoro stále na 100 procentech. Předem děkuji. Martin.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.7.2
Run by KikinaJ at 18:01:27 on 2013-10-29
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1790.1099 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Facebook Update] "c:\users\kikinaj\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\icq7m\ICQ.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1 192.168.0.1
TCP: Interfaces\{8CD564AA-6760-44D1-A716-F31F3F6662B4} : DHCPNameServer = 192.168.2.1 192.168.0.1
TCP: Interfaces\{8CD564AA-6760-44D1-A716-F31F3F6662B4}\A534A575966696E4564777F627B6 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kikinaj\appdata\roaming\mozilla\firefox\profiles\rg90e3jv.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\kikinaj\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-12-19 464256]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-8-6 291840]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 107392]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-9-29 2754984]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-9-29 37944]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\finalwire\aida64 extreme edition\kerneld.x32 [2012-9-29 31128]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-6 14848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 StorSvc;Služba úložiště;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-6 49664]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-29 1343400]
.
=============== Created Last 30 ================
.
2013-10-29 17:00:54 7796464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ebd81909-5cd2-489b-8c9a-51411b615eb2}\mpengine.dll
2013-10-29 16:52:18 -------- d-----w- c:\program files\trend micro
2013-10-28 19:38:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-28 19:36:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-28 19:34:14 -------- d-----w- c:\users\kikinaj\appdata\roaming\Malwarebytes
2013-10-28 19:33:30 -------- d-----w- c:\programdata\Malwarebytes
2013-10-28 18:57:16 -------- d-----w- c:\programdata\Auslogics
2013-10-28 18:56:32 -------- d-----w- c:\program files\Auslogics
2013-10-28 18:55:30 -------- d-----w- c:\users\kikinaj\appdata\local\Programs
2013-10-28 18:53:12 -------- d-----w- c:\program files\CCleaner
2013-10-27 18:22:56 7796464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-18 18:53:51 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86586c85-a761-4fe1-af48-05695c5cb930}\gapaengine.dll
2013-10-10 18:03:11 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 18:02:39 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-10 18:02:39 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-10 18:02:39 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-10 18:01:52 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-10-10 18:01:51 619520 ----a-w- c:\windows\system32\tdh.dll
2013-10-10 18:01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-10 18:01:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-10 18:01:51 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-10-10 18:01:15 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-10 18:00:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-10 18:00:07 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-10 17:59:37 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 17:59:09 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-10 17:59:09 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 17:58:38 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 17:58:38 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 17:58:38 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 17:58:38 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 17:58:38 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 17:58:38 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-10 17:58:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-10 17:58:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 17:58:04 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 17:58:04 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 17:58:03 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 17:58:03 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 17:56:20 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 17:51:00 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:50:38 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 17:50:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-10 17:50:18 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-10 17:50:17 231424 ----a-w- c:\windows\system32\mswsock.dll
.
==================== Find3M ====================
.
2013-10-10 17:57:22 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-10 17:57:21 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-10 17:57:19 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-10 17:57:19 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-10 17:57:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-10 17:57:18 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-09 11:21:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 11:21:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 18:03:56,65 ===============

#2 Příspěvek od **Rudy** » 29 říj 2013 18:58

Zdravím!
Na zkoušku vypněte aut. aktualizace oper. systému a vyzkoušejte, zda zátěž poklesne.

KenobiCzech · #3 Příspěvek od **KenobiCzech** » 29 říj 2013 19:36

Také dodatečně zdravím, ve spěchu jsem zapoměl

Aktualizace jsem vypnul. PC restartoval, 4 minuty než se objevila plocha a dalších 10 minut než klesla zátěž na nulu. Přikládám screen.
Poté při jakékoliv aktivitě zátěž opět naskočila. Včera jsem projel Malwarebytes antimalware a nenašel nic. Defragmentace provedena programem Auslogics defrag.
O zprovoznění notebooku mě poprosila manželky kamarádka. Brutálně se jí přehříval a jednou za chvíli zhasla obrazovka, za chvíli opět naskočila. Rozebral jsem zadní kryt a odstranil chuchvalce prachu. Nyní se PC nepřehřívá a obrazovka nečerná. Netuším, zda náhodou nemůže být nějakým způsobem poznamenaný přehřívaný procesor raději píši vše co vím. V NTB byl nainstalovaný Microsoft Security Essentials a Advanced System Care. Advanced System Care jsem deaktivoval a nechal zatím jen Microsoft Security.
Kopírování souborů z disku C na D je nemožné, zátěž vylítne na 100 procent a 800MB soubor hlásí 15 minut.

Obrázek

#4 Příspěvek od **Rudy** » 29 říj 2013 19:47

ASC doporučuji rovnou odinstalovat. Ten program vidí problémy tam, kde nejsou a uživatel si jím snadno poškodí systém. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

KenobiCzech · #5 Příspěvek od **KenobiCzech** » 29 říj 2013 20:51

Zde je log z Combfix:

ComboFix 13-10-29.02 - KikinaJ 29.10.2013 20:14:55.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1790.1081 [GMT 1:00]
Spuštěný z: c:\users\KikinaJ\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-28 do 2013-10-29 )))))))))))))))))))))))))))))))
.
.
2013-10-29 17:00 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBD81909-5CD2-489B-8C9A-51411B615EB2}\mpengine.dll
2013-10-29 16:52 . 2013-10-29 16:55 -------- d-----w- c:\program files\trend micro
2013-10-29 16:52 . 2013-10-29 16:52 -------- d-----w- C:\rsit
2013-10-28 19:38 . 2013-10-28 20:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-28 19:36 . 2013-10-29 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-28 19:34 . 2013-10-28 19:34 -------- d-----w- c:\users\KikinaJ\AppData\Roaming\Malwarebytes
2013-10-28 19:33 . 2013-10-28 19:33 -------- d-----w- c:\programdata\Malwarebytes
2013-10-28 18:57 . 2013-10-28 18:57 -------- d-----w- c:\programdata\Auslogics
2013-10-28 18:56 . 2013-10-28 18:56 -------- d-----w- c:\program files\Auslogics
2013-10-28 18:55 . 2013-10-28 18:55 -------- d-----w- c:\users\KikinaJ\AppData\Local\Programs
2013-10-28 18:53 . 2013-10-28 18:53 -------- d-----w- c:\program files\CCleaner
2013-10-27 18:22 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 18:53 . 2013-10-18 18:53 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86586C85-A761-4FE1-AF48-05695C5CB930}\gapaengine.dll
2013-10-15 20:56 . 2013-10-15 20:56 -------- d-----w- c:\users\Guest\AppData\Roaming\IObit
2013-10-10 18:03 . 2013-10-10 18:03 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 18:02 . 2013-10-10 18:02 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-10 18:02 . 2013-10-10 18:02 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-10 18:01 . 2013-10-10 18:01 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-10-10 18:00 . 2013-10-10 18:00 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-10 18:00 . 2013-10-10 18:00 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-10 17:59 . 2013-10-10 17:59 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 17:59 . 2013-10-10 17:59 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-10 17:59 . 2013-10-10 17:59 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 17:58 . 2013-10-10 17:58 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 17:58 . 2013-10-10 17:58 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 17:58 . 2013-10-10 17:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 17:58 . 2013-10-10 17:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 17:58 . 2013-10-10 17:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 17:58 . 2013-10-10 17:58 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-10 17:58 . 2013-10-10 17:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-10 17:58 . 2013-10-10 17:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 17:58 . 2013-10-10 17:58 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 17:58 . 2013-10-10 17:58 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 17:58 . 2013-10-10 17:58 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 17:58 . 2013-10-10 17:58 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 17:56 . 2013-10-10 17:56 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 17:50 . 2013-10-10 17:50 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-10 17:50 . 2013-10-10 17:50 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 18:02 . 2013-10-10 18:02 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-10 18:01 . 2013-10-10 18:01 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-10-10 18:01 . 2013-10-10 18:01 619520 ----a-w- c:\windows\system32\tdh.dll
2013-10-10 18:01 . 2013-10-10 18:01 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-10 18:01 . 2013-10-10 18:01 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-10 18:01 . 2013-10-10 18:01 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-10 17:57 . 2013-10-10 17:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-10 17:57 . 2013-10-10 17:57 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-10 17:57 . 2013-10-10 17:57 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-10 17:51 . 2013-10-10 17:51 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:50 . 2013-10-10 17:50 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 17:50 . 2013-10-10 17:50 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-09 11:21 . 2012-09-29 16:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 11:21 . 2012-09-29 16:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-06 09:34 . 2012-10-05 13:54 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-05 01:56 . 2013-09-12 06:08 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50 . 2013-09-12 06:08 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-12 06:08 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-12 06:08 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-12 06:08 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-12 06:08 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\KikinaJ\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-21 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-09-29 17:38 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:34 17416880 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [2012-08-21 31128]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-06 14848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-01-06 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-29 1343400]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 291840]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 11:21]
.
2013-10-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2305950952-1423977376-1709416096-1000Core.job
- c:\users\KikinaJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 17:53]
.
2013-10-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2305950952-1423977376-1709416096-1000UA.job
- c:\users\KikinaJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 17:53]
.
.
------- Doplňkový sken -------
.
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.0.1
FF - ProfilePath - c:\users\KikinaJ\AppData\Roaming\Mozilla\Firefox\Profiles\rg90e3jv.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:52,10,2e,bb,05,45,ce,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
.
**************************************************************************
.
Celkový čas: 2013-10-29 20:45:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-29 19:45
.
Před spuštěním: Volných bajtů: 10 104 938 496
Po spuštění: 9 995 706 368
.
- - End Of File - - D004D0E9677B5711EB1D84A8D7634579
A36C5E4F47E84449FF07ED3517B43A31

#6 Příspěvek od **Rudy** » 29 říj 2013 21:47

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\users\KikinaJ\AppData\Local\Facebook\Update
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2305950952-1423977376-1709416096-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2305950952-1423977376-1709416096-1000UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix na pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

KenobiCzech · #7 Příspěvek od **KenobiCzech** » 29 říj 2013 22:34

Přikládám log, NTB je zatím v chování stejný.

ComboFix 13-10-29.02 - KikinaJ 29.10.2013 21:59:02.2.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1790.1029 [GMT 1:00]
Spuštěný z: c:\users\KikinaJ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\KikinaJ\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\KikinaJ\AppData\Local\Facebook\Update"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2305950952-1423977376-1709416096-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2305950952-1423977376-1709416096-1000UA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-28 do 2013-10-29 )))))))))))))))))))))))))))))))
.
.
2013-10-29 21:11 . 2013-10-29 21:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-10-29 21:11 . 2013-10-29 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-29 17:00 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBD81909-5CD2-489B-8C9A-51411B615EB2}\mpengine.dll
2013-10-29 16:52 . 2013-10-29 16:55 -------- d-----w- c:\program files\trend micro
2013-10-29 16:52 . 2013-10-29 16:52 -------- d-----w- C:\rsit
2013-10-28 19:38 . 2013-10-28 20:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-28 19:36 . 2013-10-29 16:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-28 19:34 . 2013-10-28 19:34 -------- d-----w- c:\users\KikinaJ\AppData\Roaming\Malwarebytes
2013-10-28 19:33 . 2013-10-28 19:33 -------- d-----w- c:\programdata\Malwarebytes
2013-10-28 18:57 . 2013-10-28 18:57 -------- d-----w- c:\programdata\Auslogics
2013-10-28 18:56 . 2013-10-28 18:56 -------- d-----w- c:\program files\Auslogics
2013-10-28 18:55 . 2013-10-28 18:55 -------- d-----w- c:\users\KikinaJ\AppData\Local\Programs
2013-10-28 18:53 . 2013-10-28 18:53 -------- d-----w- c:\program files\CCleaner
2013-10-27 18:22 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 18:53 . 2013-10-18 18:53 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86586C85-A761-4FE1-AF48-05695C5CB930}\gapaengine.dll
2013-10-15 20:56 . 2013-10-15 20:56 -------- d-----w- c:\users\Guest\AppData\Roaming\IObit
2013-10-10 18:03 . 2013-10-10 18:03 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 18:02 . 2013-10-10 18:02 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-10 18:02 . 2013-10-10 18:02 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-10 18:01 . 2013-10-10 18:01 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-10-10 18:00 . 2013-10-10 18:00 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-10 18:00 . 2013-10-10 18:00 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-10 17:59 . 2013-10-10 17:59 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 17:59 . 2013-10-10 17:59 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-10 17:59 . 2013-10-10 17:59 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 17:58 . 2013-10-10 17:58 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 17:58 . 2013-10-10 17:58 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 17:58 . 2013-10-10 17:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 17:58 . 2013-10-10 17:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 17:58 . 2013-10-10 17:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 17:58 . 2013-10-10 17:58 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-10 17:58 . 2013-10-10 17:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-10 17:58 . 2013-10-10 17:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 17:58 . 2013-10-10 17:58 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 17:58 . 2013-10-10 17:58 10240 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 17:58 . 2013-10-10 17:58 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 17:57 . 2013-10-10 17:57 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-10-10 17:57 . 2013-10-10 17:57 236032 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-10-10 17:57 . 2013-10-10 17:57 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-10 17:57 . 2013-10-10 17:57 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-10 17:57 . 2013-10-10 17:57 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-10 17:57 . 2013-10-10 17:57 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-10-10 17:56 . 2013-10-10 17:56 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 17:50 . 2013-10-10 17:50 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-10 17:50 . 2013-10-10 17:50 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 18:02 . 2013-10-10 18:02 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-10 18:01 . 2013-10-10 18:01 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-10-10 18:01 . 2013-10-10 18:01 619520 ----a-w- c:\windows\system32\tdh.dll
2013-10-10 18:01 . 2013-10-10 18:01 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-10 18:01 . 2013-10-10 18:01 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-10 18:01 . 2013-10-10 18:01 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-10 17:58 . 2013-10-10 17:58 26112 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 17:57 . 2013-10-10 17:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-10 17:57 . 2013-10-10 17:57 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-10 17:57 . 2013-10-10 17:57 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-10 17:57 . 2013-10-10 17:57 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-10 17:57 . 2013-10-10 17:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-10 17:57 . 2013-10-10 17:57 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-10 17:51 . 2013-10-10 17:51 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:50 . 2013-10-10 17:50 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 17:50 . 2013-10-10 17:50 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-09 11:21 . 2012-09-29 16:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 11:21 . 2012-09-29 16:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-06 09:34 . 2012-10-05 13:54 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-05 01:56 . 2013-09-12 06:08 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50 . 2013-09-12 06:08 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-12 06:08 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-12 06:08 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-12 06:08 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-12 06:08 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-09-29 17:38 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:34 17416880 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [2012-08-21 31128]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-06 14848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-01-06 49664]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-29 1343400]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 291840]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 11:21]
.
2013-10-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2305950952-1423977376-1709416096-1000Core.job
- c:\users\KikinaJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 17:53]
.
2013-10-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2305950952-1423977376-1709416096-1000UA.job
- c:\users\KikinaJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 17:53]
.
.
------- Doplňkový sken -------
.
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.0.1
FF - ProfilePath - c:\users\KikinaJ\AppData\Roaming\Mozilla\Firefox\Profiles\rg90e3jv.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Celkový čas: 2013-10-29 22:28:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-29 21:28
ComboFix2.txt 2013-10-29 19:45
.
Před spuštěním: 9 902 981 120
Po spuštění: 9 858 519 040
.
- - End Of File - - 0D01172BB7205710ADC91A06E6CB443C
A36C5E4F47E84449FF07ED3517B43A31

#8 Příspěvek od **Rudy** » 29 říj 2013 22:52

Log je již OK. CF odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe.

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

KenobiCzech · #9 Příspěvek od **KenobiCzech** » 29 říj 2013 23:19

Bohužel RSIT nefunguje, stejně jako na začátku, mám použít jiný scanner?

Obrázek

#10 Příspěvek od **Rudy** » 30 říj 2013 12:14

Pokud jste provedl operaci s OTM, není třeba. PC by již měl být čistý. Šlo pouze o likvidaci zbytečností.

KenobiCzech · #11 Příspěvek od **KenobiCzech** » 30 říj 2013 12:43

Operaci s OTM jsem provedl. Jelikož PC se chová v podstatě stále stejně jako se choval před čištěním, tzn. je zpomalený a procesor vytížený skoro na maximum, zkusím přeinstalovat celý systém znovu, snad to pomůže.
Děkuji moc za Váš čas, vlákno prosím zamkněte. Mějte se fajn, s pozdravem Martin.

#12 Příspěvek od **Rudy** » 30 říj 2013 12:47

Na zkoušku vypněte aut. aktualizace oper. systému a zkontrolujte, zda se stav změnil.

KenobiCzech · #13 Příspěvek od **KenobiCzech** » 30 říj 2013 13:27

Ty už jsem vypínal hned na začátku čištění a beze změny

http://forum.viry.cz/viewtopic.php?f=13 ... 8#p1265368

#14 Příspěvek od **Rudy** » 30 říj 2013 13:30

Otevřte správce úloh a zjistěte, který proces systém nejvíc zatěžuje.

KenobiCzech · #15 Příspěvek od **KenobiCzech** » 30 říj 2013 13:51

Ten NTB nemám zrovna po ruce, až odpoledne, ale když jsem na to včera koukal, tak to bylo jak na pouti. Lítalo to od Taskmgr.exe přes explorer.exe. Nebyla to jen jedna úloha ale více a různě po 10-30 procentech a ve výsledku to dalo 90-100 procent zatížení. Jestli Vás ještě neco napadne, co bych mohl vyzkoušet az se dostanu domů, budu rád. Děkuji.

VIRY.CZ

Prosím o kontrolu logu DDS

Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS

Re: Prosím o kontrolu logu DDS