Prosím o kontrolu

[jimi_martan]

Dobrý den, prosím o kontrolu logu. Nenačítají se mi některé stránky http://www.google.com, některé stránky čekají na načtení stránky http://www.google-analytics.com a načtou se po 5 minutách. Děkuji

Log
Logfile of random's system information tool 1.09 (written by random/random)
Run by mpalata at 2012-04-25 10:57:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (40%) free of 35 GB
Total RAM: 1791 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:32, on 25.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\hporclnr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mpalata\Plocha\RSIT.exe
C:\Program Files\trend micro\mpalata.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP OrderReminder Cleaner] C:\WINDOWS\hporclnr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FA3F4BA-ED5E-4772-9325-A3CEC2DF3F3B}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3AAA6E7-B1F8-4877-A43F-A6B30B294DEC}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FA3F4BA-ED5E-4772-9325-A3CEC2DF3F3B}: NameServer = 10.0.0.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7890 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\pripomenout.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\mpalata\Data aplikací\Mozilla\Firefox\Profiles\oink0f0g.default

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll


C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-25 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21 3853984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-25 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-25 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"pdfFactory Pro Dispatcher v1"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe [2002-10-30 364544]
"Cobian Backup 8"=C:\Program Files\Cobian Backup 8\Cobian.exe [2007-03-21 499712]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-12-27 98304]
"HP OrderReminder Cleaner"=C:\WINDOWS\hporclnr.exe [2006-12-27 104960]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-25 188416]
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2003-08-21 483328]
"SiSPower"=SiSPower.dll,ModeAgent []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-20 16384512]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-03 1826816]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-03-27 421736]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-03-09 247728]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-09-26 19554952]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EazyScheduler]
C:\Program Files\Eazy-Ware\ezSched.exe [2007-02-04 430400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2
"gupdatem"=3
"gupdate"=2
"Bonjour Service"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE:*:Enabled:SMLMProxy Module - HP1005MC.EXE"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=vdrcodec.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.divx"=divx.dll
"vidc.div4"=DivXc32f.dll
"vidc.div3"=DivXc32.dll
"vidc.xvid"=xvid.dll
"vidc.mp43"=mpg4c32.dll
"msacm.l3radius"=l3codecp.acm
"msacm.divxa"=divxa32.acm
"msacm.vorbis"=Vorbis.acm
"msacm.a3d"=a3d.dll
"msacm.ogg"=ogg.dll
"msacm.vorbisenc"=vorbisenc.dll
"VIDC.PIM1"=pclepim1.dll
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-04-25 10:55:46 ----D---- C:\rsit
2012-04-25 10:55:46 ----D---- C:\Program Files\trend micro
2012-04-25 10:30:53 ----SHD---- C:\RECYCLER
2012-04-25 10:30:45 ----D---- C:\_OTL
2012-04-25 10:11:20 ----A---- C:\ComboFix.txt
2012-04-25 10:03:55 ----A---- C:\Boot.bak
2012-04-25 10:03:47 ----RASHD---- C:\cmdcons
2012-04-25 10:02:06 ----A---- C:\WINDOWS\zip.exe
2012-04-25 10:02:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-04-25 10:02:06 ----A---- C:\WINDOWS\SWSC.exe
2012-04-25 10:02:06 ----A---- C:\WINDOWS\SWREG.exe
2012-04-25 10:02:06 ----A---- C:\WINDOWS\sed.exe
2012-04-25 10:02:06 ----A---- C:\WINDOWS\PEV.exe
2012-04-25 10:02:06 ----A---- C:\WINDOWS\NIRCMD.exe
2012-04-25 10:02:06 ----A---- C:\WINDOWS\MBR.exe
2012-04-25 10:02:06 ----A---- C:\WINDOWS\grep.exe
2012-04-25 10:02:00 ----D---- C:\WINDOWS\ERDNT
2012-04-25 10:01:55 ----D---- C:\Qoobox
2012-04-25 09:41:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2012-04-25 09:41:03 ----A---- C:\WINDOWS\system32\javaws.exe
2012-04-25 09:41:03 ----A---- C:\WINDOWS\system32\javaw.exe
2012-04-25 09:41:03 ----A---- C:\WINDOWS\system32\java.exe
2012-04-25 09:41:03 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-04-25 09:38:30 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-04-25 03:14:21 ----A---- C:\WINDOWS\system32\muweb.dll
2012-04-25 03:14:21 ----A---- C:\WINDOWS\system32\mucltui.dll
2012-04-24 18:43:02 ----D---- C:\Program Files\Mozilla Firefox
2012-04-24 18:34:43 ----D---- C:\Program Files\Microsoft Security Client
2012-04-24 18:19:27 ----HD---- C:\WINDOWS\system32\GroupPolicy
2012-04-13 15:47:47 ----D---- C:\Documents and Settings\mpalata\Data aplikací\Apple Computer
2012-04-13 15:47:26 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2012-04-13 15:47:26 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2012-04-13 15:46:15 ----D---- C:\Program Files\iPod
2012-04-13 15:46:07 ----D---- C:\Program Files\iTunes
2012-04-13 15:46:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2012-04-13 15:46:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-13 15:45:38 ----D---- C:\Program Files\Apple Software Update
2012-04-13 15:45:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-04-13 15:45:24 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2012-04-13 15:45:24 ----A---- C:\WINDOWS\system32\drivers\usbaapl.sys
2012-04-13 15:44:35 ----D---- C:\Program Files\Bonjour
2012-04-13 15:44:09 ----D---- C:\Program Files\Common Files\Apple
2012-04-13 15:44:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2012-04-12 03:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$

======List of files/folders modified in the last 1 month======

2012-04-25 10:55:54 ----D---- C:\WINDOWS\Prefetch
2012-04-25 10:55:46 ----RD---- C:\Program Files
2012-04-25 10:55:38 ----D---- C:\Documents and Settings\mpalata\Data aplikací\Skype
2012-04-25 10:47:53 ----D---- C:\WINDOWS\system32
2012-04-25 10:47:30 ----D---- C:\WINDOWS\Temp
2012-04-25 10:47:16 ----D---- C:\WINDOWS\system32\CatRoot2
2012-04-25 10:46:57 ----D---- C:\WINDOWS
2012-04-25 10:37:23 ----SD---- C:\WINDOWS\Tasks
2012-04-25 10:31:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-25 10:09:52 ----A---- C:\WINDOWS\system.ini
2012-04-25 10:09:44 ----D---- C:\WINDOWS\system32\drivers\etc
2012-04-25 10:07:40 ----D---- C:\WINDOWS\system32\drivers
2012-04-25 10:07:40 ----D---- C:\WINDOWS\AppPatch
2012-04-25 10:07:37 ----D---- C:\Program Files\Common Files
2012-04-25 10:03:56 ----RASH---- C:\boot.ini
2012-04-25 09:41:37 ----SHD---- C:\WINDOWS\Installer
2012-04-25 09:41:36 ----D---- C:\Config.Msi
2012-04-25 09:41:35 ----D---- C:\Program Files\Common Files\Java
2012-04-25 09:40:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-04-25 03:14:21 ----HD---- C:\WINDOWS\inf
2012-04-24 19:58:05 ----D---- C:\Program Files\Google
2012-04-24 19:08:15 ----A---- C:\WINDOWS\win.ini
2012-04-24 18:58:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2012-04-24 18:43:28 ----D---- C:\Documents and Settings\mpalata\Data aplikací\Mozilla
2012-04-24 18:34:54 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-04-24 18:21:34 ----D---- C:\WINDOWS\Minidump
2012-04-24 18:21:34 ----D---- C:\WINDOWS\Debug
2012-04-24 15:49:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2012-04-13 15:44:18 ----D---- C:\WINDOWS\WinSxS
2012-04-12 03:20:36 ----D---- C:\Program Files\Internet Explorer
2012-04-12 03:04:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-04-12 03:04:00 ----D---- C:\WINDOWS\ie8updates
2012-04-12 03:03:42 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-12 03:01:25 ----A---- C:\WINDOWS\system32\MRT.exe
2012-04-01 09:47:38 ----HD---- C:\Program Files\InstallShield Installation Information
2012-04-01 09:47:35 ----A---- C:\WINDOWS\KA.ini
2012-03-31 08:44:08 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-02-20 36608]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-02-25 82380]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2007-06-25 18432]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-05-14 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-05-14 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-05-14 21488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-28 4609024]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2007-06-25 321536]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2006-12-19 41600]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 uqqyniey;uqqyniey; \??\C:\WINDOWS\system32\drivers\uqqyniey.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-02-15 43520]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-25 153376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 821608]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-05-14 65795]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
S4 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

-----------------EOF-----------------

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Driver::
uqqyniey

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[jimi_martan]

Přidávám požadovaný log. Díky

ComboFix 12-04-25.01 - mpalata 25.04.2012 11:44:08.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1111 [GMT 2:00]
Spuštěný z: c:\documents and settings\mpalata\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mpalata\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uqqyniey
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-25 do 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 09:08 . 2012-04-12 22:36 6734704 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5DEB6F66-A03E-4487-97B7-FFDABE358100}\mpengine.dll
2012-04-25 08:55 . 2012-04-25 08:57 -------- d-----w- c:\program files\trend micro
2012-04-25 08:55 . 2012-04-25 08:55 -------- d-----w- C:\rsit
2012-04-25 08:30 . 2012-04-25 08:30 -------- d-----w- C:\_OTL
2012-04-25 07:41 . 2012-04-25 07:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-25 01:14 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-25 01:14 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-24 16:43 . 2012-04-24 16:43 -------- d-----w- c:\documents and settings\mpalata\Local Settings\Data aplikací\Mozilla
2012-04-24 16:34 . 2012-04-24 16:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-24 16:19 . 2012-04-24 16:19 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-04-24 07:04 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{1886ECA8-340C-405E-A4E7-70606E78A204}\mpengine.dll
2012-04-17 14:43 . 2012-04-17 14:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Apple
2012-04-13 13:47 . 2012-04-13 13:47 -------- d-----w- c:\documents and settings\mpalata\Local Settings\Data aplikací\Apple Computer
2012-04-13 13:47 . 2012-04-13 13:48 -------- d-----w- c:\documents and settings\mpalata\Data aplikací\Apple Computer
2012-04-13 13:47 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-13 13:47 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-13 13:46 . 2012-04-13 13:46 -------- d-----w- c:\program files\iPod
2012-04-13 13:46 . 2012-04-13 13:47 -------- d-----w- c:\program files\iTunes
2012-04-13 13:46 . 2012-04-13 13:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-13 13:46 . 2012-04-13 13:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-04-13 13:45 . 2012-04-13 13:45 -------- d-----w- c:\documents and settings\mpalata\Local Settings\Data aplikací\Apple
2012-04-13 13:45 . 2012-04-13 13:45 -------- d-----w- c:\program files\Apple Software Update
2012-04-13 13:45 . 2012-04-13 13:45 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2012-04-13 13:45 . 2012-04-13 13:47 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-13 13:45 . 2012-02-15 09:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-13 13:45 . 2012-02-15 09:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-13 13:44 . 2012-04-13 13:44 -------- d-----w- c:\program files\Bonjour
2012-04-13 13:44 . 2012-04-13 13:46 -------- d-----w- c:\program files\Common Files\Apple
2012-04-13 13:44 . 2012-04-13 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 07:40 . 2008-02-24 20:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-13 07:36 . 2009-09-02 10:25 6734704 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-01 10:59 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-18 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57 . 2004-08-18 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2009-10-02 18:34 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:38 . 2012-04-24 16:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-25_08.09.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-25 09:50 . 2012-04-25 09:50 16384 c:\windows\Temp\Perflib_Perfdata_1c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 19554952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"pdfFactory Pro Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2002-10-30 364544]
"Cobian Backup 8"="c:\program files\Cobian Backup 8\Cobian.exe" [2007-03-20 499712]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-12-27 98304]
"HP OrderReminder Cleaner"="c:\windows\hporclnr.exe" [2006-12-27 104960]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-21 483328]
"SiSPower"="SiSPower.dll" [2007-06-25 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-2-24 106496]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EazyScheduler]
2007-02-04 11:26 430400 ----a-w- c:\program files\Eazy-Ware\ezSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5800:TCP"= 5800:TCP:vnc
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [9.3.2011 14:30 92592]
S1 MpKsl9955afa9;MpKsl9955afa9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5DEB6F66-A03E-4487-97B7-FFDABE358100}\MpKsl9955afa9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5DEB6F66-A03E-4487-97B7-FFDABE358100}\MpKsl9955afa9.sys [?]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-04-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-04-19 c:\windows\Tasks\pripomenout.job
- E:\pripomenout.bat [2008-06-12 07:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page =
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{1FA3F4BA-ED5E-4772-9325-A3CEC2DF3F3B}: NameServer = 10.0.0.1
TCP: Interfaces\{F3AAA6E7-B1F8-4877-A43F-A6B30B294DEC}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\mpalata\Data aplikací\Mozilla\Firefox\Profiles\oink0f0g.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(2028)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\logonui.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
c:\windows\system32\rdpclip.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Cobian Backup 8\cbInterface.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2012-04-25 12:00:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-25 10:00
ComboFix2.txt 2012-04-25 08:11
.
Před spuštěním: Volných bajtů: 14 659 940 352
Po spuštění: Volných bajtů: 14 570 336 256
.
- - End Of File - - 00B54EAE51EDBE3027F5FC063B977083

[JaRon]

citat:
TFC http://oldtimer.geekstogo.com/TFC.exe
• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

po restarte popis stav PC - problemy

[jimi_martan]

Stránka www.google.com nebo třeba www.hotelbara.cz či www.dsl.cz se stále nenačítají ani v IE ani v Firefoxu. Firefox píše, že se čeká na stránku www.google-analytics.com a stránku načte cca po 5 minutách. Ostatní stránky - seznam, centrum... se načítají bez problému a rycle. Měření rychlosti na rychlost.cz - 5831 kbit/s.

[JaRon]

skus s prikazoveho riadku ipconfig /flushdns

[jimi_martan]

Bez úspěchu, zkusil jsem nastavit i dns na 8.8.8.8 a stránky se dále zobrazují pomalu

[JaRon]

ked das namiesto www.google.com jeho IP je to rovnake ?

[jimi_martan]

zkusil jsem 87.125.97.99 a je to stejné

[JaRon]

pouzi http://forum.viry.cz/viewtopic.php?f=24 ... 05#p981205 volby 1 3 4 5

[jimi_martan]

Provedeny body 1-4 výsledek stejný

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: mpalata [Práva správce]
Mód: Kontrola -- Datum: 04/25/2012 14:49:40

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] hporclnr.exe -- C:\WINDOWS\hporclnr.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{1FA3F4BA-ED5E-4772-9325-A3CEC2DF3F3B} : NameServer (8.8.8.8,10.0.0.1) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F3AAA6E7-B1F8-4877-A43F-A6B30B294DEC} : NameServer (10.0.0.138) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{1FA3F4BA-ED5E-4772-9325-A3CEC2DF3F3B} : NameServer (10.0.0.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F3AAA6E7-B1F8-4877-A43F-A6B30B294DEC} : NameServer (10.0.0.138) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xB9F11852)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3120026A +++++
--- User ---
[MBR] d3711a9d1cdd81096149d463a1fb88cc
[BSP] 6808f9d6013139ac878320647975044d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 35000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 71682030 | Size: 70017 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 215078220 | Size: 9444 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[5].txt >>

[JaRon]

skus restartovat router ak nepomoze, vloz logy MBAM + TDSSKiller

[jimi_martan]

Reset modemu nemomohl, notebook připojený a stejném modemu je OK. Logy udělám a uložím zde.

[jimi_martan]

MBAM log
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.04.25.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mpalata :: HOTEL [administrátor]

Ochrana: Povolena

25.4.2012 21:26:16
mbam-log-2012-04-25 (22-09-31).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 317618
Uplynulý čas: 41 minut, 49 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Documents and Settings\mpalata\Data aplikací\wiaserva.log (Malware.Trace) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\mpalata\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Žádná instrukce nebyla provedena.

(konec)

[jimi_martan]

TDSS Killer
Processed: 288 objects
Found: 0 threats
Neutralized: 0 threats
Qurantined: 0 objects