čau mam problém, PC mi začalo strašně dlouho načítat po tom když se přihlasim. Projel sem to combofixem a tady je vypis:
ComboFix 09-09-16.01 - Michal 16.09.2009 23:26.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.925 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Michal\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\Installer\504592.msi
c:\windows\Installer\a04ea4d.msp
c:\windows\system32\kr_done1
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Abel
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-16 do 2009-09-16 )))))))))))))))))))))))))))))))
.
2009-09-16 21:35 . 2009-09-16 21:40 -------- d-----w- c:\users\Michal\AppData\Local\temp
2009-09-16 21:35 . 2009-09-16 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-16 14:06 . 2009-09-16 14:06 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-16 14:06 . 2009-09-16 19:46 -------- d-----w- c:\users\Michal\AppData\Roaming\Spyware Terminator
2009-09-16 14:06 . 2009-09-16 21:05 -------- d-----w- c:\programdata\Spyware Terminator
2009-09-16 14:06 . 2009-09-16 21:18 -------- d-----w- c:\program files\Spyware Terminator
2009-09-10 19:52 . 2009-09-10 20:20 -------- d-----w- C:\Vista Manager
2009-09-10 18:12 . 2009-09-10 18:12 -------- d-----w- c:\windows\Speeditup Free
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\ca-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\eu-ES
2009-09-10 17:15 . 2009-09-10 17:17 -------- d-----w- c:\windows\system32\vi-VN
2009-09-10 17:07 . 2009-09-10 17:07 -------- d-----w- c:\windows\system32\SPReview
2009-09-10 16:40 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-09-10 16:40 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-09-10 16:30 . 2009-04-10 21:32 27624 ----a-w- c:\windows\system32\drivers\Dumpata.sys
2009-09-10 16:29 . 2009-04-10 21:32 48104 ----a-w- c:\windows\system32\drivers\mup.sys
2009-09-10 16:28 . 2009-04-10 21:28 199680 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-10 16:27 . 2009-04-10 21:33 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-09-10 16:26 . 2009-04-10 21:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2009-09-10 16:26 . 2009-04-10 21:28 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-09-10 16:26 . 2009-04-10 21:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-09-10 16:26 . 2009-04-10 21:28 615424 ----a-w- c:\windows\system32\themeui.dll
2009-09-10 16:26 . 2009-04-10 21:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2009-09-10 16:26 . 2009-04-10 21:28 270336 ----a-w- c:\windows\system32\taskcomp.dll
2009-09-10 16:26 . 2009-04-10 21:28 242688 ----a-w- c:\windows\system32\tapisrv.dll
2009-09-10 16:26 . 2009-04-10 21:28 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-09-10 16:26 . 2009-04-10 21:28 135168 ----a-w- c:\windows\system32\tcpmon.dll
2009-09-10 16:26 . 2009-04-10 21:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2009-09-10 16:26 . 2009-04-10 21:28 169984 ----a-w- c:\windows\system32\taskeng.exe
2009-09-10 16:26 . 2009-04-10 19:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-09-10 16:23 . 2009-09-10 16:23 -------- d-----w- c:\windows\system32\EventProviders
2009-09-10 05:52 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-10 05:52 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-10 05:52 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-10 05:52 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 05:52 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-10 05:52 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 05:52 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-10 05:52 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-09 13:18 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 13:18 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 13:18 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 13:18 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 13:18 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 13:18 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 13:18 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 13:18 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 13:18 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 13:18 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 13:18 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 13:17 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 13:17 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 13:17 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 13:17 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 13:17 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 13:17 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 13:17 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 13:17 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 13:17 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 13:17 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 13:17 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-08 15:06 . 2009-09-08 15:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-08 15:06 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-08 15:06 . 2008-11-12 14:44 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-09-08 15:06 . 2009-09-08 16:10 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-08 15:05 . 2009-09-08 15:06 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-08 14:59 . 2009-09-08 15:04 -------- d-----w- c:\users\Michal\AppData\Roaming\Smart PC Solutions
2009-09-03 15:01 . 2009-09-03 15:05 -------- d-----w- C:\MyBackup
2009-09-03 15:00 . 2009-09-08 14:56 -------- d-----w- c:\program files\Premium Booster
2009-09-03 13:18 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 13:18 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\programdata\NOS
2009-09-01 13:30 . 2009-09-01 13:30 -------- d-----w- c:\program files\NOS
2009-08-26 23:05 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 13:19 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 19:49 . 2007-01-08 21:09 93610 ----a-w- c:\windows\system32\perfh005.dat
2009-09-16 19:49 . 2007-01-08 21:09 29590 ----a-w- c:\windows\system32\perfc005.dat
2009-09-14 21:06 . 2009-01-15 22:29 -------- d-----w- c:\users\Michal\AppData\Roaming\dvdcss
2009-09-13 20:26 . 2008-09-16 13:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:46 . 2008-08-25 12:29 -------- d-----w- c:\program files\QIP
2009-09-10 21:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-10 20:18 . 2008-08-25 11:39 -------- d-----w- c:\program files\Launch Manager
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-10 17:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-10 17:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-09 14:32 . 2009-03-19 17:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 16:21 . 2007-01-12 01:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 22:26 . 2008-08-25 13:43 -------- d-----w- c:\programdata\Microsoft Help
2009-08-11 14:33 . 2009-08-11 14:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-11 10:59 . 2009-08-11 10:59 -------- d-----w- c:\users\Michal\AppData\Roaming\Mikrotik
2009-08-07 18:23 . 2008-08-25 13:47 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-22 10:12 . 2009-03-23 16:32 680 ----a-w- c:\users\Michal\AppData\Local\d3d9caps.dat
2009-07-21 21:52 . 2009-08-01 19:25 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-01 19:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-01 19:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-01 19:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 20:40 . 2009-07-18 20:40 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-07-17 13:54 . 2009-08-12 16:30 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 16:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 16:29 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 16:29 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 16:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-06-29 18:39 . 2009-06-29 18:39 56 ---ha-w- c:\programdata\ezsidmv.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-16 3055616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-09-16 2171904]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-12 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Google Update"="c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,b0,91,e8,3b,32,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5CE281B3-18EA-4941-8F91-4E5970A7468B}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8350E0F5-E947-4811-87B4-2C185D77422B}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{C00B711B-294D-4C5D-B6AC-4E235FFE206D}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{E51AD13B-ADD4-4B90-B0D7-A071DB9B6424}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{64BAF684-99AB-4BF9-A19C-6D7A086A95C5}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{6908E9A5-B933-4021-9A8B-C799EFF609BA}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{2693818C-AC58-4F6A-8E41-650BBF0D1287}"= UDP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{016D9579-C790-4A4E-937C-A4EE33074A29}"= TCP:c:\programy\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7D4F62B5-AA4B-4E14-ACFA-85E0E4F3ABBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D21FC639-08F0-4196-9093-29D96F5327B6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12ADD5CE-5D20-48C8-A872-4AB3F8BA7BCB}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{91B883A9-39FB-4C43-9690-01C283B5DC4B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2C5961DB-F987-40D1-A2E7-FF62D47E5776}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{C770B252-025E-4990-ABD3-75978FC2C3B1}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{0344F94A-7B3C-4D0A-A125-728071E565CA}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{162AD2F1-3B43-4F70-B74A-50CBB3BDD513}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{737A42DA-B9C3-49B9-BFC7-C6DEBF9E4E44}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{664085D5-4DE9-4356-85FB-291C8E6F8D08}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{909EE809-F764-402B-B71C-234BB616D6EF}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= UDP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"UDP Query User{169961F5-AC1D-4994-96B7-52112EACB7B6}d:\\hry\\unrealtournament\\system\\unrealtournament.exe"= TCP:d:\hry\unrealtournament\system\unrealtournament.exe:UnrealTournament.exe
"TCP Query User{0FFA0734-EE01-47C0-8320-B6DFB0BC2E86}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E0BB29AF-457B-4BFB-BF2F-D473630CE3DC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{006DE6F2-06E3-40CE-A78C-FEAAFF898C74}c:\\programy\\bit lord\\bitlord.exe"= UDP:c:\programy\bit lord\bitlord.exe:BitLord
"UDP Query User{312DF1E7-A44C-4F1C-9087-0CBA67399B32}c:\\programy\\bit lord\\bitlord.exe"= TCP:c:\programy\bit lord\bitlord.exe:BitLord
"TCP Query User{93D38BE7-F819-4946-8884-D5D32AA51E6D}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{7AD700EE-98C3-4216-8294-EA29A393D80C}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E4F69016-1700-4457-A8BD-4F09E16BEC78}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{3640775A-1400-4FD4-8F90-8E13DC931ADC}c:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{E909A86D-D2B2-4B3C-B41D-D6FFF36D380B}d:\\rollcage2\\direct3d\\rollcage.exe"= UDP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"UDP Query User{27E93381-380D-49D2-95E5-6F5E75BD2652}d:\\rollcage2\\direct3d\\rollcage.exe"= TCP:d:\rollcage2\direct3d\rollcage.exe:Rollcage Main Game Executable
"TCP Query User{16049CF6-449A-4285-9936-ED9EC08A738A}d:\\microsoft virtual pc\\virtual pc.exe"= UDP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"UDP Query User{73F8851D-A5C9-4901-9541-395C011FE6A9}d:\\microsoft virtual pc\\virtual pc.exe"= TCP:d:\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"TCP Query User{8E63721D-17B3-4852-971B-B7EBE2B31F47}d:\\icq6.5\\icq.exe"= UDP:d:\icq6.5\icq.exe:ICQ
"UDP Query User{0921C14A-79E9-4CFB-B4A8-CFA3A9617D50}d:\\icq6.5\\icq.exe"= TCP:d:\icq6.5\icq.exe:ICQ
"TCP Query User{AFDB7A3C-ACAD-430A-A1D1-56C3D17E89A0}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{0C25104E-B640-45A4-8999-BFB24431EA8F}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{903667BB-56C3-48EC-87A0-F4829606C274}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{83C41D14-9EBA-4757-BD6C-3CA175649441}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [23.4.2009 17:06 64160]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081120.001\IDSvix86.sys [21.11.2008 16:32 270384]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [16.9.2009 16:06 142592]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 11:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\System32\drivers\SpotVcp.sys [16.5.2007 14:19 34304]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [3.10.2008 15:14 37936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [25.10.2007 7:02 280576]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\System32\drivers\BTCamDrv.sys [31.8.2008 23:11 228352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3.9.2008 19:53 99376]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [28.8.2008 10:01 21504]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\System32\drivers\imhidusb.sys [9.11.2008 0:57 17920]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [12.1.2007 11:02 31232]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\System32\drivers\spotJ32.sys [20.11.2008 16:34 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [22.2.2007 19:39 2808664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-09-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
2009-09-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:07]
2009-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
2009-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2350665712-444876920-1834457973-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-26 13:09]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://213.192.55.254/RtspVaPgDec.cab
.
.
------- Asociace souborů -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 23:40
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5060)
c:\acer\Empowering Technology\EPOWER\SysHook.dll
d:\microsoft virtual pc\VPCShExH.DLL
c:\windows\system32\eDStoolbar.dll
c:\windows\system32\sysenv.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Symantec Shared\ccL60U.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\windows\System32\wbem\unsecapp.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Celkový čas: 2009-09-16 23:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-16 21:47
Před spuštěním: Volných bajtů: 12 055 924 736
Po spuštění: Volných bajtů: 11 658 760 192
355 --- E O F --- 2009-09-14 14:10
načítaní win po přihlašení
Re: načítaní win po přihlašení
nejsem antivir,ale poradim ti vycisti si registry,pouzij k tomu budto ccleaner(FW) nebo Tune UP Utilities 2009(docela dost drahy a tady se warez nepodporuje(aspon myslim)) popripade si projet zavadec windowsu programem WebCurelt
Intel Celeron 2,4 GHZ 256kB L2 cache,224MB RAM,166 MHZ,ProSavager DDR,80GB HDD a nestidím se za to :) mam to jen na blizzard hry a net :)
Re: načítaní win po přihlašení
cc u tune up sem delal a porad nic...
Re: načítaní win po přihlašení
dej si start-spustit-"msconfig" (bez uvozovek)-po spuštění a tam vypni vse az na antivir,pripadne SW k tiskarne,wifi atd. jestli tohle nepomuze tak nevim
Intel Celeron 2,4 GHZ 256kB L2 cache,224MB RAM,166 MHZ,ProSavager DDR,80GB HDD a nestidím se za to :) mam to jen na blizzard hry a net :)
-
peacoq
- Pohlaví:
Re: načítaní win po přihlašení
Ahoj.
V prve rade ti reknu toto: Combo Fix je tak specialozovany nastroj, ze ho v zadnem pripade nepouzivaj sam a bez doporuceni zkusenejsiho uzivatele (suzuji podle toho, ze s edotazujes na 'zpomalene otvirani systemu' a tedy nebudes szrovna nekdo, kdo vi co CF dela), CF neni jen test a nebo neposkytuje jen prehled procesu, ale umi poradne system rozhodit v pripade, ze se spatne pouzije. Zjednodusenne receno: CF nni test, ale opravny nastroj.
(K tomu se vztahuje i to, ze po pouziti se odstranuje z PC za pomoci specialniho prikazu a pripadne se manualne odstrani jeho soucasti, a jeste se PC do-cisti T-Cleanerem, coz svedci o narocnosti CFixu a o jeho specifickem pouziti a ucinku na system.)
1. Zajdi do sekce Bezpecnost - Hi Jack This, a tam se v uvodu sekce seznam s pouzitim tst HJT, instaluj, zavri prohlizec a veskere jina okana (ukonci cinnost na PC) a jako admin spust HJT-test, a vysledny log si dej k posouzeni.
2. procisteni Ccleanerem je dobre delat ''stale'' smetak k vyzisteni docasnych zapisu a mensich zbytecnosti, a system cisteni registru neni od veci za predpokladu, ze instalujes a nebo odinstalovas program, tak smaze stae zapisy v registrech - klice, ale vzhledem k tomu, ze jeho spusteni zabere jen minutu, doporucuji ti Ccleaner - smetak + registry spustit vzdy na zaver pripojeni na interent.
V prve rade ti reknu toto: Combo Fix je tak specialozovany nastroj, ze ho v zadnem pripade nepouzivaj sam a bez doporuceni zkusenejsiho uzivatele (suzuji podle toho, ze s edotazujes na 'zpomalene otvirani systemu' a tedy nebudes szrovna nekdo, kdo vi co CF dela), CF neni jen test a nebo neposkytuje jen prehled procesu, ale umi poradne system rozhodit v pripade, ze se spatne pouzije. Zjednodusenne receno: CF nni test, ale opravny nastroj.
(K tomu se vztahuje i to, ze po pouziti se odstranuje z PC za pomoci specialniho prikazu a pripadne se manualne odstrani jeho soucasti, a jeste se PC do-cisti T-Cleanerem, coz svedci o narocnosti CFixu a o jeho specifickem pouziti a ucinku na system.)
1. Zajdi do sekce Bezpecnost - Hi Jack This, a tam se v uvodu sekce seznam s pouzitim tst HJT, instaluj, zavri prohlizec a veskere jina okana (ukonci cinnost na PC) a jako admin spust HJT-test, a vysledny log si dej k posouzeni.
2. procisteni Ccleanerem je dobre delat ''stale'' smetak k vyzisteni docasnych zapisu a mensich zbytecnosti, a system cisteni registru neni od veci za predpokladu, ze instalujes a nebo odinstalovas program, tak smaze stae zapisy v registrech - klice, ale vzhledem k tomu, ze jeho spusteni zabere jen minutu, doporucuji ti Ccleaner - smetak + registry spustit vzdy na zaver pripojeni na interent.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 14 hostů