kontrola logu - spomalený net Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
cherry11
Level 2
Level 2
Příspěvky: 157
Registrován: srpen 08
Pohlaví: Žena
Stav:
Offline

kontrola logu - spomalený net

Příspěvekod cherry11 » 11 lis 2011 10:01

prosím o kontrolu logu, pri otváraní stránok často ukáže hlásenie, ža stránka neodpovedá, treba dlhšie čakať, ďakujem


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:25, on 11. 11. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-839522115-1682526488-1343024091-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8134968232
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9254 bytes

Reklama
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod Žbeky » 11 lis 2011 10:14

Odinstaluj ASK a Google toolbar

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8134968232

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Uživatelský avatar
cherry11
Level 2
Level 2
Příspěvky: 157
Registrován: srpen 08
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod cherry11 » 11 lis 2011 10:54

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11. 11. 2011 10:49:10
mbam-log-2011-11-11 (10-49-10).txt

Typ: Rychlá kontrola
Kontrolované objekty: 163770
Uplynulý čas: 5 minut, 13 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod Žbeky » 11 lis 2011 16:13

Jak to vypadá teď?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Uživatelský avatar
cherry11
Level 2
Level 2
Příspěvky: 157
Registrován: srpen 08
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod cherry11 » 11 lis 2011 20:48

pomaly, pomaly, dlho načítava stránky, aj otvára súbory, alebo zložky

Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod Žbeky » 11 lis 2011 23:25

Zkontroluj PIO/DMA

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra

Uživatelský avatar
cherry11
Level 2
Level 2
Příspěvky: 157
Registrován: srpen 08
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod cherry11 » 12 lis 2011 22:13

ComboFix 11-11-12.04 - Mirec . 11. 2011 21:44:11.15.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.189 [GMT 1:00]
Running from: c:\documents and settings\Mirec\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
9999-01-06 05:02 . 9999-01-06 05:02 -------- d-----w- c:\documents and settings\Mirec\Data aplikací\Mikrotik
2011-11-12 19:11 . 2011-11-12 19:11 -------- d-----w- c:\windows\LastGood
2011-11-12 18:59 . 2011-11-12 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-11 11:21 . 2011-11-11 11:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-11 08:53 . 2011-11-11 09:33 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\AskToolbar
2011-11-10 09:36 . 2011-11-10 09:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-10 08:40 . 2011-11-10 08:52 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-11-10 08:15 . 2011-11-10 08:15 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\PackageAware
2011-11-06 19:46 . 2011-11-10 14:03 -------- d-----w- c:\documents and settings\Mirec\Data aplikací\PriceGong
2011-11-02 19:51 . 2011-11-02 19:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-29 16:47 . 2011-10-29 16:47 -------- d-----w- c:\program files\Conduit
2011-10-29 16:46 . 2011-11-11 08:54 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\Conduit
2011-10-29 16:45 . 2011-10-29 16:53 -------- d-----w- C:\games
2011-10-25 12:08 . 2011-10-25 12:08 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 07:21 . 2011-08-11 08:16 4546 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-10 14:22 . 2010-01-19 16:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06 . 2011-01-06 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-07-30 05:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:06 . 2011-09-26 06:06 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-09-24 06:54 . 2011-05-17 07:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32(3).dll
2011-09-06 20:45 . 2011-07-29 11:39 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-07-29 11:39 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-29 11:39 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-07-29 11:39 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-07-29 11:39 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-07-29 11:39 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-07-29 11:39 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-07-29 11:39 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-07-29 11:39 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-07-29 11:39 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-03 14:25 . 2011-07-27 13:41 625984 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-12 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-10-09 180224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Microsoft Outlook"=c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\VALVe\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16. 2. 2010 12:57 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29. 7. 2011 12:39 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29. 7. 2011 12:39 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [17. 8. 2011 12:00 402328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29. 7. 2011 12:39 20568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [27. 9. 2010 9:44 583640]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [19. 1. 2010 17:39 61312]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19. 1. 2010 19:59 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19. 1. 2010 19:59 135664]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [26. 1. 2011 11:41 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [26. 1. 2011 11:41 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [26. 1. 2011 11:41 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [26. 1. 2011 11:41 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [26. 1. 2011 11:41 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [26. 1. 2011 11:41 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [26. 1. 2011 11:41 123504]
S4 viadsk;viadsk;c:\windows\system32\drivers\VIADSK.SYS [19. 1. 2010 17:35 41952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\Automatická údržba.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2011-08-15 07:59]
.
2011-11-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-20 12:08]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 18:59]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 18:59]
.
2011-11-12 c:\windows\Tasks\User_Feed_Synchronization-{1121F0DF-66A0-4FC9-A0E4-80519B9EBF7D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-11-12 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2011-11-10 11:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1682526488-1343024091-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-11-12 22:05:40
ComboFix-quarantined-files.txt 2011-11-12 21:05
.
Pre-Run: Volných bajtů: 11 886 985 216
Post-Run: Volných bajtů: 12 012 646 400
.
- - End Of File - - 4276E385A75D276F8D41819E47A20555

Uživatelský avatar
cherry11
Level 2
Level 2
Příspěvky: 157
Registrován: srpen 08
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod cherry11 » 12 lis 2011 22:24

Režim prenosu je DMA

Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod memphisto » 13 lis 2011 12:06

Máš i docela málo místa na systémovém disku

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\Spybot - Search & Destroy
c:\documents and settings\Mirec\Local Settings\Data aplikací\AskToolbar
c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
c:\documents and settings\Mirec\Data aplikací\PriceGong
c:\program files\Conduit
c:\documents and settings\Mirec\Local Settings\Data aplikací\Conduit

File::
c:\windows\system32\ConduitEngine.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji

Uživatelský avatar
cherry11
Level 2
Level 2
Příspěvky: 157
Registrován: srpen 08
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod cherry11 » 13 lis 2011 13:35

ComboFix 11-11-13.01 - Mirec . 11. 2011 13:05:16.17.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.197 [GMT 1:00]
Running from: c:\documents and settings\Mirec\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Mirec\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\aports.dll
c:\program files\Spybot - Search & Destroy\BBBPQMHNA.scr
c:\program files\Spybot - Search & Destroy\blindman.exe
c:\program files\Spybot - Search & Destroy\Default configuration.ini
c:\program files\Spybot - Search & Destroy\DelZip179.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.dap.gif
c:\program files\Spybot - Search & Destroy\Dummies\dummy.data.xml
c:\program files\Spybot - Search & Destroy\Dummies\dummy.default.gif
c:\program files\Spybot - Search & Destroy\Dummies\dummy.related.htm
c:\program files\Spybot - Search & Destroy\Help\Brasil.license.txt
c:\program files\Spybot - Search & Destroy\Help\Cesky.license.txt
c:\program files\Spybot - Search & Destroy\Help\Deutsch.license.txt
c:\program files\Spybot - Search & Destroy\Help\English.chm
c:\program files\Spybot - Search & Destroy\Help\English.license.txt
c:\program files\Spybot - Search & Destroy\Help\Espanol.license.txt
c:\program files\Spybot - Search & Destroy\Help\Francais.license.txt
c:\program files\Spybot - Search & Destroy\Help\Hellenic.license.txt
c:\program files\Spybot - Search & Destroy\Help\Italiano.license.txt
c:\program files\Spybot - Search & Destroy\Help\Japanese.license.ansi.txt
c:\program files\Spybot - Search & Destroy\Help\Japanese.license.txt
c:\program files\Spybot - Search & Destroy\Help\Korean.license.txt
c:\program files\Spybot - Search & Destroy\Help\Nederlands.license.txt
c:\program files\Spybot - Search & Destroy\Help\Polski.license.txt
c:\program files\Spybot - Search & Destroy\Help\Russkiy.license.txt
c:\program files\Spybot - Search & Destroy\Help\Slovensky.license.txt
c:\program files\Spybot - Search & Destroy\Help\Srpski.license.txt
c:\program files\Spybot - Search & Destroy\Help\Suomi.license.txt
c:\program files\Spybot - Search & Destroy\IITPQX.scr
c:\program files\Spybot - Search & Destroy\Includes\Adware.sbi
c:\program files\Spybot - Search & Destroy\Includes\AdwareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Browserpages.sbs
c:\program files\Spybot - Search & Destroy\Includes\CLSIDs.sbs
c:\program files\Spybot - Search & Destroy\Includes\Cookies.sbi
c:\program files\Spybot - Search & Destroy\Includes\Cookies.sbs
c:\program files\Spybot - Search & Destroy\Includes\Dialer.sbi
c:\program files\Spybot - Search & Destroy\Includes\Dialer.sbs
c:\program files\Spybot - Search & Destroy\Includes\DialerC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Domains.sbs
c:\program files\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
c:\program files\Spybot - Search & Destroy\Includes\Hijackers.sbi
c:\program files\Spybot - Search & Destroy\Includes\HijackersC.sbi
c:\program files\Spybot - Search & Destroy\Includes\iPhone.sbi
c:\program files\Spybot - Search & Destroy\Includes\Keyloggers.sbi
c:\program files\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Logs.uts
c:\program files\Spybot - Search & Destroy\Includes\LSP.sbi
c:\program files\Spybot - Search & Destroy\Includes\LSP.sbs
c:\program files\Spybot - Search & Destroy\Includes\Malware.sbi
c:\program files\Spybot - Search & Destroy\Includes\MalwareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
c:\program files\Spybot - Search & Destroy\Includes\ProcWatch.sbs
c:\program files\Spybot - Search & Destroy\Includes\PUPS.sbi
c:\program files\Spybot - Search & Destroy\Includes\PUPSC.sbi
c:\program files\Spybot - Search & Destroy\Includes\RegWatch.sbs
c:\program files\Spybot - Search & Destroy\Includes\RegXLinks.sbs
c:\program files\Spybot - Search & Destroy\Includes\Revision.sbi
c:\program files\Spybot - Search & Destroy\Includes\Revision.sbs
c:\program files\Spybot - Search & Destroy\Includes\Searchpages.sbs
c:\program files\Spybot - Search & Destroy\Includes\Security.sbi
c:\program files\Spybot - Search & Destroy\Includes\SecurityC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Services.sbs
c:\program files\Spybot - Search & Destroy\Includes\Spybots.sbi
c:\program files\Spybot - Search & Destroy\Includes\SpybotsC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Spyware.sbi
c:\program files\Spybot - Search & Destroy\Includes\SpywareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Startup.tnfo
c:\program files\Spybot - Search & Destroy\Includes\Targets.nfo
c:\program files\Spybot - Search & Destroy\Includes\Tracks.uti
c:\program files\Spybot - Search & Destroy\Includes\Trojans.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-02.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-03.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-04.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-05.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC.sbi
c:\program files\Spybot - Search & Destroy\Includes\TTLASSH.sbs
c:\program files\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
c:\program files\Spybot - Search & Destroy\Includes\X509White.sbs
c:\program files\Spybot - Search & Destroy\Languages\Afrikaans.sbl
c:\program files\Spybot - Search & Destroy\Languages\Arabic.sbl
c:\program files\Spybot - Search & Destroy\Languages\Azeri.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bahasa Indonesia.sbl
c:\program files\Spybot - Search & Destroy\Languages\Belarusskiy.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bosanski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Brasil.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bulgarski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Catalan.sbl
c:\program files\Spybot - Search & Destroy\Languages\Cesky.sbl
c:\program files\Spybot - Search & Destroy\Languages\Dansk.sbl
c:\program files\Spybot - Search & Destroy\Languages\Deutsch.sbl
c:\program files\Spybot - Search & Destroy\Languages\Eesti.sbl
c:\program files\Spybot - Search & Destroy\Languages\English.sbl
c:\program files\Spybot - Search & Destroy\Languages\Espanol.sbl
c:\program files\Spybot - Search & Destroy\Languages\Esperanto.sbl
c:\program files\Spybot - Search & Destroy\Languages\Euskera.sbl
c:\program files\Spybot - Search & Destroy\Languages\Farsi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Francais.sbl
c:\program files\Spybot - Search & Destroy\Languages\Furlan.sbl
c:\program files\Spybot - Search & Destroy\Languages\Galego.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hebrew.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hellenic.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hindi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hrvatski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
c:\program files\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
c:\program files\Spybot - Search & Destroy\Languages\Islenska.sbl
c:\program files\Spybot - Search & Destroy\Languages\Italiano.sbl
c:\program files\Spybot - Search & Destroy\Languages\Japanese.sbl
c:\program files\Spybot - Search & Destroy\Languages\Korean.sbl
c:\program files\Spybot - Search & Destroy\Languages\Latvian.sbl
c:\program files\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
c:\program files\Spybot - Search & Destroy\Languages\Lietuviu.sbl
c:\program files\Spybot - Search & Destroy\Languages\Magyar.sbl
c:\program files\Spybot - Search & Destroy\Languages\Makedonski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Melayu.sbl
c:\program files\Spybot - Search & Destroy\Languages\Nederlands.sbl
c:\program files\Spybot - Search & Destroy\Languages\Norsk.sbl
c:\program files\Spybot - Search & Destroy\Languages\Polski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Portugues.sbl
c:\program files\Spybot - Search & Destroy\Languages\Romaneste.sbl
c:\program files\Spybot - Search & Destroy\Languages\Russkiy.sbl
c:\program files\Spybot - Search & Destroy\Languages\Shqip.sbl
c:\program files\Spybot - Search & Destroy\Languages\Slovenscina.sbl
c:\program files\Spybot - Search & Destroy\Languages\Slovensky.sbl
c:\program files\Spybot - Search & Destroy\Languages\Srpski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Suomi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Svenska.sbl
c:\program files\Spybot - Search & Destroy\Languages\Thai.sbl
c:\program files\Spybot - Search & Destroy\Languages\Turkce.sbl
c:\program files\Spybot - Search & Destroy\Languages\Ukrainian.sbl
c:\program files\Spybot - Search & Destroy\Languages\Uzbek.sbl
c:\program files\Spybot - Search & Destroy\messages.zres
c:\program files\Spybot - Search & Destroy\OptOut.ini
c:\program files\Spybot - Search & Destroy\Plugins\Fennel.dll
c:\program files\Spybot - Search & Destroy\Plugins\Chai.dll
c:\program files\Spybot - Search & Destroy\Plugins\Mate.dll
c:\program files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files\Spybot - Search & Destroy\QXGJYNZGYGDNJ.scr
c:\program files\Spybot - Search & Destroy\SDFiles.exe
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Spybot - Search & Destroy\SDMain.exe
c:\program files\Spybot - Search & Destroy\SDUpdate.exe
c:\program files\Spybot - Search & Destroy\Skins\Colorblind.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.jpg
c:\program files\Spybot - Search & Destroy\Skins\Peace.ini
c:\program files\Spybot - Search & Destroy\Skins\Peace.jpg
c:\program files\Spybot - Search & Destroy\SpybotSD.exe
c:\program files\Spybot - Search & Destroy\sqlite3.dll
c:\program files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\Spybot - Search & Destroy\Tools.dll
c:\program files\Spybot - Search & Destroy\unins000.dat
c:\program files\Spybot - Search & Destroy\unins000.exe
c:\program files\Spybot - Search & Destroy\unins000.msg
c:\program files\Spybot - Search & Destroy\UninsSrv.dll
c:\program files\Spybot - Search & Destroy\Update.exe
c:\program files\Spybot - Search & Destroy\Updates\downloaded.ini
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
9999-01-06 05:02 . 9999-01-06 05:02 -------- d-----w- c:\documents and settings\Mirec\Data aplikací\Mikrotik
2011-11-12 18:59 . 2011-11-12 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-11 08:53 . 2011-11-11 09:33 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\AskToolbar
2011-11-10 09:36 . 2011-11-10 09:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-10 08:40 . 2011-11-10 08:52 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-11-10 08:15 . 2011-11-10 08:15 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\PackageAware
2011-11-06 19:46 . 2011-11-10 14:03 -------- d-----w- c:\documents and settings\Mirec\Data aplikací\PriceGong
2011-11-02 19:51 . 2011-11-02 19:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-29 16:46 . 2011-11-11 08:54 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\Conduit
2011-10-29 16:45 . 2011-10-29 16:53 -------- d-----w- C:\games
2011-10-25 12:08 . 2011-10-25 12:08 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 07:21 . 2011-08-11 08:16 4546 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-10 14:22 . 2010-01-19 16:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06 . 2011-01-06 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-07-30 05:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:06 . 2011-09-26 06:06 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-09-24 06:54 . 2011-05-17 07:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32(3).dll
2011-09-06 20:45 . 2011-07-29 11:39 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-07-29 11:39 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-29 11:39 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-07-29 11:39 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-07-29 11:39 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-07-29 11:39 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-07-29 11:39 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-07-29 11:39 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-07-29 11:39 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-07-29 11:39 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-03 14:25 . 2011-07-27 13:41 625984 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-12 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-11-12_20.59.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-13 12:24 . 2011-11-13 12:24 16384 c:\windows\temp\Perflib_Perfdata_d4.dat
+ 2008-04-14 06:51 . 2011-09-28 07:06 602112 c:\windows\system32\dllcache\crypt32.dll
- 2008-04-14 06:51 . 2011-09-09 09:12 602112 c:\windows\system32\dllcache\crypt32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-10-09 180224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Microsoft Outlook"=c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\VALVe\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16. 2. 2010 12:57 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29. 7. 2011 12:39 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29. 7. 2011 12:39 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [17. 8. 2011 12:00 402328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29. 7. 2011 12:39 20568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [27. 9. 2010 9:44 583640]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [19. 1. 2010 17:39 61312]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19. 1. 2010 19:59 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19. 1. 2010 19:59 135664]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [26. 1. 2011 11:41 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [26. 1. 2011 11:41 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [26. 1. 2011 11:41 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [26. 1. 2011 11:41 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [26. 1. 2011 11:41 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [26. 1. 2011 11:41 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [26. 1. 2011 11:41 123504]
S4 viadsk;viadsk;c:\windows\system32\drivers\VIADSK.SYS [19. 1. 2010 17:35 41952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\Automatická údržba.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2011-08-15 07:59]
.
2011-11-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-20 12:08]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 18:59]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 18:59]
.
2011-11-13 c:\windows\Tasks\User_Feed_Synchronization-{1121F0DF-66A0-4FC9-A0E4-80519B9EBF7D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-11-12 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2011-11-10 11:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: DhcpNameServer = 188.120.1.2 188.120.0.122
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1682526488-1343024091-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2232)
c:\program files\UberIcon\UberIcon.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-11-13 13:32:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-13 12:32
ComboFix2.txt 2011-11-12 21:05
.
Pre-Run: Volných bajtů: 11 924 213 760
Post-Run: Volných bajtů: 11 865 681 920
.
- - End Of File - - C6932FC2E106F763F04A33FAA5E1702B

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod jaro3 » 13 lis 2011 17:45

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\ConduitEngine.tmp
c:\program files\Common Files\ZugoInstaller.exe

Foder::
c:\documents and settings\Mirec\Local Settings\Data aplikací\AskToolbar


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
cherry11
Level 2
Level 2
Příspěvky: 157
Registrován: srpen 08
Pohlaví: Žena
Stav:
Offline

Re: kontrola logu - spomalený net

Příspěvekod cherry11 » 14 lis 2011 08:21

ComboFix 11-11-13.03 - Mirec . 11. 2011 7:34.18.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.126 [GMT 1:00]
Running from: c:\documents and settings\Mirec\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Mirec\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
FILE ::
"c:\program files\Common Files\ZugoInstaller.exe"
"c:\windows\system32\ConduitEngine.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
9999-01-06 05:02 . 9999-01-06 05:02 -------- d-----w- c:\documents and settings\Mirec\Data aplikací\Mikrotik
2011-11-12 18:59 . 2011-11-12 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-11 08:53 . 2011-11-11 09:33 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\AskToolbar
2011-11-10 09:36 . 2011-11-10 09:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-11-10 08:40 . 2011-11-10 08:52 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-11-10 08:15 . 2011-11-10 08:15 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\PackageAware
2011-11-06 19:46 . 2011-11-10 14:03 -------- d-----w- c:\documents and settings\Mirec\Data aplikací\PriceGong
2011-11-02 19:51 . 2011-11-02 19:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-29 16:46 . 2011-11-11 08:54 -------- d-----w- c:\documents and settings\Mirec\Local Settings\Data aplikací\Conduit
2011-10-29 16:45 . 2011-10-29 16:53 -------- d-----w- C:\games
2011-10-25 12:08 . 2011-10-25 12:08 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 07:21 . 2011-08-11 08:16 4546 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-10 14:22 . 2010-01-19 16:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06 . 2011-01-06 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-07-30 05:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:06 . 2011-09-26 06:06 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2011-09-24 06:54 . 2011-05-17 07:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32(3).dll
2011-09-06 20:45 . 2011-07-29 11:39 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-07-29 11:39 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-29 11:39 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-07-29 11:39 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-07-29 11:39 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-07-29 11:39 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-07-29 11:39 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-07-29 11:39 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-07-29 11:39 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-07-29 11:39 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 05:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-03 14:25 . 2011-07-27 13:41 625984 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-12 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-11-12_20.59.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-14 06:50 . 2011-11-14 06:50 16384 c:\windows\temp\Perflib_Perfdata_160.dat
+ 2008-04-14 06:51 . 2011-09-28 07:06 602112 c:\windows\system32\dllcache\crypt32.dll
- 2008-04-14 06:51 . 2011-09-09 09:12 602112 c:\windows\system32\dllcache\crypt32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-10-09 180224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Microsoft Outlook"=c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\VALVe\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16. 2. 2010 12:57 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29. 7. 2011 12:39 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29. 7. 2011 12:39 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [17. 8. 2011 12:00 402328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29. 7. 2011 12:39 20568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [27. 9. 2010 9:44 583640]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [19. 1. 2010 17:39 61312]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19. 1. 2010 19:59 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19. 1. 2010 19:59 135664]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [26. 1. 2011 11:41 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [26. 1. 2011 11:41 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [26. 1. 2011 11:41 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [26. 1. 2011 11:41 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [26. 1. 2011 11:41 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [26. 1. 2011 11:41 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [26. 1. 2011 11:41 123504]
S4 viadsk;viadsk;c:\windows\system32\drivers\VIADSK.SYS [19. 1. 2010 17:35 41952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\Automatická údržba.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2011-08-15 07:59]
.
2011-11-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-20 12:08]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 18:59]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 18:59]
.
2011-11-13 c:\windows\Tasks\User_Feed_Synchronization-{1121F0DF-66A0-4FC9-A0E4-80519B9EBF7D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-11-12 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2011-11-10 11:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: DhcpNameServer = 188.120.1.2 188.120.0.122
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-14 07:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1682526488-1343024091-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3336)
c:\program files\UberIcon\UberIcon.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-11-14 07:59:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 06:59
ComboFix2.txt 2011-11-13 12:32
ComboFix3.txt 2011-11-12 21:05
.
Pre-Run: Volných bajtů: 11 709 755 392
Post-Run: Volných bajtů: 11 742 998 528
.
- - End Of File - - 420E84D4E1D4AD04CBF48F7768AA08D0




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:14, on 14. 11. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6653 bytes



Major Version : ATA/ATAPI-6
Minor Version : ----
Transfer Mode : Ultra DMA/100
Power On Hours : 19096 hod.
Power On Count : 2889 krát
Temparature : 33 C (91 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chybných čítaní
03 167 166 _21 000000000A51 Čas na roztočenie platní
04 _98 _98 __0 000000000BAD Počet spustení/zastavení
05 200 200 140 000000000000 Počet premapovaných sektorov
07 200 200 _51 000000000000 Počet chybných vyhľadávaní
09 _74 _74 __0 000000004A98 Počet odpracovaných hodín
0A 100 100 _51 000000000000 Počet opakovaných pokusov o roztočenie platní
0B 100 100 _51 000000000000 Počet pokusov o prekalibrovanie
0C _98 _98 __0 000000000B49 Počet cyklov zapnutia zariadenia
C2 110 _89 __0 000000000021 Teplota
C4 200 200 __0 000000000000 Počet udalostí s cieľom realokovania sektorov
C5 200 200 __0 000000000000 Počet podozrivých sektorov
C6 200 200 __0 000000000000 Počet neopraviteľných sektorov
C7 200 200 __0 000000000000 Počet chýb v kontrolnom súčte UltraDMA
C8 200 200 _51 000000000000 Počet chýb pri zápise sektorov

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 42 7A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 57 44 2D 57 43 41 4D
020: 39 53 31 35 37 39 30 37 00 00 40 00 00 42 30 35
030: 2E 30 31 43 30 35 57 44 43 20 57 44 38 30 30 4A
040: 42 2D 30 30 4A 4A 43 30 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 01 00 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 F8 B0 09 50 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0A0: 00 7E 00 00 34 6B 5B 01 40 03 34 69 18 01 40 03
0B0: 20 3F 00 00 00 00 00 00 FF FE 60 0B 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 00 00 00 00 00 00 00 00 12 53 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 A5


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 73 hostů