VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

services.exe

https://forum.viry.cz:443/viewtopic.php?t=134803

Stránka 1 z 1

services.exe

Napsal: 18 pro 2013 19:58
od Quido
Jsem tu nový, prosím o trpělivost.

Téměř okamžitě po spuštění Windows naskočí hláška:
Probíhá vypnutí systému. Vypnutí vyvolal NT AUTHORITY\SYSTEM.
čas do vypnutí: 1':00''
Systémový proces C:\WINDOWS\system32\services.exe neočekávaně skončil se stavovým kódem. Systém bude ukončen a restartován.

Na 0:00:01 se to zasekne a nic. Pokud počítač restartuju natvrdo, udělá to znovu. Funguje pouze nouzový režim, MS-DOS apod. Jen Windows nejede v normálním režimu. Zkoušel jsem nástroj pro Obnovení systému o 2 dny dozadu. Nic. Prosím o radu.

Quido




Edit: RSIT log


Logfile of random's system information tool 1.06 (written by random/random)
Run by uzivatel at 2013-12-18 20:19:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 9 GB (11%) free of 80 GB
Total RAM: 1015 MB (49% free)

HijackThis download failed

======Scheduled tasks folder======

D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
D:\WINDOWS\tasks\Adobe Flash Player Updater.job
D:\WINDOWS\tasks\ASC6_PerformanceMonitor.job
D:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
D:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1960408961-725345543-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1960408961-725345543-1003UA.job
D:\WINDOWS\tasks\ParetoLogic Registration.job
D:\WINDOWS\tasks\ParetoLogic Update Version2.job
D:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
IObit Apps Toolbar - D:\Program Files\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll [2013-12-13 1398080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}]
Bitdefender Wallet - D:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2013-12-16 151256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - D:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre7\bin\ssv.dll [2012-09-25 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-25 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0181C6E-9218-4792-9F3C-E8DF52B2F1AC}]
GretechBHO Class - D:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll [2011-12-14 1184888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - IObit Apps Toolbar - D:\Program Files\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll [2013-12-13 1398080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-04-20 142104]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-04-20 162584]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2007-04-20 138008]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Syslog"= []
"pdfSaver3"= []
"HPUsageTracking"=D:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe [2006-06-09 36864]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
"Bdagent"=D:\Program Files\Bitdefender\Bitdefender\bdagent.exe [2013-12-16 1834240]
""= []
"SearchSettings"=D:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2013-12-13 1383232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=D:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-06-12 136176]
"Bitdefender Wallet Agent"=D:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [2013-12-16 477736]
"Bitdefender Wallet Application Agent"=D:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [2013-12-16 612696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
D:\Program Files\Gameforge4D\4Story_CZ\PrePatch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
D:\Program Files\Common Files\soft602\pdfSaver.exe [2005-08-31 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
D:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe /AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
D:\Program Files\Ask.com\Updater\Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
D:\Documents and Settings\uzivatel\Data aplikací\Seznam.cz\szninstall.exe [2012-09-13 1009288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
D:\Documents and Settings\uzivatel\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-01-22 92152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
D:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
D:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-06-12 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
D:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
c:\Program Files\PDF\pdfSaver\pdfSaver3.exe [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Screenpresso]
D:\Documents and Settings\uzivatel\Local Settings\Data aplikací\LearnPulse\Screenpresso\Screenpresso.exe [2012-09-27 7864872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
D:\Program Files\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
D:\Program Files\AVG Secure Search\vprot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
D:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
D:\PROGRA~1\MCAFEE~1\309042~1.318\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\WINDOWS\system32\sessmgr.exe"="D:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Program Files\TightVNC\WinVNC.exe"="D:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"D:\TYPSoft FTP Server\ftpserv.exe"="D:\TYPSoft FTP Server\ftpserv.exe:*:Enabled:TYPSoft FTP Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll"="D:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"D:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="D:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"D:\Program Files\totalcmd\TOTALCMD.EXE"="D:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"D:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="D:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"D:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="D:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Documents and Settings\uzivatel\Plocha\Jozka\ICQ7.4\ICQ.exe"="D:\Documents and Settings\uzivatel\Plocha\Jozka\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======List of files/folders created in the last 1 months======

2013-12-18 20:19:54 ----D---- D:\Program Files\trend micro
2013-12-18 20:19:53 ----D---- D:\rsit
2013-12-18 19:13:20 ----A---- D:\services.exe
2013-12-17 18:39:08 ----D---- D:\Documents and Settings\uzivatel\Data aplikací\Search Settings
2013-12-17 18:39:01 ----D---- D:\Program Files\Application Updater
2013-12-17 18:39:00 ----D---- D:\Program Files\IObit Apps Toolbar
2013-12-17 18:38:53 ----SHD---- D:\Config.Msi
2013-12-16 21:10:37 ----HDC---- D:\WINDOWS\$NtUninstallKB2808679$
2013-12-16 20:57:58 ----D---- D:\Program Files\Microsoft.NET
2013-12-16 20:56:48 ----HDC---- D:\WINDOWS\$NtUninstallKB2492386$
2013-12-16 20:55:20 ----HDC---- D:\WINDOWS\$NtUninstallXPSEPSCLP$
2013-12-16 20:53:47 ----HDC---- D:\WINDOWS\$NtUninstallbasecsp$
2013-12-16 20:48:53 ----D---- D:\WINDOWS\system32\URTTEMP
2013-12-16 19:31:26 ----N---- D:\WINDOWS\system32\spmsgXP_2k3.dll
2013-12-16 19:31:20 ----HDC---- D:\WINDOWS\$NtUninstallWdf01009$
2013-12-16 19:31:14 ----A---- D:\WINDOWS\system32\WdfCoInstaller01009.dll
2013-12-16 19:30:31 ----D---- D:\Documents and Settings\All Users\Data aplikací\BDLogging
2013-12-16 19:29:30 ----A---- D:\WINDOWS\system32\bdsandboxuiskin.dll
2013-12-16 19:29:30 ----A---- D:\WINDOWS\capicom.dll
2013-12-16 19:29:29 ----A---- D:\WINDOWS\system32\bdsandboxuh.dll
2013-12-16 19:24:02 ----D---- D:\Documents and Settings\uzivatel\Data aplikací\Bitdefender
2013-12-16 19:21:46 ----D---- D:\Documents and Settings\uzivatel\Data aplikací\QuickScan
2013-12-16 19:00:19 ----D---- D:\Documents and Settings\All Users\Data aplikací\Bitdefender
2013-12-16 19:00:14 ----D---- D:\Program Files\Bitdefender
2013-12-16 18:57:05 ----D---- D:\Program Files\Common Files\Bitdefender
2013-12-12 03:59:03 ----D---- D:\Program Files\Mozilla Thunderbird
2013-12-11 22:37:25 ----HDC---- D:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 22:37:15 ----HDC---- D:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 22:34:28 ----HDC---- D:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 22:34:21 ----HDC---- D:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 22:34:11 ----HDC---- D:\WINDOWS\$NtUninstallKB2892075$

======List of files/folders modified in the last 1 months======

2013-12-18 20:19:54 ----RD---- D:\Program Files
2013-12-18 20:08:54 ----D---- D:\WINDOWS\system32
2013-12-18 20:00:20 ----D---- D:\Program Files\The KMPlayer
2013-12-18 20:00:20 ----A---- D:\WINDOWS\ntbtlog.txt
2013-12-18 19:14:19 ----A---- D:\WINDOWS\system32\services.exe
2013-12-18 19:07:28 ----D---- D:\WINDOWS\Temp
2013-12-18 18:58:41 ----D---- D:\WINDOWS\system32\config
2013-12-18 18:57:28 ----D---- D:\WINDOWS\system32\wbem
2013-12-18 18:57:21 ----D---- D:\WINDOWS\Registration
2013-12-18 18:45:38 ----D---- D:\WINDOWS\WinSxS
2013-12-18 18:40:33 ----D---- D:\WINDOWS\system32\Restore
2013-12-18 18:23:40 ----D---- D:\WINDOWS\Prefetch
2013-12-18 06:04:42 ----A---- D:\WINDOWS\SchedLgU.Txt
2013-12-18 06:04:10 ----RSD---- D:\WINDOWS\assembly
2013-12-18 06:03:27 ----D---- D:\WINDOWS\Microsoft.NET
2013-12-18 05:50:35 ----SHD---- D:\WINDOWS\Installer
2013-12-18 03:41:20 ----D---- D:\WINDOWS
2013-12-17 18:39:00 ----D---- D:\Program Files\Common Files\Spigot
2013-12-17 14:51:53 ----D---- D:\Program Files\Google
2013-12-16 21:21:45 ----D---- D:\WINDOWS\system32\CatRoot2
2013-12-16 21:10:56 ----HD---- D:\WINDOWS\inf
2013-12-16 21:10:45 ----RSHDC---- D:\WINDOWS\system32\dllcache
2013-12-16 21:09:28 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2013-12-16 21:05:23 ----D---- D:\WINDOWS\system32\cs-cz
2013-12-16 20:59:58 ----D---- D:\WINDOWS\security
2013-12-16 20:58:06 ----D---- D:\WINDOWS\system32\en-us
2013-12-16 20:57:14 ----A---- D:\WINDOWS\imsins.BAK
2013-12-16 20:57:05 ----D---- D:\WINDOWS\ie8updates
2013-12-16 20:56:59 ----HD---- D:\WINDOWS\$hf_mig$
2013-12-16 20:56:51 ----D---- D:\WINDOWS\AppPatch
2013-12-16 20:54:58 ----D---- D:\WINDOWS\system32\XPSViewer
2013-12-16 20:52:38 ----D---- D:\WINDOWS\system32\mui
2013-12-16 20:28:59 ----A---- D:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-16 19:31:55 ----D---- D:\WINDOWS\system32\drivers
2013-12-16 18:58:20 ----D---- D:\Program Files\Spybot - Search & Destroy
2013-12-16 18:58:19 ----D---- D:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-12-16 18:57:05 ----D---- D:\Program Files\Common Files
2013-12-14 13:56:24 ----SD---- D:\WINDOWS\Tasks
2013-12-14 13:55:39 ----D---- D:\Program Files\Poklady ostrova zahad
2013-12-14 13:31:09 ----D---- D:\Documents and Settings\All Users\Data aplikací\Norton
2013-12-14 13:31:04 ----D---- D:\Program Files\Common Files\Symantec Shared
2013-12-14 13:02:10 ----D---- D:\Program Files\Mozilla Maintenance Service
2013-12-11 22:37:58 ----D---- D:\Program Files\Internet Explorer
2013-12-11 22:37:11 ----D---- D:\WINDOWS\system32\MRT
2013-12-11 22:34:39 ----A---- D:\WINDOWS\system32\MRT.exe
2013-12-09 20:39:47 ----D---- D:\WINDOWS\system32\cache
2013-11-19 22:20:03 ----D---- D:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\D:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R3 avchv;avchv Function Driver; D:\WINDOWS\system32\DRIVERS\avchv.sys [2012-11-02 242504]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; \??\D:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 bdselfpr;bdselfpr; \??\D:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys []
S1 BDVEDISK;BDVEDISK; D:\WINDOWS\system32\DRIVERS\bdvedisk.sys [2012-04-17 72704]
S1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\D:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys []
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); D:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); D:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 avckf;avckf; D:\WINDOWS\system32\DRIVERS\avckf.sys [2013-07-19 490144]
S3 BDSandBox;BDSandBox; \??\D:\WINDOWS\system32\drivers\bdsandbox.sys []
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dfmirage;dfmirage; D:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
S3 EagleXNt;EagleXNt; \??\D:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 EraserUtilDrvI13;EraserUtilDrvI13; \??\D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pfc;Padus ASPI Shell; D:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; D:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; D:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Application Updater;Application Updater; D:\Program Files\Application Updater\ApplicationUpdater.exe [2013-12-13 807800]
S2 CCALib8;Canon Camera Access Library 8; D:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1ca8be424b68c2;Služba Google Update (gupdate1ca8be424b68c2); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-02 133104]
S2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre7\bin\jqs.exe [2012-09-24 161768]
S2 NMSAccessU;NMSAccessU; D:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048]
S2 SafeBox;SafeBox; D:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2013-07-08 81704]
S2 UPDATESRV;Bitdefender Desktop Update Service; D:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-10-07 54424]
S2 VSSERV;Bitdefender Virus Shield; D:\Program Files\Bitdefender\Bitdefender\vsserv.exe [2013-11-15 1234792]
S2 winvnc;VNC Server; D:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 257416]
S3 aspnet_state;Stavová služba ASP.NET; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-02 133104]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-18 119408]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-02-16 79360]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 BdDesktopParental;Bitdefender Desktop Parental Control; D:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-11-21 69880]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: services.exe

Napsal: 18 pro 2013 20:29
od Rudy
Zdravím!
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: services.exe

Napsal: 18 pro 2013 20:36
od Quido
Antivirus Bitdefender Total Security mi nejde v nouzovém režimu ukončit... Mám pokračovat bez toho?

Re: services.exe

Napsal: 18 pro 2013 20:42
od Rudy
Pokud nejdou vypnout ani ve správci úloh, pokračujte i se zapnutým.

Re: services.exe

Napsal: 18 pro 2013 20:44
od Quido
Mám nainstalovat "konzolu pro zotavení"?

(Raději se na vše zeptám, nechci nic zworat ;) )

Re: services.exe

Napsal: 18 pro 2013 21:17
od Quido
Tak nic, instaluju, dam log a asi jdu spat dnes tu už nikdo nic nenapiše jak vidim... :closed:

Re: services.exe

Napsal: 18 pro 2013 21:46
od Quido
Doufám, že se to sem vlezlo všecko :offtopic:




ComboFix 13-12-18.01 - uzivatel 18.12.2013 21:19:35.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.556 [GMT 1:00]
Spuštěný z: d:\documents and settings\uzivatel\Plocha\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\uzivatel\System
d:\documents and settings\uzivatel\System\win_qs8.jqx
D:\services.exe
d:\windows\COM+.log
d:\windows\msmqinst.log
d:\windows\system32\Cache
d:\windows\system32\Cache\26c630d098e22dd5.fb
d:\windows\system32\Cache\26d684dc0401c041.fb
d:\windows\system32\Cache\272512937d9e61a4.fb
d:\windows\system32\Cache\287204568329e189.fb
d:\windows\system32\Cache\28bc8f716fd76a47.fb
d:\windows\system32\Cache\2c53092c95605355.fb
d:\windows\system32\Cache\31a0997e9a5b5eb3.fb
d:\windows\system32\Cache\32c84fe32bb74d60.fb
d:\windows\system32\Cache\3917078cb68ec657.fb
d:\windows\system32\Cache\4546ad968c821b0a.fb
d:\windows\system32\Cache\4e7acd39147829ed.fb
d:\windows\system32\Cache\51502d3ad41a05db.fb
d:\windows\system32\Cache\590ba23ce359fd0c.fb
d:\windows\system32\Cache\59f9a9f7552ec772.fb
d:\windows\system32\Cache\5e528a5b44af5476.fb
d:\windows\system32\Cache\610289e025a3ee9a.fb
d:\windows\system32\Cache\61b902ccf685818f.fb
d:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
d:\windows\system32\Cache\688a124168a3390f.fb
d:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
d:\windows\system32\Cache\6d03dad1035885d3.fb
d:\windows\system32\Cache\8ebe2067a5da8a07.fb
d:\windows\system32\Cache\95f567698be8a182.fb
d:\windows\system32\Cache\9635a444ad10d698.fb
d:\windows\system32\Cache\9cb4a20e1754a72c.fb
d:\windows\system32\Cache\a8556537add6dfc5.fb
d:\windows\system32\Cache\ad10a52aff5e038d.fb
d:\windows\system32\Cache\befaec75ccda6c02.fb
d:\windows\system32\Cache\c1fa887b03019701.fb
d:\windows\system32\Cache\c4d28dca2e7648be.fb
d:\windows\system32\Cache\d201ef9910cd39de.fb
d:\windows\system32\Cache\d2e94710a5708128.fb
d:\windows\system32\Cache\d79b9dfe81484ec4.fb
d:\windows\system32\Cache\e8cb240cd1e7d585.fb
d:\windows\system32\Cache\ebf8d719fa1acbc2.fb
d:\windows\system32\Cache\f998975c9cc711ee.fb
d:\windows\system32\PowerToyReadme.htm
d:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-18 do 2013-12-18 )))))))))))))))))))))))))))))))
.
.
2013-12-18 19:19 . 2013-12-18 19:19 -------- d-----w- d:\program files\trend micro
2013-12-18 19:19 . 2013-12-18 19:19 -------- d-----w- D:\rsit
2013-12-18 17:57 . 2013-12-18 17:57 -------- d-----w- d:\windows\system32\wbem\Repository
2013-12-17 17:39 . 2013-12-17 17:39 -------- d-----w- d:\documents and settings\uzivatel\Data aplikací\Search Settings
2013-12-17 17:39 . 2013-12-17 17:39 -------- d-----w- d:\program files\Application Updater
2013-12-17 17:39 . 2013-12-17 17:39 -------- d-----w- d:\program files\IObit Apps Toolbar
2013-12-16 20:18 . 2013-12-16 20:18 -------- d-----w- d:\documents and settings\uzivatel\Local Settings\Data aplikací\ApplicationHistory
2013-12-16 20:18 . 2013-12-16 20:18 -------- d-----w- d:\windows\system32\config\systemprofile\Data aplikací\Bitdefender
2013-12-16 18:29 . 2012-04-17 12:40 72704 ----a-w- d:\windows\system32\drivers\bdvedisk.sys
2013-12-16 18:29 . 2013-02-22 17:46 116560 ----a-w- d:\windows\system32\drivers\bdfndisf.sys
2013-12-16 18:29 . 2013-11-04 14:47 66832 ----a-w- d:\windows\system32\drivers\bdsandbox.sys
2013-12-16 18:29 . 2013-11-04 14:47 74512 ----a-w- d:\windows\system32\bdsandboxuiskin.dll
2013-12-16 18:29 . 2007-04-11 09:11 511328 ----a-w- d:\windows\capicom.dll
2013-12-16 18:29 . 2013-11-04 14:46 27168 ----a-w- d:\windows\system32\bdsandboxuh.dll
2013-12-16 18:28 . 2013-07-19 16:06 490144 ----a-w- d:\windows\system32\drivers\avckf.sys
2013-12-16 18:28 . 2012-11-02 12:17 242504 ----a-w- d:\windows\system32\drivers\avchv.sys
2013-12-16 18:28 . 2013-07-19 16:03 640560 ----a-w- d:\windows\system32\drivers\avc3.sys
2013-12-16 18:24 . 2013-12-16 20:18 -------- d-----w- d:\documents and settings\uzivatel\Data aplikací\Bitdefender
2013-12-16 18:21 . 2013-12-16 18:21 -------- d-----w- d:\documents and settings\uzivatel\Data aplikací\QuickScan
2013-12-16 18:00 . 2013-12-16 19:02 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Bitdefender
2013-12-16 18:00 . 2013-08-23 11:48 165744 ----a-w- d:\windows\system32\drivers\gzflt.sys
2013-12-16 18:00 . 2013-12-16 18:23 -------- d-----w- d:\program files\Bitdefender
2013-12-16 18:00 . 2013-08-07 11:46 360376 ----a-w- d:\windows\system32\drivers\trufos.sys
2013-12-16 17:57 . 2013-12-16 18:00 -------- d-----w- d:\program files\Common Files\Bitdefender
2013-12-12 02:59 . 2013-12-12 18:38 -------- d-----w- d:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 18:14 . 1980-01-01 00:00 111104 ----a-w- d:\windows\system32\services.exe
2013-12-16 19:28 . 2012-12-27 17:55 71048 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-16 19:28 . 2012-12-27 17:55 692616 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2013-11-13 03:00 . 1980-01-01 00:00 150528 ----a-w- d:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 1980-01-01 00:00 591360 ----a-w- d:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 05:25 7168 ----a-w- d:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 1980-01-01 00:00 1879040 ----a-w- d:\windows\system32\win32k.sys
2013-10-29 07:45 . 1980-01-01 00:00 920064 ----a-w- d:\windows\system32\wininet.dll
2013-10-29 07:45 . 1980-01-01 00:00 43520 ------w- d:\windows\system32\licmgr10.dll
2013-10-29 07:45 . 1980-01-01 00:00 18944 ----a-w- d:\windows\system32\corpol.dll
2013-10-29 07:45 . 1980-01-01 00:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 1980-01-01 00:00 385024 ------w- d:\windows\system32\html.iec
2013-10-23 23:45 . 1980-01-01 00:00 172032 ----a-w- d:\windows\system32\scrrun.dll
2013-10-12 15:57 . 1980-01-01 00:00 279552 ----a-w- d:\windows\system32\oakley.dll
2013-10-09 13:13 . 1980-01-01 00:00 287744 ----a-w- d:\windows\system32\gdi32.dll
2013-10-07 11:00 . 1980-01-01 00:00 606208 ----a-w- d:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "d:\program files\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll" [2013-12-13 1398080]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2013-12-13 10:35 1398080 ----a-w- d:\program files\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "d:\program files\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE.dll" [2013-12-13 1398080]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 13:58 179560 ----a-w- d:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 13:58 179560 ----a-w- d:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 13:58 179560 ----a-w- d:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 13:58 179560 ----a-w- d:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="d:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-16 477736]
"Bitdefender Wallet Application Agent"="d:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-16 612696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="d:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"HPUsageTracking"="d:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2006-06-09 36864]
"Bdagent"="d:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-12-16 1834240]
"SearchSettings"="d:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-12-13 1383232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Bitdefender Wallet Agent"="d:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-16 477736]
"Bitdefender Wallet"="d:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-12-16 898512]
"Bitdefender Wallet Application Agent"="d:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-16 612696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=d:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
2005-08-31 15:00 49152 ----a-w- d:\program files\Common Files\soft602\pdfSaver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
2012-09-13 13:24 1009288 ----a-w- d:\documents and settings\uzivatel\Data aplikací\Seznam.cz\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
2013-01-22 12:54 92152 ----a-w- d:\documents and settings\uzivatel\Data aplikací\Seznam.cz\bin\wszndesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- d:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-12 09:24 136176 ----atw- d:\documents and settings\uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- d:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
2004-05-19 13:29 385024 ----a-w- c:\program files\PDF\pdfSaver\pdfSaver3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Screenpresso]
2012-09-27 22:35 7864872 ----a-w- d:\documents and settings\uzivatel\Local Settings\Data aplikací\LearnPulse\Screenpresso\Screenpresso.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2012-09-13 13:24 1009288 ----a-w- d:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2007-05-07 18:28 589824 ----a-w- d:\program files\TightVNC\WinVNC.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\TightVNC\\WinVNC.exe"=
"d:\\TYPSoft FTP Server\\ftpserv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Documents and Settings\\uzivatel\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\uzivatel\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:TightVNC
"57065:TCP"= 57065:TCP:Pando Media Booster
"57065:UDP"= 57065:UDP:Pando Media Booster
.
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [9.10.2009 19:33 691696]
R3 avchv;avchv Function Driver;d:\windows\system32\drivers\avchv.sys [16.12.2013 19:28 242504]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;d:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [16.12.2013 19:29 116560]
S0 avc3;avc3;d:\windows\system32\drivers\avc3.sys [16.12.2013 19:28 640560]
S0 gzflt;gzflt;d:\windows\system32\drivers\gzflt.sys [16.12.2013 19:00 165744]
S1 BDVEDISK;BDVEDISK;d:\windows\system32\drivers\bdvedisk.sys [16.12.2013 19:29 72704]
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\d:\documents and settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys --> d:\documents and settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys [?]
S2 Application Updater;Application Updater;d:\program files\Application Updater\ApplicationUpdater.exe [13.12.2013 11:31 807800]
S2 gupdate1ca8be424b68c2;Služba Google Update (gupdate1ca8be424b68c2);d:\program files\Google\Update\GoogleUpdate.exe [2.1.2010 20:44 133104]
S2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [2.2.2011 10:10 247096]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;d:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [8.1.2012 20:01 793048]
S2 SafeBox;SafeBox;d:\program files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [16.12.2013 19:29 81704]
S2 UPDATESRV;Bitdefender Desktop Update Service;d:\program files\Bitdefender\Bitdefender\updatesrv.exe [16.12.2013 19:29 54424]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);d:\windows\system32\drivers\adusbmdm65.sys [14.12.2007 23:13 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);d:\windows\system32\drivers\adusbser65.sys [14.12.2007 23:13 64896]
S3 avckf;avckf;d:\windows\system32\drivers\avckf.sys [16.12.2013 19:28 490144]
S3 BDSandBox;BDSandBox;d:\windows\system32\drivers\bdsandbox.sys [16.12.2013 19:29 66832]
S3 dfmirage;dfmirage;d:\windows\system32\drivers\dfmirage.sys [25.11.2005 17:43 31896]
S3 EagleXNt;EagleXNt;\??\d:\windows\system32\drivers\EagleXNt.sys --> d:\windows\system32\drivers\EagleXNt.sys [?]
S3 EraserUtilDrvI13;EraserUtilDrvI13;\??\d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys --> d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys [1.12.2009 14:49 34384]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;d:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [16.12.2013 19:29 69880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-08 19:42 1210320 ----a-w- d:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-18 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 19:29]
.
2013-12-17 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 19:44]
.
2013-12-18 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 19:44]
.
2013-12-17 d:\windows\Tasks\ParetoLogic Registration.job
- d:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2013-12-17 d:\windows\Tasks\ParetoLogic Update Version2.job
- d:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
2013-12-16 d:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-11-26 16:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\documents and settings\uzivatel\Plocha\Jozka\ICQ7.4\ICQ.exe
TCP: Interfaces\{F3E31A5A-9317-4D65-AAEE-681DB200BF44}: NameServer = 192.168.120.1
FF - ProfilePath - d:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\7wvxoo0l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - ExtSQL: 2013-12-16 21:53; ffpwdman@bitdefender.com; d:\program files\Bitdefender\Bitdefender\ffpwdman
FF - ExtSQL: !HIDDEN! 2009-09-03 00:15; {20a82645-c095-46ed-80e3-08825760534b}; d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: dom.disable_window_status_change - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Syslog - (no file)
HKLM-Run-pdfSaver3 - (no file)
MSConfigStartUp-4StoryPrePatch - d:\program files\Gameforge4D\4Story_CZ\PrePatch.exe
MSConfigStartUp-Advanced SystemCare 6 - d:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-ApnUpdater - d:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-vProt - d:\program files\AVG Secure Search\vprot.exe
AddRemove-UnityWebPlayer - d:\documents and settings\uzivatel\Local Settings\Data aplikací\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-18 21:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-12-18 21:38:55
ComboFix-quarantined-files.txt 2013-12-18 20:38
.
Před spuštěním: 9 218 035 712
Po spuštění: Volných bajtů: 12 793 229 312
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\="MS-DOS"
.
- - End Of File - - A1872C5F5BACECE66CEA4520A503A20D
413FC2A0C716421B3158746D63736515

Re: services.exe

Napsal: 18 pro 2013 22:01
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folders::
d:\program files\Common Files\Spigot\Search Settings
d:\program files\ICQ6Toolbar

Files::
d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
d:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=
[-HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Driver::
ICQ Service

Firefox::
FF - ProfilePath - d:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\7wvxoo0l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.2.9&q=

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::
Uložte na plochu jako CFScript.txt.Pak jej myší přetáhněte nad ikonu ComobFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: services.exe

Napsal: 18 pro 2013 22:05
od Quido
ComboFix to spravil!!! :| :arcisit:

Počítač zase jde zapnout :happy: Jen přihlašovací obrazovka je teď jiná, ale to nevadí...


V tomhle threadu klidně budu pokračovat, náš PC určitě potřebuje hodně pomoct, pročistit, poopravovat atd. Pokud budete mít nějaké tipy jak na to, poraďte. Je hrozně pomalý i s dobrými parametry. Je i dost zavirovaný (Bitdefender mi při instalaci hned našel 4 problémy a dalších 14 při 1. skenu a asi 3 při druhém xD), takže pokud Vás cokoli napadne uvítám pomoc.


Ještě jednou DÍK MOC!!!

Quido

Re: services.exe

Napsal: 18 pro 2013 22:17
od Rudy
Nemáte zač. :) Rád bych viděl log z posledního skenu CF. Najdete ho v d:\comobofix.txt.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz