Dobrý den, mám problémy se zamrzáním PC, PC mi třeba na 1 min. zamrzne a pak se zase rozjede, ve hrách klesli fps. Proto prosím o kontrolu z HJT
___________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:22, on 19.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\STEam\Steam.exe
C:\Program Files\uTorrent\utorrent.exe
c:\program files\steam\steamapps\quinterboomsta89\counter-strike\hl.exe
C:\QIP Infium JadrisPack\infium.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5160 bytes
Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Tak po instalaci MBAMu to chtělo restart. Restartoval jsem PC, spustil MBAM a aktualizoval...log je ok, akorát v karanténě mám tento soubor(nejspíš ze staršího scanu)
_____________________________________
Datum: 15.6 ** Poskytovatel: Pup.BitSpirit ** Kategorie: Registry Key ** Položky: HKEY_CURRENT_USER/Software/ByteLinker * doporučení 43642
_____________________________________
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2462
Windows 5.1.2600 Service Pack 2
19.7.2009 15:40:38
mbam-log-2009-07-19 (15-40-38).txt
Typ skenu: Rychlý sken
Objektu skenováno: 88132
Uplynulý cas: 7 minute(s), 22 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
_____________________________________
Datum: 15.6 ** Poskytovatel: Pup.BitSpirit ** Kategorie: Registry Key ** Položky: HKEY_CURRENT_USER/Software/ByteLinker * doporučení 43642
_____________________________________
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2462
Windows 5.1.2600 Service Pack 2
19.7.2009 15:40:38
mbam-log-2009-07-19 (15-40-38).txt
Typ skenu: Rychlý sken
Objektu skenováno: 88132
Uplynulý cas: 7 minute(s), 22 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Tu karanténu můžeš smazat.
Na viry to nevypadá , ještě se mrknu na log z RSIT:
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah
Jinak:
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Můžeš zkusit i defragmenantaci HDD.
Na viry to nevypadá , ještě se mrknu na log z RSIT:
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah
Jinak:
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Můžeš zkusit i defragmenantaci HDD.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Tak tady je ten log z RSIT
_______________________________
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tony at 2009-07-19 16:15:53
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (55%) free of 38 GB
Total RAM: 767 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:10, on 19.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tony\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tony.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5029 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-02 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-02 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"nwiz"=nwiz.exe /install []
"PowerStrip"=c:\program files\powerstrip\pstrip.exe [2009-03-11 738336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-03-18 337216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
C:\PROGRA~1\Xfire\Xfire.exe []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steamapps\quinterboomsta89\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\quinterboomsta89\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\DanzigPrefEngine\danzig15.exe"="C:\Program Files\DanzigPrefEngine\danzig15.exe:*:Enabled:Danzig Pref Engine"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autoplay.exe
======List of files/folders created in the last 1 months======
2009-07-19 15:26:35 ----A---- C:\WINDOWS\isRS-000.tmp
2009-07-18 14:17:17 ----D---- C:\Program Files\Teamspeak2_RC2
2009-07-18 11:58:56 ----D---- C:\Program Files\PowerStrip
2009-07-13 08:21:12 ----D---- C:\WINDOWS\nview
2009-07-11 16:29:28 ----D---- C:\Program Files\7-Zip
2009-07-11 14:32:42 ----D---- C:\QIP Infium JadrisPack
2009-07-10 17:37:02 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-07-04 21:28:23 ----SHD---- C:\RECYCLER
2009-07-04 16:05:11 ----D---- C:\Program Files\VALVe
2009-07-02 17:31:40 ----D---- C:\Documents and Settings\Tony\Data aplikací\VitySoft
2009-07-02 17:29:01 ----D---- C:\Program Files\FlashGet
2009-06-30 20:32:54 ----D---- C:\Documents and Settings\Tony\Data aplikací\TeamViewer
2009-06-30 20:32:45 ----D---- C:\Program Files\TeamViewer
2009-06-25 20:02:39 ----D---- C:\Documents and Settings\Tony\Data aplikací\Allstar
======List of files/folders modified in the last 1 months======
2009-07-19 16:15:47 ----D---- C:\WINDOWS\Prefetch
2009-07-19 15:49:03 ----D---- C:\Documents and Settings\Tony\Data aplikací\uTorrent
2009-07-19 15:39:33 ----D---- C:\Program Files\Mozilla Firefox
2009-07-19 15:30:54 ----D---- C:\WINDOWS\Temp
2009-07-19 15:29:39 ----D---- C:\WINDOWS
2009-07-19 15:29:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-19 15:28:07 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-19 15:26:30 ----D---- C:\WINDOWS\system32\drivers
2009-07-19 13:59:54 ----D---- C:\Program Files\STEam
2009-07-19 01:03:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-18 14:17:17 ----RD---- C:\Program Files
2009-07-18 11:59:06 ----AC---- C:\WINDOWS\wininit.ini
2009-07-18 11:17:52 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-16 16:14:03 ----D---- C:\Program Files\IObit
2009-07-15 18:37:20 ----SHD---- C:\System Volume Information
2009-07-15 18:37:20 ----D---- C:\WINDOWS\system32\Restore
2009-07-15 18:30:18 ----D---- C:\WINDOWS\system32
2009-07-15 18:18:08 ----SD---- C:\WINDOWS\Tasks
2009-07-15 18:17:57 ----D---- C:\Documents and Settings\Tony\Data aplikací\IObit
2009-07-15 18:07:22 ----SHD---- C:\WINDOWS\Installer
2009-07-15 18:07:19 ----SHD---- C:\Config.Msi
2009-07-15 18:07:06 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-07-15 18:02:44 ----HD---- C:\WINDOWS\inf
2009-07-15 18:02:24 ----D---- C:\Program Files\Common Files
2009-07-15 18:02:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-07-13 08:21:18 ----D---- C:\WINDOWS\Help
2009-07-13 08:21:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-12 18:09:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-07-12 17:50:51 ----D---- C:\Downloads
2009-07-11 19:56:31 ----D---- C:\Program Files\WinRAR
2009-07-10 17:24:30 ----D---- C:\Documents and Settings\Tony\Data aplikací\Mozilla
2009-07-09 18:58:24 ----D---- C:\Program Files\eMule
2009-07-09 18:47:46 ----RASH---- C:\boot.ini
2009-07-09 18:47:46 ----AC---- C:\WINDOWS\win.ini
2009-07-09 18:47:46 ----A---- C:\WINDOWS\system.ini
2009-07-09 18:23:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-06 20:52:27 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-06 15:31:25 ----D---- C:\Documents and Settings\Tony\Data aplikací\teamspeak2
2009-07-04 21:27:54 ----D---- C:\WINDOWS\ERDNT
2009-07-04 20:45:25 ----D---- C:\WINDOWS\AppPatch
2009-07-04 19:22:48 ----D---- C:\Program Files\RegScrubXP
2009-07-04 16:00:20 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-02 22:13:00 ----D---- C:\Documents and Settings\Tony\Data aplikací\Octoshape
2009-07-02 10:52:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2002-05-03 931882]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S3 a98bhqim;a98bhqim; C:\WINDOWS\system32\drivers\a98bhqim.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Tony\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys [2006-11-10 61600]
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys [2006-11-10 9360]
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys [2006-11-10 97184]
S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys [2006-11-10 88688]
S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS); C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys [2006-11-10 18704]
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys [2006-11-10 86560]
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM); C:\WINDOWS\system32\DRIVERS\se2Bunic.sys [2006-11-10 90800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-02 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2002-05-03 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-26 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
_______________________________
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tony at 2009-07-19 16:15:53
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (55%) free of 38 GB
Total RAM: 767 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:10, on 19.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tony\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tony.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5029 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-02 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-02 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"nwiz"=nwiz.exe /install []
"PowerStrip"=c:\program files\powerstrip\pstrip.exe [2009-03-11 738336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-03-18 337216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
C:\PROGRA~1\Xfire\Xfire.exe []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steamapps\quinterboomsta89\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\quinterboomsta89\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\DanzigPrefEngine\danzig15.exe"="C:\Program Files\DanzigPrefEngine\danzig15.exe:*:Enabled:Danzig Pref Engine"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autoplay.exe
======List of files/folders created in the last 1 months======
2009-07-19 15:26:35 ----A---- C:\WINDOWS\isRS-000.tmp
2009-07-18 14:17:17 ----D---- C:\Program Files\Teamspeak2_RC2
2009-07-18 11:58:56 ----D---- C:\Program Files\PowerStrip
2009-07-13 08:21:12 ----D---- C:\WINDOWS\nview
2009-07-11 16:29:28 ----D---- C:\Program Files\7-Zip
2009-07-11 14:32:42 ----D---- C:\QIP Infium JadrisPack
2009-07-10 17:37:02 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-07-04 21:28:23 ----SHD---- C:\RECYCLER
2009-07-04 16:05:11 ----D---- C:\Program Files\VALVe
2009-07-02 17:31:40 ----D---- C:\Documents and Settings\Tony\Data aplikací\VitySoft
2009-07-02 17:29:01 ----D---- C:\Program Files\FlashGet
2009-06-30 20:32:54 ----D---- C:\Documents and Settings\Tony\Data aplikací\TeamViewer
2009-06-30 20:32:45 ----D---- C:\Program Files\TeamViewer
2009-06-25 20:02:39 ----D---- C:\Documents and Settings\Tony\Data aplikací\Allstar
======List of files/folders modified in the last 1 months======
2009-07-19 16:15:47 ----D---- C:\WINDOWS\Prefetch
2009-07-19 15:49:03 ----D---- C:\Documents and Settings\Tony\Data aplikací\uTorrent
2009-07-19 15:39:33 ----D---- C:\Program Files\Mozilla Firefox
2009-07-19 15:30:54 ----D---- C:\WINDOWS\Temp
2009-07-19 15:29:39 ----D---- C:\WINDOWS
2009-07-19 15:29:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-19 15:28:07 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-19 15:26:30 ----D---- C:\WINDOWS\system32\drivers
2009-07-19 13:59:54 ----D---- C:\Program Files\STEam
2009-07-19 01:03:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-18 14:17:17 ----RD---- C:\Program Files
2009-07-18 11:59:06 ----AC---- C:\WINDOWS\wininit.ini
2009-07-18 11:17:52 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-16 16:14:03 ----D---- C:\Program Files\IObit
2009-07-15 18:37:20 ----SHD---- C:\System Volume Information
2009-07-15 18:37:20 ----D---- C:\WINDOWS\system32\Restore
2009-07-15 18:30:18 ----D---- C:\WINDOWS\system32
2009-07-15 18:18:08 ----SD---- C:\WINDOWS\Tasks
2009-07-15 18:17:57 ----D---- C:\Documents and Settings\Tony\Data aplikací\IObit
2009-07-15 18:07:22 ----SHD---- C:\WINDOWS\Installer
2009-07-15 18:07:19 ----SHD---- C:\Config.Msi
2009-07-15 18:07:06 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-07-15 18:02:44 ----HD---- C:\WINDOWS\inf
2009-07-15 18:02:24 ----D---- C:\Program Files\Common Files
2009-07-15 18:02:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-07-13 08:21:18 ----D---- C:\WINDOWS\Help
2009-07-13 08:21:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-12 18:09:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-07-12 17:50:51 ----D---- C:\Downloads
2009-07-11 19:56:31 ----D---- C:\Program Files\WinRAR
2009-07-10 17:24:30 ----D---- C:\Documents and Settings\Tony\Data aplikací\Mozilla
2009-07-09 18:58:24 ----D---- C:\Program Files\eMule
2009-07-09 18:47:46 ----RASH---- C:\boot.ini
2009-07-09 18:47:46 ----AC---- C:\WINDOWS\win.ini
2009-07-09 18:47:46 ----A---- C:\WINDOWS\system.ini
2009-07-09 18:23:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-06 20:52:27 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-06 15:31:25 ----D---- C:\Documents and Settings\Tony\Data aplikací\teamspeak2
2009-07-04 21:27:54 ----D---- C:\WINDOWS\ERDNT
2009-07-04 20:45:25 ----D---- C:\WINDOWS\AppPatch
2009-07-04 19:22:48 ----D---- C:\Program Files\RegScrubXP
2009-07-04 16:00:20 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-02 22:13:00 ----D---- C:\Documents and Settings\Tony\Data aplikací\Octoshape
2009-07-02 10:52:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2002-05-03 931882]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S3 a98bhqim;a98bhqim; C:\WINDOWS\system32\drivers\a98bhqim.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Tony\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys [2006-11-10 61600]
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys [2006-11-10 9360]
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys [2006-11-10 97184]
S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys [2006-11-10 88688]
S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS); C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys [2006-11-10 18704]
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys [2006-11-10 86560]
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM); C:\WINDOWS\system32\DRIVERS\se2Bunic.sys [2006-11-10 90800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-02 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2002-05-03 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-26 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Takže tam něco je.
Doporučuji odinstalovat WinPatrol, stačí Spybot a Avast.
Vypni rez. ochranu u Avastu+deaktivuj Spybot.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Doporučuji odinstalovat WinPatrol, stačí Spybot a Avast.
Vypni rez. ochranu u Avastu+deaktivuj Spybot.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Log z ComboFixu
_________________________________
ComboFix 09-07-19.01 - Tony 19.07.2009 16:34.6.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.543 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tony\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090719-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-19 do 2009-07-19 )))))))))))))))))))))))))))))))
.
2009-07-18 12:17 . 2009-07-18 12:18 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-18 09:58 . 2009-07-19 08:51 -------- d-----w- c:\program files\PowerStrip
2009-07-13 06:21 . 2009-07-13 06:21 -------- d-----w- c:\windows\nview
2009-07-11 14:29 . 2009-07-11 14:29 -------- d-----w- c:\program files\7-Zip
2009-07-11 12:32 . 2009-07-11 14:41 -------- d-----w- C:\QIP Infium JadrisPack
2009-07-10 15:37 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-10 15:37 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-10 15:37 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-10 15:37 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-10 15:37 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-10 15:37 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-10 15:37 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-10 15:37 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-10 15:37 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\VALVe
2009-07-02 15:29 . 2009-07-03 23:01 -------- d-----w- c:\program files\FlashGet
2009-07-02 08:53 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-30 18:32 . 2009-07-01 09:29 -------- d-----w- c:\program files\TeamViewer
2009-06-30 18:31 . 2009-07-04 18:46 -------- d-----w- c:\documents and settings\Tony\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 13:29 . 2009-04-24 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 11:59 . 2009-06-16 14:11 -------- d-----w- c:\program files\STEam
2009-07-16 14:14 . 2009-03-15 11:36 -------- d-----w- c:\program files\IObit
2009-07-15 16:07 . 2009-06-15 11:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-13 11:36 . 2009-04-24 16:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-04-24 16:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 16:58 . 2009-05-25 17:38 -------- d-----w- c:\program files\eMule
2009-07-09 16:23 . 2009-03-24 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 18:52 . 2009-03-15 00:10 137928 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 18:52 . 2009-03-15 00:10 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-04 17:22 . 2009-03-24 19:11 -------- d-----w- c:\program files\RegScrubXP
2009-07-04 15:40 . 2004-08-03 21:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-04 14:00 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-07-04 14:00 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-06-18 19:35 . 2009-06-18 19:35 -------- d-----w- c:\program files\QIP
2009-06-16 20:00 . 2009-06-16 20:00 -------- d-----w- c:\program files\uTorrent
2009-06-15 15:05 . 2009-05-08 22:16 -------- d-----w- c:\program files\Seznam.cz
2009-06-15 15:03 . 2009-05-22 20:58 -------- d-----w- c:\program files\BitSpirit
2009-06-15 11:32 . 2009-03-21 08:11 -------- d-----w- c:\program files\Raxco
2009-06-12 10:39 . 2009-06-12 10:39 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-06-10 18:54 . 2009-05-02 13:01 -------- d-----w- c:\program files\GamePark
2009-06-09 15:25 . 2009-07-02 15:29 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys.flg
2009-06-08 17:20 . 2009-06-08 17:19 -------- d-----w- c:\program files\Ahead
2009-06-07 10:08 . 2009-06-07 10:08 -------- d-----w- c:\program files\Lavalys
2009-05-31 07:05 . 2009-05-31 07:05 -------- d-----w- c:\program files\compLexity Demo Player
2009-05-30 22:37 . 2009-05-30 22:32 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-05-29 17:23 . 2009-05-29 17:23 -------- d-----w- c:\program files\Sunbelt Software
2009-05-26 14:48 . 2009-03-24 19:09 -------- d-----w- c:\program files\BillP Studios
2009-05-23 11:21 . 2009-03-08 13:12 3490 -c--a-w- c:\windows\unins000.dat
2009-05-23 11:21 . 2009-05-23 11:21 673707 ----a-w- c:\windows\unins000.exe
2009-05-02 08:26 . 2009-03-24 11:34 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-04-24 19:51 . 2004-07-17 09:36 163644 -c--a-w- c:\windows\system32\drivers\secdrv.sys
2009-07-12 07:45 . 2009-07-10 15:24 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2009-07-04 15:40 359040 C81D6A930A7805F6DAA0C7902B99037E c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2009-03-11 738336]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-05-03 364544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\quinterboomsta89\\counter-strike\\hl.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\DanzigPrefEngine\\danzig15.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.7.2009 17:37 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.7.2009 17:37 20560]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-15 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-15 07:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Download Using &BitSpirit
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {06A27AFE-CF59-4724-A195-D8C76C57AFCB} = 213.180.32.2
FF - ProfilePath - c:\documents and settings\Tony\Data aplikací\Mozilla\Firefox\Profiles\cqpzq5o4.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 16:37
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB3D09A11E6B48EC60711CE1D5A2A3143935C7D0ADCC3A0B1D34422D3C9A9D4E15CDE7D120B8B0EE499FBEB3EE7A34F436CCFE3BBAD5D8A7FDA1B4E420256991BB86ED3B6E437D62F3BCF895D5F447180EF2B130AC21DE7DD9A1640E3E573274B03C35AEB2A9F6941DB42516FD53B41813CA1D9B60375514BE290D0F7D1F520CDCDA1CB1FD5C6746238863F73F2D57004009401C17724A64DFC4318628BCA8DC49E1447E43249B2A0BCA16B1D66C105130F6DE07F604CBDC119015C46DC595E3A66594815818E8E7FCA464EC6551C202A6F082FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452A64671D51DB481FC637639CF2A4C7FD573285ABBC42346D5634DB0D9129206AADBD9AC0DE6ABDC13E072341B76AFE2ADED31E089549E0A5256F603FCB74CD10BF65001B49D8F4706C163798EB8F851AD0CF7BE1EA3A25842360521557703B00B9E5701B824DFDD13E7C0BF249A4021760CDC72A5CD005C4640E1EA607B6243EEAB831307CCC056BDEAE7925C3F443A6D61A649CF60AE53C165DA1720DD39BABAAC4C7092617AF8CE9399D03B3AE39ABAB47DE852DC479061C9A4AB18AC7B60BA600DA7521C7921CF61F7ACC8152453C8606FC7E43908F810C5D387556BBD8D7CBE849840ADCC4010868DAC0F4DAE8949746CB1C5E0D2887F66E2DA6211BBB351F1D57B5AB928DA236AC6AB9FD351F7AFB44CC534302DCB24EA31A9D289D5544F548AD726596588DF26F1D88C8CFA69B41747F9F4FAC266384A804E3BB20D87517A0B0D26187D74E1094637EE524241D3C9FA94D005DE0D382AF6F3B45F8978F529A94B69F512E08896D99D61715E734D2AE831948A740C65691F9CDFD715E61E58189AFAE566A1F583AA3504A9AD89A6CC754091399ABFC417E71C5BD6A0A471B7ECD2EED1631E923B987F7A3230222678EA061BB0099B21F7249CCD0ABC9B5927A5A25C15935308DBE7CC6BB20C6C5929F5980B0A9FA584068898E096214403BDA08BDD7EA851C6B8404584C7092F8E0FA965BD4EDEF842EB30E2C212292F61C3A1E31153F3BB02D72F62F28414C35C0D792B137AEDC2EF8A1BA02487D3002BB64FD41ACCEF4CAF7425F46CEBBE9698B9407EEF8116C4E47729C8BAF5436C5AC9B5DB9D93B74E0BFBF59D27F63D2861E23A463D4AC3563F7AA2A7C1D13F422C5F444B484A8A2214915B556093689016060ABE68AC8B61E010B1E07480B15E2414CDC84784CC3C8E0BEE64D623BD765AD63378E0F722E4EC69E2E6175E2A3507B48ACE4E4A852500F3336BCDF95E1897BEA1559C6E6172CEE92B836D385BCDDFC1162A1497E179358A0C5D0EE10E46F757210F924647AFB2AADF5341D3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\msi.dll
c:\program files\powerstrip\pshook.dll
.
Celkový čas: 2009-07-19 16:40
ComboFix-quarantined-files.txt 2009-07-19 14:40
Před spuštěním: Volných bajtů: 21 955 751 936
Po spuštění: Volných bajtů: 21 939 503 104
153 --- E O F --- 2009-03-09 08:41
_________________________________
ComboFix 09-07-19.01 - Tony 19.07.2009 16:34.6.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.543 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tony\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090719-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-19 do 2009-07-19 )))))))))))))))))))))))))))))))
.
2009-07-18 12:17 . 2009-07-18 12:18 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-18 09:58 . 2009-07-19 08:51 -------- d-----w- c:\program files\PowerStrip
2009-07-13 06:21 . 2009-07-13 06:21 -------- d-----w- c:\windows\nview
2009-07-11 14:29 . 2009-07-11 14:29 -------- d-----w- c:\program files\7-Zip
2009-07-11 12:32 . 2009-07-11 14:41 -------- d-----w- C:\QIP Infium JadrisPack
2009-07-10 15:37 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-10 15:37 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-10 15:37 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-10 15:37 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-10 15:37 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-10 15:37 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-10 15:37 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-10 15:37 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-10 15:37 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\VALVe
2009-07-02 15:29 . 2009-07-03 23:01 -------- d-----w- c:\program files\FlashGet
2009-07-02 08:53 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-30 18:32 . 2009-07-01 09:29 -------- d-----w- c:\program files\TeamViewer
2009-06-30 18:31 . 2009-07-04 18:46 -------- d-----w- c:\documents and settings\Tony\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 13:29 . 2009-04-24 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 11:59 . 2009-06-16 14:11 -------- d-----w- c:\program files\STEam
2009-07-16 14:14 . 2009-03-15 11:36 -------- d-----w- c:\program files\IObit
2009-07-15 16:07 . 2009-06-15 11:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-13 11:36 . 2009-04-24 16:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-04-24 16:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 16:58 . 2009-05-25 17:38 -------- d-----w- c:\program files\eMule
2009-07-09 16:23 . 2009-03-24 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 18:52 . 2009-03-15 00:10 137928 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 18:52 . 2009-03-15 00:10 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-04 17:22 . 2009-03-24 19:11 -------- d-----w- c:\program files\RegScrubXP
2009-07-04 15:40 . 2004-08-03 21:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-04 14:00 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-07-04 14:00 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-06-18 19:35 . 2009-06-18 19:35 -------- d-----w- c:\program files\QIP
2009-06-16 20:00 . 2009-06-16 20:00 -------- d-----w- c:\program files\uTorrent
2009-06-15 15:05 . 2009-05-08 22:16 -------- d-----w- c:\program files\Seznam.cz
2009-06-15 15:03 . 2009-05-22 20:58 -------- d-----w- c:\program files\BitSpirit
2009-06-15 11:32 . 2009-03-21 08:11 -------- d-----w- c:\program files\Raxco
2009-06-12 10:39 . 2009-06-12 10:39 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-06-10 18:54 . 2009-05-02 13:01 -------- d-----w- c:\program files\GamePark
2009-06-09 15:25 . 2009-07-02 15:29 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys.flg
2009-06-08 17:20 . 2009-06-08 17:19 -------- d-----w- c:\program files\Ahead
2009-06-07 10:08 . 2009-06-07 10:08 -------- d-----w- c:\program files\Lavalys
2009-05-31 07:05 . 2009-05-31 07:05 -------- d-----w- c:\program files\compLexity Demo Player
2009-05-30 22:37 . 2009-05-30 22:32 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-05-29 17:23 . 2009-05-29 17:23 -------- d-----w- c:\program files\Sunbelt Software
2009-05-26 14:48 . 2009-03-24 19:09 -------- d-----w- c:\program files\BillP Studios
2009-05-23 11:21 . 2009-03-08 13:12 3490 -c--a-w- c:\windows\unins000.dat
2009-05-23 11:21 . 2009-05-23 11:21 673707 ----a-w- c:\windows\unins000.exe
2009-05-02 08:26 . 2009-03-24 11:34 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-04-24 19:51 . 2004-07-17 09:36 163644 -c--a-w- c:\windows\system32\drivers\secdrv.sys
2009-07-12 07:45 . 2009-07-10 15:24 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2009-07-04 15:40 359040 C81D6A930A7805F6DAA0C7902B99037E c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2009-03-11 738336]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-05-03 364544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\quinterboomsta89\\counter-strike\\hl.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\DanzigPrefEngine\\danzig15.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.7.2009 17:37 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.7.2009 17:37 20560]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-15 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-15 07:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Download Using &BitSpirit
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {06A27AFE-CF59-4724-A195-D8C76C57AFCB} = 213.180.32.2
FF - ProfilePath - c:\documents and settings\Tony\Data aplikací\Mozilla\Firefox\Profiles\cqpzq5o4.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 16:37
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB3D09A11E6B48EC60711CE1D5A2A3143935C7D0ADCC3A0B1D34422D3C9A9D4E15CDE7D120B8B0EE499FBEB3EE7A34F436CCFE3BBAD5D8A7FDA1B4E420256991BB86ED3B6E437D62F3BCF895D5F447180EF2B130AC21DE7DD9A1640E3E573274B03C35AEB2A9F6941DB42516FD53B41813CA1D9B60375514BE290D0F7D1F520CDCDA1CB1FD5C6746238863F73F2D57004009401C17724A64DFC4318628BCA8DC49E1447E43249B2A0BCA16B1D66C105130F6DE07F604CBDC119015C46DC595E3A66594815818E8E7FCA464EC6551C202A6F082FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452A64671D51DB481FC637639CF2A4C7FD573285ABBC42346D5634DB0D9129206AADBD9AC0DE6ABDC13E072341B76AFE2ADED31E089549E0A5256F603FCB74CD10BF65001B49D8F4706C163798EB8F851AD0CF7BE1EA3A25842360521557703B00B9E5701B824DFDD13E7C0BF249A4021760CDC72A5CD005C4640E1EA607B6243EEAB831307CCC056BDEAE7925C3F443A6D61A649CF60AE53C165DA1720DD39BABAAC4C7092617AF8CE9399D03B3AE39ABAB47DE852DC479061C9A4AB18AC7B60BA600DA7521C7921CF61F7ACC8152453C8606FC7E43908F810C5D387556BBD8D7CBE849840ADCC4010868DAC0F4DAE8949746CB1C5E0D2887F66E2DA6211BBB351F1D57B5AB928DA236AC6AB9FD351F7AFB44CC534302DCB24EA31A9D289D5544F548AD726596588DF26F1D88C8CFA69B41747F9F4FAC266384A804E3BB20D87517A0B0D26187D74E1094637EE524241D3C9FA94D005DE0D382AF6F3B45F8978F529A94B69F512E08896D99D61715E734D2AE831948A740C65691F9CDFD715E61E58189AFAE566A1F583AA3504A9AD89A6CC754091399ABFC417E71C5BD6A0A471B7ECD2EED1631E923B987F7A3230222678EA061BB0099B21F7249CCD0ABC9B5927A5A25C15935308DBE7CC6BB20C6C5929F5980B0A9FA584068898E096214403BDA08BDD7EA851C6B8404584C7092F8E0FA965BD4EDEF842EB30E2C212292F61C3A1E31153F3BB02D72F62F28414C35C0D792B137AEDC2EF8A1BA02487D3002BB64FD41ACCEF4CAF7425F46CEBBE9698B9407EEF8116C4E47729C8BAF5436C5AC9B5DB9D93B74E0BFBF59D27F63D2861E23A463D4AC3563F7AA2A7C1D13F422C5F444B484A8A2214915B556093689016060ABE68AC8B61E010B1E07480B15E2414CDC84784CC3C8E0BEE64D623BD765AD63378E0F722E4EC69E2E6175E2A3507B48ACE4E4A852500F3336BCDF95E1897BEA1559C6E6172CEE92B836D385BCDDFC1162A1497E179358A0C5D0EE10E46F757210F924647AFB2AADF5341D3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\msi.dll
c:\program files\powerstrip\pshook.dll
.
Celkový čas: 2009-07-19 16:40
ComboFix-quarantined-files.txt 2009-07-19 14:40
Před spuštěním: Volných bajtů: 21 955 751 936
Po spuštění: Volných bajtů: 21 939 503 104
153 --- E O F --- 2009-03-09 08:41
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\drivers\tcpip.sys
c:\\Program Files\\DanzigPrefEngine\\danzig15.exe
Vlož sem pak odkazy výsledků.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\drivers\avgntflt.sys
c:\windows\unins000.dat
c:\windows\unins000.exe
DirLook::
c:\documents and settings\Tony\temp
Driver::
avgntfltZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\drivers\tcpip.sys
c:\\Program Files\\DanzigPrefEngine\\danzig15.exe
Vlož sem pak odkazy výsledků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Nový log z ComboFixu
__________________________________________
ComboFix 09-07-19.01 - Tony 19.07.2009 17:32.7.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.554 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tony\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tony\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090719-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\drivers\avgntflt.sys"
"c:\windows\unins000.dat"
"c:\windows\unins000.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\avgntflt.sys
c:\windows\unins000.dat
c:\windows\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-19 do 2009-07-19 )))))))))))))))))))))))))))))))
.
2009-07-18 12:17 . 2009-07-18 12:18 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-18 09:58 . 2009-07-19 08:51 -------- d-----w- c:\program files\PowerStrip
2009-07-13 06:21 . 2009-07-13 06:21 -------- d-----w- c:\windows\nview
2009-07-11 14:29 . 2009-07-11 14:29 -------- d-----w- c:\program files\7-Zip
2009-07-11 12:32 . 2009-07-11 14:41 -------- d-----w- C:\QIP Infium JadrisPack
2009-07-10 15:37 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-10 15:37 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-10 15:37 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-10 15:37 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-10 15:37 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-10 15:37 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-10 15:37 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-10 15:37 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-10 15:37 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\VALVe
2009-07-02 15:29 . 2009-07-03 23:01 -------- d-----w- c:\program files\FlashGet
2009-06-30 18:32 . 2009-07-01 09:29 -------- d-----w- c:\program files\TeamViewer
2009-06-30 18:31 . 2009-07-04 18:46 -------- d-----w- c:\documents and settings\Tony\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 13:29 . 2009-04-24 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 11:59 . 2009-06-16 14:11 -------- d-----w- c:\program files\STEam
2009-07-16 14:14 . 2009-03-15 11:36 -------- d-----w- c:\program files\IObit
2009-07-15 16:07 . 2009-06-15 11:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-13 11:36 . 2009-04-24 16:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-04-24 16:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 16:58 . 2009-05-25 17:38 -------- d-----w- c:\program files\eMule
2009-07-09 16:23 . 2009-03-24 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 18:52 . 2009-03-15 00:10 137928 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 18:52 . 2009-03-15 00:10 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-04 17:22 . 2009-03-24 19:11 -------- d-----w- c:\program files\RegScrubXP
2009-07-04 15:40 . 2004-08-03 21:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-04 14:00 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-07-04 14:00 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-06-18 19:35 . 2009-06-18 19:35 -------- d-----w- c:\program files\QIP
2009-06-16 20:00 . 2009-06-16 20:00 -------- d-----w- c:\program files\uTorrent
2009-06-15 15:05 . 2009-05-08 22:16 -------- d-----w- c:\program files\Seznam.cz
2009-06-15 15:03 . 2009-05-22 20:58 -------- d-----w- c:\program files\BitSpirit
2009-06-15 11:32 . 2009-03-21 08:11 -------- d-----w- c:\program files\Raxco
2009-06-12 10:39 . 2009-06-12 10:39 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-06-10 18:54 . 2009-05-02 13:01 -------- d-----w- c:\program files\GamePark
2009-06-09 15:25 . 2009-07-02 15:29 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys.flg
2009-06-08 17:20 . 2009-06-08 17:19 -------- d-----w- c:\program files\Ahead
2009-06-07 10:08 . 2009-06-07 10:08 -------- d-----w- c:\program files\Lavalys
2009-05-31 07:05 . 2009-05-31 07:05 -------- d-----w- c:\program files\compLexity Demo Player
2009-05-30 22:37 . 2009-05-30 22:32 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-05-29 17:23 . 2009-05-29 17:23 -------- d-----w- c:\program files\Sunbelt Software
2009-05-26 14:48 . 2009-03-24 19:09 -------- d-----w- c:\program files\BillP Studios
2009-05-02 08:26 . 2009-03-24 11:34 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-04-24 19:51 . 2004-07-17 09:36 163644 -c--a-w- c:\windows\system32\drivers\secdrv.sys
2009-07-12 07:45 . 2009-07-10 15:24 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Tony\temp ----
((((((((((((((((((((((((((((( SnapShot@2009-07-19_14.38.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-19 15:38 . 2009-07-19 15:38 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat
- 2009-07-19 14:19 . 2009-07-19 14:19 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat
+ 2009-07-19 15:26 . 2009-07-19 15:26 16384 c:\windows\Temp\Perflib_Perfdata_534.dat
+ 2009-07-19 15:38 . 2009-07-19 15:38 16384 c:\windows\Temp\Perflib_Perfdata_244.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2009-03-11 738336]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-05-03 364544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\quinterboomsta89\\counter-strike\\hl.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\DanzigPrefEngine\\danzig15.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.7.2009 17:37 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.7.2009 17:37 20560]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Download Using &BitSpirit
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {06A27AFE-CF59-4724-A195-D8C76C57AFCB} = 213.180.32.2
FF - ProfilePath - c:\documents and settings\Tony\Data aplikací\Mozilla\Firefox\Profiles\cqpzq5o4.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 17:38
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB3D09A11E6B48EC60711CE1D5A2A3143935C7D0ADCC3A0B1D34422D3C9A9D4E15CDE7D120B8B0EE499FBEB3EE7A34F436CCFE3BBAD5D8A7FDA1B4E420256991BB86ED3B6E437D62F3BCF895D5F447180EF2B130AC21DE7DD9A1640E3E573274B03C35AEB2A9F6941DB42516FD53B41813CA1D9B60375514BE290D0F7D1F520CDCDA1CB1FD5C6746238863F73F2D57004009401C17724A64DFC4318628BCA8DC49E1447E43249B2A0BCA16B1D66C105130F6DE07F604CBDC119015C46DC595E3A66594815818E8E7FCA464EC6551C202A6F082FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452A64671D51DB481FC637639CF2A4C7FD573285ABBC42346D5634DB0D9129206AADBD9AC0DE6ABDC13E072341B76AFE2ADED31E089549E0A5256F603FCB74CD10BF65001B49D8F4706C163798EB8F851AD0CF7BE1EA3A25842360521557703B00B9E5701B824DFDD13E7C0BF249A4021760CDC72A5CD005C4640E1EA607B6243EEAB831307CCC056BDEAE7925C3F443A6D61A649CF60AE53C165DA1720DD39BABAAC4C7092617AF8CE9399D03B3AE39ABAB47DE852DC479061C9A4AB18AC7B60BA600DA7521C7921CF61F7ACC8152453C8606FC7E43908F810C5D387556BBD8D7CBE849840ADCC4010868DAC0F4DAE8949746CB1C5E0D2887F66E2DA6211BBB351F1D57B5AB928DA236AC6AB9FD351F7AFB44CC534302DCB24EA31A9D289D5544F548AD726596588DF26F1D88C8CFA69B41747F9F4FAC266384A804E3BB20D87517A0B0D26187D74E1094637EE524241D3C9FA94D005DE0D382AF6F3B45F8978F529A94B69F512E08896D99D61715E734D2AE831948A740C65691F9CDFD715E61E58189AFAE566A1F583AA3504A9AD89A6CC754091399ABFC417E71C5BD6A0A471B7ECD2EED1631E923B987F7A3230222678EA061BB0099B21F7249CCD0ABC9B5927A5A25C15935308DBE7CC6BB20C6C5929F5980B0A9FA584068898E096214403BDA08BDD7EA851C6B8404584C7092F8E0FA965BD4EDEF842EB30E2C212292F61C3A1E31153F3BB02D72F62F28414C35C0D792B137AEDC2EF8A1BA02487D3002BB64FD41ACCEF4CAF7425F46CEBBE9698B9407EEF8116C4E47729C8BAF5436C5AC9B5DB9D93B74E0BFBF59D27F63D2861E23A463D4AC3563F7AA2A7C1D13F422C5F444B484A8A2214915B556093689016060ABE68AC8B61E010B1E07480B15E2414CDC84784CC3C8E0BEE64D623BD765AD63378E0F722E4EC69E2E6175E2A3507B48ACE4E4A852500F3336BCDF95E1897BEA1559C6E6172CEE92B836D385BCDDFC1162A1497E179358A0C5D0EE10E46F757210F924647AFB2AADF5341D3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4036)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\devldr32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-07-19 17:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-19 15:43
ComboFix2.txt 2009-07-19 14:40
Před spuštěním: Volných bajtů: 21 931 515 904
Po spuštění: Volných bajtů: 21 924 610 048
178 --- E O F --- 2009-03-09 08:41
__________________________________________
ComboFix 09-07-19.01 - Tony 19.07.2009 17:32.7.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.554 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tony\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tony\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090719-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\drivers\avgntflt.sys"
"c:\windows\unins000.dat"
"c:\windows\unins000.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\avgntflt.sys
c:\windows\unins000.dat
c:\windows\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-19 do 2009-07-19 )))))))))))))))))))))))))))))))
.
2009-07-18 12:17 . 2009-07-18 12:18 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-18 09:58 . 2009-07-19 08:51 -------- d-----w- c:\program files\PowerStrip
2009-07-13 06:21 . 2009-07-13 06:21 -------- d-----w- c:\windows\nview
2009-07-11 14:29 . 2009-07-11 14:29 -------- d-----w- c:\program files\7-Zip
2009-07-11 12:32 . 2009-07-11 14:41 -------- d-----w- C:\QIP Infium JadrisPack
2009-07-10 15:37 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-10 15:37 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-10 15:37 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-10 15:37 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-10 15:37 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-10 15:37 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-10 15:37 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-10 15:37 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-10 15:37 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\VALVe
2009-07-02 15:29 . 2009-07-03 23:01 -------- d-----w- c:\program files\FlashGet
2009-06-30 18:32 . 2009-07-01 09:29 -------- d-----w- c:\program files\TeamViewer
2009-06-30 18:31 . 2009-07-04 18:46 -------- d-----w- c:\documents and settings\Tony\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 13:29 . 2009-04-24 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 11:59 . 2009-06-16 14:11 -------- d-----w- c:\program files\STEam
2009-07-16 14:14 . 2009-03-15 11:36 -------- d-----w- c:\program files\IObit
2009-07-15 16:07 . 2009-06-15 11:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-13 11:36 . 2009-04-24 16:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-04-24 16:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 16:58 . 2009-05-25 17:38 -------- d-----w- c:\program files\eMule
2009-07-09 16:23 . 2009-03-24 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-06 18:52 . 2009-03-15 00:10 137928 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 18:52 . 2009-03-15 00:10 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-04 17:22 . 2009-03-24 19:11 -------- d-----w- c:\program files\RegScrubXP
2009-07-04 15:40 . 2004-08-03 21:14 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-04 14:00 . 2001-10-25 14:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-07-04 14:00 . 2001-10-25 14:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-06-18 19:35 . 2009-06-18 19:35 -------- d-----w- c:\program files\QIP
2009-06-16 20:00 . 2009-06-16 20:00 -------- d-----w- c:\program files\uTorrent
2009-06-15 15:05 . 2009-05-08 22:16 -------- d-----w- c:\program files\Seznam.cz
2009-06-15 15:03 . 2009-05-22 20:58 -------- d-----w- c:\program files\BitSpirit
2009-06-15 11:32 . 2009-03-21 08:11 -------- d-----w- c:\program files\Raxco
2009-06-12 10:39 . 2009-06-12 10:39 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-06-10 18:54 . 2009-05-02 13:01 -------- d-----w- c:\program files\GamePark
2009-06-09 15:25 . 2009-07-02 15:29 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys.flg
2009-06-08 17:20 . 2009-06-08 17:19 -------- d-----w- c:\program files\Ahead
2009-06-07 10:08 . 2009-06-07 10:08 -------- d-----w- c:\program files\Lavalys
2009-05-31 07:05 . 2009-05-31 07:05 -------- d-----w- c:\program files\compLexity Demo Player
2009-05-30 22:37 . 2009-05-30 22:32 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-05-29 17:23 . 2009-05-29 17:23 -------- d-----w- c:\program files\Sunbelt Software
2009-05-26 14:48 . 2009-03-24 19:09 -------- d-----w- c:\program files\BillP Studios
2009-05-02 08:26 . 2009-03-24 11:34 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-04-24 19:51 . 2004-07-17 09:36 163644 -c--a-w- c:\windows\system32\drivers\secdrv.sys
2009-07-12 07:45 . 2009-07-10 15:24 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Tony\temp ----
((((((((((((((((((((((((((((( SnapShot@2009-07-19_14.38.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-19 15:38 . 2009-07-19 15:38 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat
- 2009-07-19 14:19 . 2009-07-19 14:19 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat
+ 2009-07-19 15:26 . 2009-07-19 15:26 16384 c:\windows\Temp\Perflib_Perfdata_534.dat
+ 2009-07-19 15:38 . 2009-07-19 15:38 16384 c:\windows\Temp\Perflib_Perfdata_244.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2009-03-11 738336]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-05-03 364544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\quinterboomsta89\\counter-strike\\hl.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"c:\\Program Files\\DanzigPrefEngine\\danzig15.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.7.2009 17:37 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.7.2009 17:37 20560]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Download Using &BitSpirit
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {06A27AFE-CF59-4724-A195-D8C76C57AFCB} = 213.180.32.2
FF - ProfilePath - c:\documents and settings\Tony\Data aplikací\Mozilla\Firefox\Profiles\cqpzq5o4.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 17:38
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB3D09A11E6B48EC60711CE1D5A2A3143935C7D0ADCC3A0B1D34422D3C9A9D4E15CDE7D120B8B0EE499FBEB3EE7A34F436CCFE3BBAD5D8A7FDA1B4E420256991BB86ED3B6E437D62F3BCF895D5F447180EF2B130AC21DE7DD9A1640E3E573274B03C35AEB2A9F6941DB42516FD53B41813CA1D9B60375514BE290D0F7D1F520CDCDA1CB1FD5C6746238863F73F2D57004009401C17724A64DFC4318628BCA8DC49E1447E43249B2A0BCA16B1D66C105130F6DE07F604CBDC119015C46DC595E3A66594815818E8E7FCA464EC6551C202A6F082FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452A64671D51DB481FC637639CF2A4C7FD573285ABBC42346D5634DB0D9129206AADBD9AC0DE6ABDC13E072341B76AFE2ADED31E089549E0A5256F603FCB74CD10BF65001B49D8F4706C163798EB8F851AD0CF7BE1EA3A25842360521557703B00B9E5701B824DFDD13E7C0BF249A4021760CDC72A5CD005C4640E1EA607B6243EEAB831307CCC056BDEAE7925C3F443A6D61A649CF60AE53C165DA1720DD39BABAAC4C7092617AF8CE9399D03B3AE39ABAB47DE852DC479061C9A4AB18AC7B60BA600DA7521C7921CF61F7ACC8152453C8606FC7E43908F810C5D387556BBD8D7CBE849840ADCC4010868DAC0F4DAE8949746CB1C5E0D2887F66E2DA6211BBB351F1D57B5AB928DA236AC6AB9FD351F7AFB44CC534302DCB24EA31A9D289D5544F548AD726596588DF26F1D88C8CFA69B41747F9F4FAC266384A804E3BB20D87517A0B0D26187D74E1094637EE524241D3C9FA94D005DE0D382AF6F3B45F8978F529A94B69F512E08896D99D61715E734D2AE831948A740C65691F9CDFD715E61E58189AFAE566A1F583AA3504A9AD89A6CC754091399ABFC417E71C5BD6A0A471B7ECD2EED1631E923B987F7A3230222678EA061BB0099B21F7249CCD0ABC9B5927A5A25C15935308DBE7CC6BB20C6C5929F5980B0A9FA584068898E096214403BDA08BDD7EA851C6B8404584C7092F8E0FA965BD4EDEF842EB30E2C212292F61C3A1E31153F3BB02D72F62F28414C35C0D792B137AEDC2EF8A1BA02487D3002BB64FD41ACCEF4CAF7425F46CEBBE9698B9407EEF8116C4E47729C8BAF5436C5AC9B5DB9D93B74E0BFBF59D27F63D2861E23A463D4AC3563F7AA2A7C1D13F422C5F444B484A8A2214915B556093689016060ABE68AC8B61E010B1E07480B15E2414CDC84784CC3C8E0BEE64D623BD765AD63378E0F722E4EC69E2E6175E2A3507B48ACE4E4A852500F3336BCDF95E1897BEA1559C6E6172CEE92B836D385BCDDFC1162A1497E179358A0C5D0EE10E46F757210F924647AFB2AADF5341D3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4036)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\devldr32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-07-19 17:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-19 15:43
ComboFix2.txt 2009-07-19 14:40
Před spuštěním: Volných bajtů: 21 931 515 904
Po spuštění: Volných bajtů: 21 924 610 048
178 --- E O F --- 2009-03-09 08:41
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Při průběhu scanu se mi zobrazil error, HJT jsem vypnul a spustil log znova, chyba už se neobjevila.Zapomněl jsem udělat screen screen
Nový log z HJT
_____________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:29, on 19.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4930 bytes
Nový log z HJT
_____________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:29, on 19.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4930 bytes
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
testy souborů
c:\windows\system32\drivers\tcpip.sys
http://www.virustotal.com/cs/analisis/a ... 1248019094
c:\\Program Files\\DanzigPrefEngine\\danzig15.exe
http://www.virustotal.com/cs/analisis/a ... 1248019301
ten druhý něco našel
c:\windows\system32\drivers\tcpip.sys
http://www.virustotal.com/cs/analisis/a ... 1248019094
c:\\Program Files\\DanzigPrefEngine\\danzig15.exe
http://www.virustotal.com/cs/analisis/a ... 1248019301
ten druhý něco našel
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - zpomalený chod aplikací, zamrzání PC
Odinstaluj:
c:\\Program Files\\DanzigPrefEngine - poté složku smaž.
c:\documents and settings\Tony\temp --složka je prázdná , můžeš smazat
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud problémy přetrvávají , bude problém v HW.
c:\\Program Files\\DanzigPrefEngine - poté složku smaž.
c:\documents and settings\Tony\temp --složka je prázdná , můžeš smazat
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud problémy přetrvávají , bude problém v HW.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Google [Bot] a 88 hostů