Zdravím, chtěl bych Vás poprosit o kontrolu logu.
PC po spuštění nabíhá (poměrně dlouho) a jakmile se objeví profil, tak se načte plocha, část ikon a ikona práce HDD jede pořád naplno:-( V nouzovém režimu je všechno v pořádku, PC funguje.
Zatím jsem provedl opravu registrů pomocí CCleaner+vyčištění, MBAM sken a nyní běží Avast rychlí sken. Ale výsledek žádný - vše prováděno v nouzovém režimu.
Děkuji za kontrolu.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:39, on 20.8.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
D:\Martin_\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.205:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: CHelper Class - {0F469452-B579-4F29-94A2-AE86C86067A6} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran 2006 - {66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O9 - Extra 'Tools' menuitem: Eurotran 2006 - {66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll
O9 - Extra 'Tools' menuitem: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ntrigserv - Unknown owner - C:\Program Files\N-trig\N-trig Software Bundle\srvany.exe
--
End of file - 6529 bytes
Win7 Prof - po startu jede disk na plno a dale nic
-
masterbill
- Level 2.5
- Příspěvky: 349
- Registrován: březen 08
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Win7 Prof - po startu jede disk na plno a dale nic
sice tu nejsem rádce, ale odinstaluj ICQ Toolbar :)
Když nejsi rádce, tak tu nemáš psát nic. Příště bez milosti mažu. Žbeky
Když nejsi rádce, tak tu nemáš psát nic. Příště bez milosti mažu. Žbeky
Asus IPIBL-LA (Berkeley), Intel Core 2 Quatro Q 6600 2.40 GHz, RAM 4 x 1 GB DDR2 667 SDRAM, Nvidia GeForce GTX 680, Realtek ALC1200 (integr.), Hitachi HDT725050VLA360 500GB, Windows 7 64 bit -> W10
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Win7 Prof - po startu jede disk na plno a dale nic
Zkontroluj PIO/DMA
Proxy 192.168.10.205:3128 znáš?
Odinstaluj ICQ Toolbar
Fixni:
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
Proxy 192.168.10.205:3128 znáš?
Odinstaluj ICQ Toolbar
Fixni:
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cabVypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Win7 Prof - po startu jede disk na plno a dale nic
Tak aktuálně se nelze dostat ani do Nouzového režimu. Zásek při výpisu načítání, konkrétně:
"Načteno: \Windows\system32\DRIVERS\CLASSPNP.SYS"
Pak kompl vytuhne a svítí jen ikona disku + na displeji úplně nahoře se objeví graficky rozhozená tenká linka... Pak se sám restartuje (cca po 3 minutách....)
Zkusím obnovit MBR...
"Načteno: \Windows\system32\DRIVERS\CLASSPNP.SYS"
Pak kompl vytuhne a svítí jen ikona disku + na displeji úplně nahoře se objeví graficky rozhozená tenká linka... Pak se sám restartuje (cca po 3 minutách....)
Zkusím obnovit MBR...
Re: Win7 Prof - po startu jede disk na plno a dale nic
omlouvám se, ale odpoledních problémech jsem musel odjet a začal jsem se tím zabývat až nyní....
Odinstaloval jsem udávaný ICQ Toolbar a fixl dané položky. Níže přikládám nový log z HJT. Akorát po startu mi PC hlásí, že systém zjisti chyby na HDD... Tak nevím, jestli mám čekat jeho konec nebo zkusit nějakou utilitu výrobce (Samsung HS1222JC)... Celkem dlouho mu trvá něco otevřít (netbook s 1,2 Ghz...)
¨Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:28, on 21.8.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Users\a\Desktop\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.205:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: CHelper Class - {0F469452-B579-4F29-94A2-AE86C86067A6} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran 2006 - {66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O9 - Extra 'Tools' menuitem: Eurotran 2006 - {66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll
O9 - Extra 'Tools' menuitem: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ntrigserv - Unknown owner - C:\Program Files\N-trig\N-trig Software Bundle\srvany.exe
--
End of file - 5273 bytes
Odinstaloval jsem udávaný ICQ Toolbar a fixl dané položky. Níže přikládám nový log z HJT. Akorát po startu mi PC hlásí, že systém zjisti chyby na HDD... Tak nevím, jestli mám čekat jeho konec nebo zkusit nějakou utilitu výrobce (Samsung HS1222JC)... Celkem dlouho mu trvá něco otevřít (netbook s 1,2 Ghz...)
¨Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:28, on 21.8.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Users\a\Desktop\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.205:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: CHelper Class - {0F469452-B579-4F29-94A2-AE86C86067A6} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran 2006 - {66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O9 - Extra 'Tools' menuitem: Eurotran 2006 - {66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - C:\Program Files\Microton 2006\Eurotran\etran_i.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll
O9 - Extra 'Tools' menuitem: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ntrigserv - Unknown owner - C:\Program Files\N-trig\N-trig Software Bundle\srvany.exe
--
End of file - 5273 bytes
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Win7 Prof - po startu jede disk na plno a dale nic
Udělej a dej sem ten log z Combofixu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Win7 Prof - po startu jede disk na plno a dale nic
Tak jsem aktuálně projel PC pomocí Combo Fixu. Všechno proběhlo v pořádku. Nicméně, když jsem chtěl poté spustit nějakou aplikaci - např. IE/FF pro odeslání logu bylo sděleno následující hlášení: "Pokus použít neplatnou operaci na klíč registru, který je označen pro smazání". Tak jsem ho restartl a nechce naběhnout. Spustí se program pro "Oprava spouštění systému", proběhne a nakonec vyhlásí, že systém nelze opravit...
Tím pádem nechce kompl vůbec naběhnout (ani do Nouzového režimu). Pořád se to opakuje....
Tím pádem nechce kompl vůbec naběhnout (ani do Nouzového režimu). Pořád se to opakuje....
Re: Win7 Prof - po startu jede disk na plno a dale nic
tak ntb se zahadne bezproblemu rozjel, stale však po spuštění Win7 píšou probléms diskem...
níže přikládám výpis z ComboFixu...
ComboFix 11-08-21.01 - a 22.08.2011 6:30.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2814.1899 [GMT 2:00]
Spuštěný z: c:\users\a\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 04:44 . 2011-08-22 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 04:44 . 2011-08-22 04:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-21 19:42 . 2011-08-21 19:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-21 19:38 . 2011-08-21 19:38 -------- d-----w- C:\found.006
2011-08-21 11:54 . 2011-08-21 11:54 -------- d-----w- C:\found.005
2011-08-21 11:49 . 2011-08-21 11:49 -------- d-----w- C:\found.004
2011-08-21 11:43 . 2011-08-21 11:43 -------- d-----w- C:\found.003
2011-08-21 11:38 . 2011-08-21 11:38 -------- d-----w- C:\found.002
2011-08-20 16:02 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-20 16:02 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-20 16:02 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-20 16:02 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-20 16:02 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-20 16:02 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-20 16:01 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-20 16:01 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-20 16:01 . 2011-08-20 16:01 -------- d-----w- c:\programdata\AVAST Software
2011-08-20 16:01 . 2011-08-20 16:01 -------- d-----w- c:\program files\AVAST Software
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\users\a\AppData\Roaming\Malwarebytes
2011-08-20 15:21 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\programdata\Malwarebytes
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-20 15:21 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 15:17 . 2011-08-20 15:17 -------- d-----w- c:\program files\CCleaner
2011-08-19 16:09 . 2011-08-19 16:09 -------- d-----w- C:\found.001
2011-08-17 22:23 . 2011-08-17 22:23 -------- d-----w- C:\found.000
2011-08-17 07:39 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-17 07:38 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\mpengine.dll
2011-08-14 17:42 . 2011-01-27 13:46 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E98C368C-D07B-4F25-9DFA-240321BF3A06}\gapaengine.dll
2011-08-10 17:31 . 2011-08-10 17:31 -------- d-----w- c:\users\a\AppData\Local\Mozilla
2011-08-09 20:33 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 20:33 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 20:31 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-09 20:31 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-09 20:31 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-09 20:31 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-09 07:14 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-28 20:02 . 2011-08-20 15:19 -------- d-----w- c:\users\a\AppData\Roaming\Skype
2011-07-28 20:01 . 2011-07-28 20:02 -------- d-----r- c:\program files\Skype
2011-07-28 20:01 . 2011-07-28 20:01 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 02:37 . 2011-07-13 18:52 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:35 . 2011-06-29 19:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-21_13.35.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-10 15:29 . 2011-08-22 04:28 11310 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-08-22 04:28 40616 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-10 14:21 . 2011-08-21 12:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 14:21 . 2011-08-21 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 14:21 . 2011-08-21 12:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 14:21 . 2011-08-21 13:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-08-21 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-08-21 12:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 14:30 . 2011-08-22 04:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-08-21 19:23 85672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 14:30 . 2011-08-22 04:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-10 14:30 . 2011-08-22 04:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-21 12:08 . 2011-08-22 04:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-21 12:08 . 2011-08-21 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-21 12:09 . 2011-08-22 04:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-21 12:09 . 2011-08-21 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-27 19:51 . 2011-08-21 13:50 2732 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2010-12-10 14:36 . 2011-08-22 04:28 3610 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3624773248-1018097710-84256828-1000_UserData.bin
+ 2011-08-22 04:25 . 2011-08-22 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-20 16:42 . 2011-08-21 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-22 04:25 . 2011-08-22 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-20 16:42 . 2011-08-21 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-08-22 04:33 622192 c:\windows\System32\perfh009.dat
+ 2009-07-14 08:44 . 2011-08-22 04:33 645584 c:\windows\System32\perfh005.dat
+ 2009-07-14 02:05 . 2011-08-22 04:33 111280 c:\windows\System32\perfc009.dat
+ 2009-07-14 08:44 . 2011-08-22 04:33 126924 c:\windows\System32\perfc005.dat
+ 2011-08-21 19:42 . 2011-08-21 19:42 243360 c:\windows\System32\Macromed\Flash\FlashUtil10v_Plugin.exe
- 2009-07-14 04:47 . 2011-08-18 15:17 275572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-08-21 19:53 275572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-08-21 19:32 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-08-17 23:58 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-12-27 20:21 . 2011-08-21 19:42 6277280 c:\windows\System32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-12-05 11:30 2295072 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R1 MpKsl10391a54;MpKsl10391a54;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl10391a54.sys [x]
R1 MpKsl31a21a90;MpKsl31a21a90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl31a21a90.sys [2011-08-17 28752]
R1 MpKsl7e3a93bf;MpKsl7e3a93bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl7e3a93bf.sys [2011-08-21 28752]
R1 MpKslc20dccc0;MpKslc20dccc0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKslc20dccc0.sys [2011-08-17 28752]
R1 MpKsle3ec944b;MpKsle3ec944b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsle3ec944b.sys [2011-08-21 28752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ntrigserv;ntrigserv;c:\program files\N-trig\N-trig Software Bundle\srvany.exe [2009-07-13 13312]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2008-07-27 5632]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2009-06-03 44544]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-20 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 11:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 192.168.10.205:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - {71F1BA92-1F94-40F6-B90B-1FCB61C17E8D} - c:\program files\Microton 2006\Eurotran\etran_i.dll
IE: {{9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - {6C7FB4BA-53BF-4e0f-8A53-1DA8770264F5} - c:\program files\Microton 2006\Lexie\lexie.dll
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\d7o6tc81.default\
FF - prefs.js: network.proxy.ftp - 192.168.10.205
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.10.205
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.10.205
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.10.205
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.10.205
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-22 06:53:06
ComboFix-quarantined-files.txt 2011-08-22 04:53
ComboFix2.txt 2011-08-21 13:43
.
Před spuštěním: Volných bajtů: 13 263 183 872
Po spuštění: Volných bajtů: 13 261 262 848
.
- - End Of File - - 2E3D2346330BCCB279131D5C73E7946F
níže přikládám výpis z ComboFixu...ComboFix 11-08-21.01 - a 22.08.2011 6:30.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2814.1899 [GMT 2:00]
Spuštěný z: c:\users\a\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 04:44 . 2011-08-22 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 04:44 . 2011-08-22 04:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-21 19:42 . 2011-08-21 19:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-21 19:38 . 2011-08-21 19:38 -------- d-----w- C:\found.006
2011-08-21 11:54 . 2011-08-21 11:54 -------- d-----w- C:\found.005
2011-08-21 11:49 . 2011-08-21 11:49 -------- d-----w- C:\found.004
2011-08-21 11:43 . 2011-08-21 11:43 -------- d-----w- C:\found.003
2011-08-21 11:38 . 2011-08-21 11:38 -------- d-----w- C:\found.002
2011-08-20 16:02 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-20 16:02 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-20 16:02 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-20 16:02 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-20 16:02 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-20 16:02 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-20 16:01 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-20 16:01 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-20 16:01 . 2011-08-20 16:01 -------- d-----w- c:\programdata\AVAST Software
2011-08-20 16:01 . 2011-08-20 16:01 -------- d-----w- c:\program files\AVAST Software
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\users\a\AppData\Roaming\Malwarebytes
2011-08-20 15:21 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\programdata\Malwarebytes
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-20 15:21 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 15:17 . 2011-08-20 15:17 -------- d-----w- c:\program files\CCleaner
2011-08-19 16:09 . 2011-08-19 16:09 -------- d-----w- C:\found.001
2011-08-17 22:23 . 2011-08-17 22:23 -------- d-----w- C:\found.000
2011-08-17 07:39 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-17 07:38 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\mpengine.dll
2011-08-14 17:42 . 2011-01-27 13:46 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E98C368C-D07B-4F25-9DFA-240321BF3A06}\gapaengine.dll
2011-08-10 17:31 . 2011-08-10 17:31 -------- d-----w- c:\users\a\AppData\Local\Mozilla
2011-08-09 20:33 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 20:33 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 20:31 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-09 20:31 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-09 20:31 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-09 20:31 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-09 07:14 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-28 20:02 . 2011-08-20 15:19 -------- d-----w- c:\users\a\AppData\Roaming\Skype
2011-07-28 20:01 . 2011-07-28 20:02 -------- d-----r- c:\program files\Skype
2011-07-28 20:01 . 2011-07-28 20:01 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 02:37 . 2011-07-13 18:52 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:35 . 2011-06-29 19:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-21_13.35.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-10 15:29 . 2011-08-22 04:28 11310 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-08-22 04:28 40616 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-10 14:21 . 2011-08-21 12:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 14:21 . 2011-08-21 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 14:21 . 2011-08-21 12:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 14:21 . 2011-08-21 13:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-08-21 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-08-21 12:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 14:30 . 2011-08-22 04:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-08-21 19:23 85672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 14:30 . 2011-08-22 04:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-10 14:30 . 2011-08-22 04:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-21 12:08 . 2011-08-22 04:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-21 12:08 . 2011-08-21 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-21 12:09 . 2011-08-22 04:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-21 12:09 . 2011-08-21 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-27 19:51 . 2011-08-21 13:50 2732 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2010-12-10 14:36 . 2011-08-22 04:28 3610 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3624773248-1018097710-84256828-1000_UserData.bin
+ 2011-08-22 04:25 . 2011-08-22 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-20 16:42 . 2011-08-21 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-22 04:25 . 2011-08-22 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-20 16:42 . 2011-08-21 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-08-22 04:33 622192 c:\windows\System32\perfh009.dat
+ 2009-07-14 08:44 . 2011-08-22 04:33 645584 c:\windows\System32\perfh005.dat
+ 2009-07-14 02:05 . 2011-08-22 04:33 111280 c:\windows\System32\perfc009.dat
+ 2009-07-14 08:44 . 2011-08-22 04:33 126924 c:\windows\System32\perfc005.dat
+ 2011-08-21 19:42 . 2011-08-21 19:42 243360 c:\windows\System32\Macromed\Flash\FlashUtil10v_Plugin.exe
- 2009-07-14 04:47 . 2011-08-18 15:17 275572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-08-21 19:53 275572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-08-21 19:32 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-08-17 23:58 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-12-27 20:21 . 2011-08-21 19:42 6277280 c:\windows\System32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-12-05 11:30 2295072 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R1 MpKsl10391a54;MpKsl10391a54;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl10391a54.sys [x]
R1 MpKsl31a21a90;MpKsl31a21a90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl31a21a90.sys [2011-08-17 28752]
R1 MpKsl7e3a93bf;MpKsl7e3a93bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl7e3a93bf.sys [2011-08-21 28752]
R1 MpKslc20dccc0;MpKslc20dccc0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKslc20dccc0.sys [2011-08-17 28752]
R1 MpKsle3ec944b;MpKsle3ec944b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsle3ec944b.sys [2011-08-21 28752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ntrigserv;ntrigserv;c:\program files\N-trig\N-trig Software Bundle\srvany.exe [2009-07-13 13312]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2008-07-27 5632]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2009-06-03 44544]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-20 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 11:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 192.168.10.205:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - {71F1BA92-1F94-40F6-B90B-1FCB61C17E8D} - c:\program files\Microton 2006\Eurotran\etran_i.dll
IE: {{9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - {6C7FB4BA-53BF-4e0f-8A53-1DA8770264F5} - c:\program files\Microton 2006\Lexie\lexie.dll
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\d7o6tc81.default\
FF - prefs.js: network.proxy.ftp - 192.168.10.205
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.10.205
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.10.205
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.10.205
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.10.205
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-22 06:53:06
ComboFix-quarantined-files.txt 2011-08-22 04:53
ComboFix2.txt 2011-08-21 13:43
.
Před spuštěním: Volných bajtů: 13 263 183 872
Po spuštění: Volných bajtů: 13 261 262 848
.
- - End Of File - - 2E3D2346330BCCB279131D5C73E7946F
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Win7 Prof - po startu jede disk na plno a dale nic
Máš tam dva antiviry , MSE a Avast , jeden odinstaluj a udělej potom znovu nový sken Combofixem.
+
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
+
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Win7 Prof - po startu jede disk na plno a dale nic
Log z CrystalDiskInfo:
----------------------------------------------------------------------------
CrystalDiskInfo 4.0.2 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 [6.1 Build 7600] (x86)
Date : 2011/08/22 10:29:33
-- Controller Map ----------------------------------------------------------
- ATA Channel 1 (1) [ATA]
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- SAMSUNG HS122JC ATA Device
- ATA Channel 1 (1)
+ Virtual CloneDrive [SCSI]
- ELBY CLONEDRIVE SCSI CdRom Device
-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HS122JC : 120.0 GB [0-0-0, pd1]
----------------------------------------------------------------------------
(1) SAMSUNG HS122JC
----------------------------------------------------------------------------
Model : SAMSUNG HS122JC
Firmware : GQ100-01
Serial Number : S18GJ16Q720213
Disk Size : 120.0 GB (8.4/120.0/----)
Buffer Size : 7986 KB
Queue Depth : 1
# of Sectors : 234441648
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-6 T13 1410D version 1
Transfer Mode : Ultra DMA/100
Power On Hours : 1189 hod.
Power On Count : 865 krát
Temparature : 36 C (96 F)
Health Status : Špatný
Features : S.M.A.R.T., APM, AAM
APM Level : 0080h [ON]
AAM Level : FE80h [ON]
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _35 _35 _51 000000004138 Počet chyb čtení
03 _92 _63 _25 0000000008BA Čas na roztočení ploten
04 _86 _86 __0 000000022B0D Počet spuštění/zastavení
05 _13 _13 _10 00000000021A Počet přemapovaných sektorů
09 100 100 __0 0000000004A5 Hodin v činnosti
0C 100 100 __0 000000000361 Počet cyklů zapnutí zařízení
BF _97 _97 __0 000000008181 Počet udalostí zaznamenaných otřesovým senzorem
C0 _97 _97 __0 000000000D1B Počet vypnutí disku
C2 130 _49 __0 003F000F0024 Teplota
C4 100 100 __0 00000000049C Počet udalostí s číslem realokování sektorů
C5 _45 _45 __0 000008F30FD5 Počet podezřelých sektorů
C6 _89 _89 __0 000001DD9AC8 Počet neopravitelných sektorů
C7 _96 _96 __0 000000AF4B22 Počet chyb v kontrolním součtu UltraDMA
C8 _94 _94 __0 0000011DA0C4 Počet chyb při zápisu sektorů
-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 04 5A 3F FF C8 37 00 10 88 56 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 53 31 38 47 4A 31
020: 36 51 37 32 30 32 31 33 00 03 3E 64 00 04 47 51
030: 31 30 30 2D 30 31 53 41 4D 53 55 4E 47 20 48 53
040: 31 32 32 4A 43 20 00 00 00 00 00 00 00 00 00 00
050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 08 4B B0 0D F9 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0A0: 00 FE 00 1C 34 6B 5B 09 60 23 34 69 1A 09 60 23
0B0: 20 3F 00 50 00 50 00 80 FF FE 69 01 FE 80 00 00
0C0: 00 00 00 00 00 00 00 00 4B B0 0D F9 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 FF FF 02 00 5F 02 00 00
120: 00 00 EC 00 03 00 22 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 AF A5
Log z ComboFixu
ComboFix 11-08-21.01 - a 22.08.2011 10:34:07.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2814.1881 [GMT 2:00]
Spuštěný z: c:\users\a\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 08:47 . 2011-08-22 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 08:47 . 2011-08-22 08:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-22 08:29 . 2011-08-22 08:29 -------- d-----w- c:\program files\CrystalDiskInfo
2011-08-22 07:32 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{492288BE-1905-4759-8EFE-1532124757DC}\mpengine.dll
2011-08-22 07:27 . 2011-08-22 07:27 -------- d-----w- c:\program files\Elaborate Bytes
2011-08-21 19:42 . 2011-08-21 19:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-21 19:38 . 2011-08-21 19:38 -------- d-----w- C:\found.006
2011-08-21 11:54 . 2011-08-21 11:54 -------- d-----w- C:\found.005
2011-08-21 11:49 . 2011-08-21 11:49 -------- d-----w- C:\found.004
2011-08-21 11:43 . 2011-08-21 11:43 -------- d-----w- C:\found.003
2011-08-21 11:38 . 2011-08-21 11:38 -------- d-----w- C:\found.002
2011-08-20 16:01 . 2011-08-22 08:16 -------- d-----w- c:\programdata\AVAST Software
2011-08-20 16:01 . 2011-08-20 16:01 -------- d-----w- c:\program files\AVAST Software
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\users\a\AppData\Roaming\Malwarebytes
2011-08-20 15:21 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\programdata\Malwarebytes
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-20 15:21 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 15:17 . 2011-08-20 15:17 -------- d-----w- c:\program files\CCleaner
2011-08-19 16:09 . 2011-08-19 16:09 -------- d-----w- C:\found.001
2011-08-17 22:23 . 2011-08-17 22:23 -------- d-----w- C:\found.000
2011-08-17 07:39 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-14 17:42 . 2011-01-27 13:46 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E98C368C-D07B-4F25-9DFA-240321BF3A06}\gapaengine.dll
2011-08-10 17:31 . 2011-08-10 17:31 -------- d-----w- c:\users\a\AppData\Local\Mozilla
2011-08-09 20:33 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 20:33 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 20:31 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-09 20:31 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-09 20:31 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-09 20:31 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-09 07:14 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-28 20:02 . 2011-08-20 15:19 -------- d-----w- c:\users\a\AppData\Roaming\Skype
2011-07-28 20:01 . 2011-07-28 20:02 -------- d-----r- c:\program files\Skype
2011-07-28 20:01 . 2011-07-28 20:01 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 02:37 . 2011-07-13 18:52 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:35 . 2011-06-29 19:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-21_13.35.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-10 15:29 . 2011-08-22 08:21 16358 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-08-22 08:28 41158 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-01 11:15 . 2011-08-22 07:35 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
- 2011-01-01 11:15 . 2011-08-17 20:15 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2011-03-07 02:08 . 2011-03-07 02:08 93552 c:\windows\System32\ElbyCDIO.dll
- 2009-07-14 04:50 . 2011-07-15 13:49 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2011-08-22 07:28 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2011-01-15 16:20 . 2011-01-15 16:20 30208 c:\windows\System32\DriverStore\FileRepository\vclone.inf_x86_neutral_90052917d000700d\Vista32\VClone.sys
+ 2011-01-15 16:20 . 2011-01-15 16:20 30208 c:\windows\System32\drivers\VClone.sys
+ 2010-12-16 22:57 . 2010-12-16 22:57 31088 c:\windows\System32\drivers\ElbyCDIO.sys
- 2010-12-10 14:21 . 2011-08-21 12:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 14:21 . 2011-08-22 08:29 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 14:21 . 2011-08-21 12:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 14:21 . 2011-08-22 08:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-08-21 12:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-08-22 08:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-10 14:30 . 2011-08-22 08:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-08-21 19:23 85672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-10 14:30 . 2011-08-22 08:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 14:30 . 2011-08-22 08:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-21 12:08 . 2011-08-21 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-21 12:08 . 2011-08-22 08:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-21 12:09 . 2011-08-21 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-21 12:09 . 2011-08-22 08:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-27 19:51 . 2011-08-21 13:50 2732 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2010-12-10 14:36 . 2011-08-22 08:28 4186 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3624773248-1018097710-84256828-1000_UserData.bin
+ 2011-08-22 04:54 . 2011-08-22 04:54 9560 c:\windows\System32\NetworkList\Icons\{A40AAA9F-B4B5-42C4-AB9B-1553580C20B5}_48.bin
+ 2011-08-22 04:54 . 2011-08-22 04:54 4280 c:\windows\System32\NetworkList\Icons\{A40AAA9F-B4B5-42C4-AB9B-1553580C20B5}_32.bin
+ 2011-08-22 04:54 . 2011-08-22 04:54 2456 c:\windows\System32\NetworkList\Icons\{A40AAA9F-B4B5-42C4-AB9B-1553580C20B5}_24.bin
+ 2011-08-22 08:18 . 2011-08-22 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-20 16:42 . 2011-08-21 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-22 08:18 . 2011-08-22 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-20 16:42 . 2011-08-21 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-08-22 08:30 622192 c:\windows\System32\perfh009.dat
+ 2009-07-14 08:44 . 2011-08-22 08:30 645584 c:\windows\System32\perfh005.dat
+ 2009-07-14 02:05 . 2011-08-22 08:30 111280 c:\windows\System32\perfc009.dat
+ 2009-07-14 08:44 . 2011-08-22 08:30 126924 c:\windows\System32\perfc005.dat
+ 2011-08-21 19:42 . 2011-08-21 19:42 243360 c:\windows\System32\Macromed\Flash\FlashUtil10v_Plugin.exe
+ 2011-03-07 00:52 . 2011-03-07 00:52 134512 c:\windows\System32\ElbyVCD.dll
- 2009-07-14 04:50 . 2011-07-15 13:49 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2011-08-22 07:28 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2011-08-22 07:28 143360 c:\windows\System32\DriverStore\infstor.dat
- 2009-07-14 04:50 . 2011-07-15 13:49 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:47 . 2011-08-22 07:41 275572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-08-18 15:17 275572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-08-21 19:32 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-08-17 23:58 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-12-27 20:21 . 2011-08-21 19:42 6277280 c:\windows\System32\Macromed\Flash\NPSWF32.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-12-05 11:30 2295072 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R1 MpKsl10391a54;MpKsl10391a54;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl10391a54.sys [x]
R1 MpKsl31a21a90;MpKsl31a21a90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl31a21a90.sys [x]
R1 MpKsl7e3a93bf;MpKsl7e3a93bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl7e3a93bf.sys [x]
R1 MpKsl9cb86668;MpKsl9cb86668;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{492288BE-1905-4759-8EFE-1532124757DC}\MpKsl9cb86668.sys [2011-08-22 28752]
R1 MpKslc20dccc0;MpKslc20dccc0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKslc20dccc0.sys [x]
R1 MpKsle3ec944b;MpKsle3ec944b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsle3ec944b.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ntrigserv;ntrigserv;c:\program files\N-trig\N-trig Software Bundle\srvany.exe [2009-07-13 13312]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2008-07-27 5632]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2009-06-03 44544]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-20 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 11:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 192.168.10.205:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - {71F1BA92-1F94-40F6-B90B-1FCB61C17E8D} - c:\program files\Microton 2006\Eurotran\etran_i.dll
IE: {{9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - {6C7FB4BA-53BF-4e0f-8A53-1DA8770264F5} - c:\program files\Microton 2006\Lexie\lexie.dll
TCP: DhcpNameServer = 172.16.22.209 172.16.21.254
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\d7o6tc81.default\
FF - prefs.js: network.proxy.ftp - 192.168.10.205
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.10.205
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.10.205
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.10.205
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.10.205
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-22 10:55:52
ComboFix-quarantined-files.txt 2011-08-22 08:55
ComboFix2.txt 2011-08-22 04:53
ComboFix3.txt 2011-08-21 13:43
.
Před spuštěním: Volných bajtů: 13 431 271 424
Po spuštění: Volných bajtů: 13 236 883 456
.
- - End Of File - - B77D01BA179774A172259E7CB6C549E2
----------------------------------------------------------------------------
CrystalDiskInfo 4.0.2 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 [6.1 Build 7600] (x86)
Date : 2011/08/22 10:29:33
-- Controller Map ----------------------------------------------------------
- ATA Channel 1 (1) [ATA]
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- SAMSUNG HS122JC ATA Device
- ATA Channel 1 (1)
+ Virtual CloneDrive [SCSI]
- ELBY CLONEDRIVE SCSI CdRom Device
-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HS122JC : 120.0 GB [0-0-0, pd1]
----------------------------------------------------------------------------
(1) SAMSUNG HS122JC
----------------------------------------------------------------------------
Model : SAMSUNG HS122JC
Firmware : GQ100-01
Serial Number : S18GJ16Q720213
Disk Size : 120.0 GB (8.4/120.0/----)
Buffer Size : 7986 KB
Queue Depth : 1
# of Sectors : 234441648
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-6 T13 1410D version 1
Transfer Mode : Ultra DMA/100
Power On Hours : 1189 hod.
Power On Count : 865 krát
Temparature : 36 C (96 F)
Health Status : Špatný
Features : S.M.A.R.T., APM, AAM
APM Level : 0080h [ON]
AAM Level : FE80h [ON]
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _35 _35 _51 000000004138 Počet chyb čtení
03 _92 _63 _25 0000000008BA Čas na roztočení ploten
04 _86 _86 __0 000000022B0D Počet spuštění/zastavení
05 _13 _13 _10 00000000021A Počet přemapovaných sektorů
09 100 100 __0 0000000004A5 Hodin v činnosti
0C 100 100 __0 000000000361 Počet cyklů zapnutí zařízení
BF _97 _97 __0 000000008181 Počet udalostí zaznamenaných otřesovým senzorem
C0 _97 _97 __0 000000000D1B Počet vypnutí disku
C2 130 _49 __0 003F000F0024 Teplota
C4 100 100 __0 00000000049C Počet udalostí s číslem realokování sektorů
C5 _45 _45 __0 000008F30FD5 Počet podezřelých sektorů
C6 _89 _89 __0 000001DD9AC8 Počet neopravitelných sektorů
C7 _96 _96 __0 000000AF4B22 Počet chyb v kontrolním součtu UltraDMA
C8 _94 _94 __0 0000011DA0C4 Počet chyb při zápisu sektorů
-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 04 5A 3F FF C8 37 00 10 88 56 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 53 31 38 47 4A 31
020: 36 51 37 32 30 32 31 33 00 03 3E 64 00 04 47 51
030: 31 30 30 2D 30 31 53 41 4D 53 55 4E 47 20 48 53
040: 31 32 32 4A 43 20 00 00 00 00 00 00 00 00 00 00
050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 08 4B B0 0D F9 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0A0: 00 FE 00 1C 34 6B 5B 09 60 23 34 69 1A 09 60 23
0B0: 20 3F 00 50 00 50 00 80 FF FE 69 01 FE 80 00 00
0C0: 00 00 00 00 00 00 00 00 4B B0 0D F9 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 FF FF 02 00 5F 02 00 00
120: 00 00 EC 00 03 00 22 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 AF A5
Log z ComboFixu
ComboFix 11-08-21.01 - a 22.08.2011 10:34:07.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2814.1881 [GMT 2:00]
Spuštěný z: c:\users\a\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 08:47 . 2011-08-22 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 08:47 . 2011-08-22 08:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-22 08:29 . 2011-08-22 08:29 -------- d-----w- c:\program files\CrystalDiskInfo
2011-08-22 07:32 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{492288BE-1905-4759-8EFE-1532124757DC}\mpengine.dll
2011-08-22 07:27 . 2011-08-22 07:27 -------- d-----w- c:\program files\Elaborate Bytes
2011-08-21 19:42 . 2011-08-21 19:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-21 19:38 . 2011-08-21 19:38 -------- d-----w- C:\found.006
2011-08-21 11:54 . 2011-08-21 11:54 -------- d-----w- C:\found.005
2011-08-21 11:49 . 2011-08-21 11:49 -------- d-----w- C:\found.004
2011-08-21 11:43 . 2011-08-21 11:43 -------- d-----w- C:\found.003
2011-08-21 11:38 . 2011-08-21 11:38 -------- d-----w- C:\found.002
2011-08-20 16:01 . 2011-08-22 08:16 -------- d-----w- c:\programdata\AVAST Software
2011-08-20 16:01 . 2011-08-20 16:01 -------- d-----w- c:\program files\AVAST Software
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\users\a\AppData\Roaming\Malwarebytes
2011-08-20 15:21 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\programdata\Malwarebytes
2011-08-20 15:21 . 2011-08-20 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-20 15:21 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 15:17 . 2011-08-20 15:17 -------- d-----w- c:\program files\CCleaner
2011-08-19 16:09 . 2011-08-19 16:09 -------- d-----w- C:\found.001
2011-08-17 22:23 . 2011-08-17 22:23 -------- d-----w- C:\found.000
2011-08-17 07:39 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-14 17:42 . 2011-01-27 13:46 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E98C368C-D07B-4F25-9DFA-240321BF3A06}\gapaengine.dll
2011-08-10 17:31 . 2011-08-10 17:31 -------- d-----w- c:\users\a\AppData\Local\Mozilla
2011-08-09 20:33 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 20:33 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 20:31 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-09 20:31 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-09 20:31 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-09 20:31 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-09 07:14 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-28 20:02 . 2011-08-20 15:19 -------- d-----w- c:\users\a\AppData\Roaming\Skype
2011-07-28 20:01 . 2011-07-28 20:02 -------- d-----r- c:\program files\Skype
2011-07-28 20:01 . 2011-07-28 20:01 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 02:37 . 2011-07-13 18:52 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:35 . 2011-06-29 19:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-21_13.35.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-10 15:29 . 2011-08-22 08:21 16358 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-08-22 08:28 41158 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-01 11:15 . 2011-08-22 07:35 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
- 2011-01-01 11:15 . 2011-08-17 20:15 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2011-03-07 02:08 . 2011-03-07 02:08 93552 c:\windows\System32\ElbyCDIO.dll
- 2009-07-14 04:50 . 2011-07-15 13:49 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2011-08-22 07:28 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2011-01-15 16:20 . 2011-01-15 16:20 30208 c:\windows\System32\DriverStore\FileRepository\vclone.inf_x86_neutral_90052917d000700d\Vista32\VClone.sys
+ 2011-01-15 16:20 . 2011-01-15 16:20 30208 c:\windows\System32\drivers\VClone.sys
+ 2010-12-16 22:57 . 2010-12-16 22:57 31088 c:\windows\System32\drivers\ElbyCDIO.sys
- 2010-12-10 14:21 . 2011-08-21 12:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-10 14:21 . 2011-08-22 08:29 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 14:21 . 2011-08-21 12:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 14:21 . 2011-08-22 08:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-08-21 12:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-08-22 08:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-10 14:30 . 2011-08-22 08:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-08-21 19:23 85672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-10 14:30 . 2011-08-22 08:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-10 14:30 . 2011-08-22 08:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-10 14:30 . 2011-08-18 15:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-21 12:08 . 2011-08-21 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-21 12:08 . 2011-08-22 08:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-21 12:09 . 2011-08-21 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-21 12:09 . 2011-08-22 08:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-27 19:51 . 2011-08-21 13:50 2732 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2010-12-10 14:36 . 2011-08-22 08:28 4186 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3624773248-1018097710-84256828-1000_UserData.bin
+ 2011-08-22 04:54 . 2011-08-22 04:54 9560 c:\windows\System32\NetworkList\Icons\{A40AAA9F-B4B5-42C4-AB9B-1553580C20B5}_48.bin
+ 2011-08-22 04:54 . 2011-08-22 04:54 4280 c:\windows\System32\NetworkList\Icons\{A40AAA9F-B4B5-42C4-AB9B-1553580C20B5}_32.bin
+ 2011-08-22 04:54 . 2011-08-22 04:54 2456 c:\windows\System32\NetworkList\Icons\{A40AAA9F-B4B5-42C4-AB9B-1553580C20B5}_24.bin
+ 2011-08-22 08:18 . 2011-08-22 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-20 16:42 . 2011-08-21 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-22 08:18 . 2011-08-22 08:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-20 16:42 . 2011-08-21 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-08-22 08:30 622192 c:\windows\System32\perfh009.dat
+ 2009-07-14 08:44 . 2011-08-22 08:30 645584 c:\windows\System32\perfh005.dat
+ 2009-07-14 02:05 . 2011-08-22 08:30 111280 c:\windows\System32\perfc009.dat
+ 2009-07-14 08:44 . 2011-08-22 08:30 126924 c:\windows\System32\perfc005.dat
+ 2011-08-21 19:42 . 2011-08-21 19:42 243360 c:\windows\System32\Macromed\Flash\FlashUtil10v_Plugin.exe
+ 2011-03-07 00:52 . 2011-03-07 00:52 134512 c:\windows\System32\ElbyVCD.dll
- 2009-07-14 04:50 . 2011-07-15 13:49 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2011-08-22 07:28 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2011-08-22 07:28 143360 c:\windows\System32\DriverStore\infstor.dat
- 2009-07-14 04:50 . 2011-07-15 13:49 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:47 . 2011-08-22 07:41 275572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-08-18 15:17 275572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-08-21 19:32 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-08-17 23:58 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-12-27 20:21 . 2011-08-21 19:42 6277280 c:\windows\System32\Macromed\Flash\NPSWF32.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-12-05 11:30 2295072 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R1 MpKsl10391a54;MpKsl10391a54;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl10391a54.sys [x]
R1 MpKsl31a21a90;MpKsl31a21a90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl31a21a90.sys [x]
R1 MpKsl7e3a93bf;MpKsl7e3a93bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsl7e3a93bf.sys [x]
R1 MpKsl9cb86668;MpKsl9cb86668;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{492288BE-1905-4759-8EFE-1532124757DC}\MpKsl9cb86668.sys [2011-08-22 28752]
R1 MpKslc20dccc0;MpKslc20dccc0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKslc20dccc0.sys [x]
R1 MpKsle3ec944b;MpKsle3ec944b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{931A1B4B-B8C8-42B3-9ACF-37AAB184B54C}\MpKsle3ec944b.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ntrigserv;ntrigserv;c:\program files\N-trig\N-trig Software Bundle\srvany.exe [2009-07-13 13312]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2008-07-27 5632]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2009-06-03 44544]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-20 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 11:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 192.168.10.205:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{66566BD7-FF3C-46a8-97AB-A60ECC45BDD2} - {71F1BA92-1F94-40F6-B90B-1FCB61C17E8D} - c:\program files\Microton 2006\Eurotran\etran_i.dll
IE: {{9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - {6C7FB4BA-53BF-4e0f-8A53-1DA8770264F5} - c:\program files\Microton 2006\Lexie\lexie.dll
TCP: DhcpNameServer = 172.16.22.209 172.16.21.254
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\d7o6tc81.default\
FF - prefs.js: network.proxy.ftp - 192.168.10.205
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.10.205
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.10.205
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.10.205
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.10.205
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-22 10:55:52
ComboFix-quarantined-files.txt 2011-08-22 08:55
ComboFix2.txt 2011-08-22 04:53
ComboFix3.txt 2011-08-21 13:43
.
Před spuštěním: Volných bajtů: 13 431 271 424
Po spuštění: Volných bajtů: 13 236 883 456
.
- - End Of File - - B77D01BA179774A172259E7CB6C549E2
Re: Win7 Prof - po startu jede disk na plno a dale nic
Dle logu z CDA - bude mít ještě cenu zachraňovat disk? Nemám raději rovnou zazálohovat data a začít shánět nový disk?
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Win7 Prof - po startu jede disk na plno a dale nic
Máš pravdu, disk už je v posledním tažení. Takže co nejrychleji zazálohovat důležitá data a koupit nový. S tím, že na něj stejně budeš házet nový OS, takže v kontrole nemá cenu dál pokračovat
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 72 hostů