Dobry den,
nejaka havet mi spousti proces, ktery brani spoustet IE. Zde zasilam log z RSIT:
Dekuji
Jiri
Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2013-10-08 11:15:34
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (54%) free of 40 GB
Total RAM: 2012 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:42, on 8.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\OA10\rcClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OA10\oaServerNT.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\OA10\oaServerNt.exe
C:\Program Files\OA10\WorkSpApUia.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\SW\CorelIOMonitor.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\User_name\JmenoUzivatele.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Z_Internetu\RSIT.exe
C:\Program Files\trend micro\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozhorice.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://socialgames.splashtop.com/redire ... 7e&l=cs-CZ
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Oblíbené položky
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Corel File Shell Monitor] D:\SW\CorelIOMonitor.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: JmenoUzivatele.lnk = C:\Program Files\User_name\JmenoUzivatele.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7427756296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11E0C41-FA1E-482B-A86A-1FFA52291FCB}: NameServer = 192.168.180.2,192.168.176.3
O20 - Winlogon Notify: oaKel - oaKelNt.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: oaServerNT - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: rcClient - Unknown owner - C:\Program.exe (file missing)
--
End of file - 6871 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\g1eg4etf.default
prefs.js - "browser.startup.homepage" - "http://www.gozhorice.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{78E1C5BB-0C4D-4331-BBDA-9D295DD3C382}"=C:\Program Files\OA10\Module\Gecko\1.8\
"{871DE4DE-99EE-4fd2-8162-EAFDAF2A64FE}"=C:\Program Files\OA10\Module\Gecko\1.9\
"{82BC1BFD-77FD-4ad2-8DC8-D22D5DFA1657}"=C:\Program Files\OA10\Module\Gecko\1.9.1\
"{EBB9A826-033D-43cc-80F5-5FA86F73298D}"=C:\Program Files\OA10\Module\Gecko\1.9.2\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
C:\Program Files\Mozilla Firefox\extensions\
{11D994D3-9B10-4c30-98D6-497E95A6A7B7}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
C:\Program Files\Mozilla Firefox\plugins\
npPDFXCviewNPPlugin.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-06 463272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-06 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-04-23 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-04-23 174104]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-04-23 144920]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Corel File Shell Monitor"=D:\SW\CorelIOMonitor.exe [2008-01-15 16200]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-03-21 5078504]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
JmenoUzivatele.lnk - C:\Program Files\User_name\JmenoUzivatele.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-04-21 213504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\oaKel]
C:\WINDOWS\system32\oaKelNt.dll [2013-09-09 333312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwv1_0
"notification packages"=oaPassCn
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"CompatibleRUPSecurity"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Z_Internetu\winbox.exe"="D:\Z_Internetu\winbox.exe:*:Enabled:winbox"
"D:\SW\Programs\RM.exe"="D:\SW\Programs\RM.exe:*:Enabled:Render Manager"
"D:\SW\Programs\Studio.exe"="D:\SW\Programs\Studio.exe:*:Enabled:Studio"
"D:\SW\Programs\umi.exe"="D:\SW\Programs\umi.exe:*:Enabled:umi"
"O:\EasySetupAssistant\wr720n\EasySetupAssistant.exe"="O:\EasySetupAssistant\wr720n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"D:\SW\_EasyPHP-5-3-8-1\mysql\bin\mysqld.exe"="D:\SW\_EasyPHP-5-3-8-1\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\Program Files\Grouter\mysql\bin\mysqld.exe"="C:\Program Files\Grouter\mysql\bin\mysqld.exe:*:Enabled:mysqld"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"vidc.mjpg"=pvmjpg30.dll
======List of files/folders created in the last 1 month======
2013-10-08 11:15:34 ----D---- C:\rsit
2013-10-08 11:15:34 ----D---- C:\Program Files\trend micro
2013-10-01 10:42:44 ----D---- C:\Program Files\Mozilla Firefox
2013-09-20 07:50:19 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-09-11 10:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 10:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 10:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2013-09-09 11:52:41 ----D---- C:\Documents and Settings\user\Data aplikací\SketchUp
2013-09-09 11:37:33 ----D---- C:\Program Files\SketchUp
2013-09-09 11:37:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\SketchUp
======List of files/folders modified in the last 1 month======
2013-10-08 11:15:41 ----D---- C:\WINDOWS\Prefetch
2013-10-08 11:15:34 ----RD---- C:\Program Files
2013-10-08 11:14:32 ----D---- C:\WINDOWS\Temp
2013-10-08 11:13:58 ----D---- C:\WINDOWS
2013-10-08 11:13:58 ----D---- C:\Documents and Settings\user\Data aplikací\Macromedia
2013-10-08 07:09:33 ----SD---- C:\WINDOWS\Tasks
2013-10-07 16:18:11 ----N---- C:\WINDOWS\SchedLgU.Txt
2013-10-07 16:15:45 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-07 07:16:34 ----D---- C:\WINDOWS\system32
2013-10-07 07:16:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-02 09:02:52 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-10-01 10:59:11 ----D---- C:\Documents and Settings\user\Data aplikací\XnView
2013-09-20 07:50:24 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-13 16:24:16 ----SHD---- C:\WINDOWS\Installer
2013-09-13 16:24:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-09-11 15:02:08 ----D---- C:\WINDOWS\repair
2013-09-11 15:02:02 ----D---- C:\WINDOWS\Registration
2013-09-11 15:00:38 ----HD---- C:\WINDOWS\inf
2013-09-11 13:41:36 ----D---- C:\WINDOWS\Debug
2013-09-11 10:28:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-11 10:27:59 ----D---- C:\Program Files\Internet Explorer
2013-09-11 10:21:22 ----A---- C:\WINDOWS\system32\MRT.exe
2013-09-10 12:08:40 ----RSD---- C:\WINDOWS\assembly
2013-09-10 12:08:40 ----D---- C:\WINDOWS\Microsoft.NET
2013-09-10 12:01:45 ----D---- C:\WINDOWS\WinSxS
2013-09-09 09:51:14 ----D---- C:\WINDOWS\system32\en-US
2013-09-09 09:51:09 ----D---- C:\Program Files\Microsoft.NET
2013-09-09 09:37:26 ----D---- C:\WINDOWS\system32\drivers
2013-09-09 09:37:26 ----D---- C:\Program Files\OA10
2013-09-09 09:37:26 ----A---- C:\WINDOWS\system32\PrintMon.dll
2013-09-09 09:36:36 ----RA---- C:\WINDOWS\system32\oacoinst.dll
2013-09-09 09:36:20 ----RA---- C:\WINDOWS\system32\oaPassCn.dll
2013-09-09 09:35:48 ----RA---- C:\WINDOWS\system32\oaKelNt.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 NICM;Novell InterService Communication Driver; C:\WINDOWS\system32\drivers\nicm.sys [2006-03-03 38416]
R0 NWFILTER;Novell UNC Path Filter; C:\WINDOWS\system32\NetWare\nwfilter.sys [2005-05-26 15891]
R0 oaFile;oaFile; C:\WINDOWS\system32\drivers\oaFile.sys [2013-09-09 43520]
R0 oaRegMgr;oaRegMgr; C:\WINDOWS\system32\drivers\oaRegMgr.sys [2013-09-09 19456]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2013-01-10 105784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2007-05-29 513536]
R2 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-22 18353]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-23 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-23 55936]
R2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]
R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]
R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2006-09-25 160209]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-04-21 1917344]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2011-03-22 65136]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2006-10-27 43568]
R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]
R3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]
R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]
R3 NWSNS;Novell Simple Naming Services; C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2010-12-22 2804720]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-03-21 1341664]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-09-06 182184]
R2 KaraokeService;VIA Karaoke digital mixer Service; C:\WINDOWS\system32\KaraokeSer.exe [2010-12-22 88688]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 rcClient;rcClient; C:\Program Files\OA10\rcClient []
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 oaServerNT;oaServerNT; C:\Program Files\OA10\oaServerNT []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-09 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2006-08-11 28672]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-09 116648]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-01 118680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu, havet mi brani spustit IE
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
jirka-cesky-raj
- Návštěvník
- Příspěvky: 12
- Registrován: 20 dub 2009 10:09
Re: prosim o kontrolu, havet mi brani spustit IE
Zdravim 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
jirka-cesky-raj
- Návštěvník
- Příspěvky: 12
- Registrován: 20 dub 2009 10:09
Re: prosim o kontrolu, havet mi brani spustit IE
Zde je log z RKill:
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 10/09/2013 11:54:32 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\WINDOWS\system32\NWTRAY.EXE (PID: 432) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 10/09/2013 11:55:11 AM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)
--------------------
Zde je log z CF:
ComboFix 13-10-08.01 - user 09.10.2013 11:59:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2012.1300 [GMT 2:00]
Spuštěný z: c:\documents and settings\All Users\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\oaPassCn.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-09 do 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 08:55 . 2013-10-09 08:55 17750408 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-08 09:15 . 2013-10-08 09:15 -------- d-----w- C:\rsit
2013-10-08 09:15 . 2013-10-08 09:15 -------- d-----w- c:\program files\trend micro
2013-10-04 06:28 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{40E3B9DF-5DE1-49BB-B50B-A517F4BD50F9}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 10:05 . 2011-10-31 13:59 17488 ----a-w- c:\windows\gdrv.sys
2013-10-09 07:55 . 2012-04-05 08:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 07:55 . 2011-11-03 08:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-09 07:37 . 2011-11-14 14:11 96768 ----a-w- c:\windows\system32\PrintMon.dll
2013-09-09 07:36 . 2011-12-08 12:19 338944 ----a-r- c:\windows\system32\oacoinst.dll
2013-09-09 07:35 . 2011-11-09 10:42 43520 ------r- c:\windows\system32\drivers\oafile.sys
2013-09-09 07:35 . 2011-11-09 10:42 19456 ------r- c:\windows\system32\drivers\oaRegMgr.sys
2013-09-09 07:35 . 2011-11-09 10:42 333312 ----a-r- c:\windows\system32\oaKelNt.dll
2013-09-06 08:57 . 2013-09-06 08:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-06 08:57 . 2013-09-06 08:58 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-06 08:57 . 2012-05-09 08:39 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-06 08:57 . 2011-11-04 07:36 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-05 05:02 . 2011-11-02 07:19 7328304 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-08-09 01:56 . 2002-09-23 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2002-09-23 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2002-09-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2002-09-23 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2011-10-31 12:12 385024 ------w- c:\windows\system32\html.iec
2013-08-07 02:22 . 2011-11-02 07:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 13:30 . 2002-09-23 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 144920]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"Corel File Shell Monitor"="d:\sw\CorelIOMonitor.exe" [2008-01-15 16200]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
JmenoUzivatele.lnk - c:\program files\User_name\JmenoUzivatele.exe [2011-11-2 302592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oaKel]
2013-09-09 07:35 333312 ----a-r- c:\windows\system32\oaKelNt.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\SW\\Programs\\RM.exe"=
"d:\\SW\\Programs\\Studio.exe"=
"d:\\SW\\Programs\\umi.exe"=
"d:\\SW\\_EasyPHP-5-3-8-1\\mysql\\bin\\mysqld.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GLOBALLYOPENPORTS\List]
"5529:TCP"= 5529:TCP:oa_nh29
"5528:TCP"= 5528:TCP:oa_nh28
"5527:TCP"= 5527:TCP:oa_nh27
"5526:TCP"= 5526:TCP:oa_nh26
"5525:TCP"= 5525:TCP:oa_nh25
"5524:TCP"= 5524:TCP:oa_nh24
"5523:TCP"= 5523:TCP:oa_nh23
"5522:TCP"= 5522:TCP:oa_nh22
"5521:TCP"= 5521:TCP:oa_nh21
"5520:TCP"= 5520:TCP:oa_nh20
"5519:TCP"= 5519:TCP:oa_nh19
"5518:TCP"= 5518:TCP:oa_nh18
"5517:TCP"= 5517:TCP:oa_nh17
"5516:TCP"= 5516:TCP:oa_nh16
"5515:TCP"= 5515:TCP:oa_nh15
"5514:TCP"= 5514:TCP:oa_nh14
"5513:TCP"= 5513:TCP:oa_nh13
"5512:TCP"= 5512:TCP:oa_nh12
"5511:TCP"= 5511:TCP:oa_nh11
"5510:TCP"= 5510:TCP:oa_nh10
"5509:TCP"= 5509:TCP:oa_nh9
"5508:TCP"= 5508:TCP:oa_nh8
"5507:TCP"= 5507:TCP:oa_nh7
"5506:TCP"= 5506:TCP:oa_nh6
"5505:TCP"= 5505:TCP:oa_nh5
"5504:TCP"= 5504:TCP:oa_nh4
"5503:TCP"= 5503:TCP:oa_nh3
"5502:TCP"= 5502:TCP:oa_nh2
"5501:TCP"= 5501:TCP:oa_nh1
"5500:TCP"= 5500:TCP:oa_nh0
"5020:TCP"= 5020:TCP:oa_rcclient
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 oaFile;oaFile;c:\windows\system32\drivers\oafile.sys [9.11.2011 12:42 43520]
R0 oaRegMgr;oaRegMgr;c:\windows\system32\drivers\oaRegMgr.sys [9.11.2011 12:42 19456]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [31.10.2011 15:05 18544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 16:04 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 14:47 105784]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.3.2013 15:19 1341664]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [31.10.2011 14:56 68136]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [31.10.2011 15:03 88688]
R2 rcClient;rcClient;c:\program files\OA10\rcClient --> c:\program files\OA10\rcClient [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [31.10.2011 15:05 65136]
R3 oaServerNT;oaServerNT;c:\program files\OA10\oaServerNT --> c:\program files\OA10\oaServerNT [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.10.2011 15:03 2804720]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-08 05:44 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:55]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 10:18]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 10:18]
.
2013-10-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.gozhorice.cz/
uInternet Connection Wizard,ShellNext = hxxp://socialgames.splashtop.com/redirectGames/?oem=gbbcu02&os=Windows&p=G41MT-S2P&pv=1.1.6&v=3&flv=&c=1029&t=d41d8cd98f00b204e9800998ecf8427e&l=cs-CZ
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{A11E0C41-FA1E-482B-A86A-1FFA52291FCB}: NameServer = 192.168.180.2,192.168.176.3
Name-Space Handler: ftp\WorkSpy - {5D3387A9-354F-4efd-8939-5AFB4FAAFE1D} - c:\program files\OA10\WorkSpDw.dll
Name-Space Handler: http\WorkSpy - {12584F2C-7F9B-4e6a-B49D-3D31CD14A340} - c:\program files\OA10\WorkSpDw.dll
Name-Space Handler: https\WorkSpy - {B4041D07-5D17-44be-B975-3151919DC7D5} - c:\program files\OA10\WorkSpDw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\g1eg4etf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gozhorice.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-09 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oaServerNT]
"ImagePath"="c:\program files\OA10\oaServerNT"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcClient]
"ImagePath"="c:\program files\OA10\rcClient"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\oaKelNt.dll
c:\windows\system32\msi.dll
c:\program files\OA10\lgFnc.dll
.
- - - - - - - > 'Explorer.exe'(172)
c:\windows\system32\msi.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\OA10\rcClient.exe
c:\program files\OA10\oaServerNT.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\OA10\oaServerNt.exe
c:\program files\OA10\WorkSpApUia.exe
c:\windows\system32\NWTRAY.EXE
.
**************************************************************************
.
Celkový čas: 2013-10-09 12:24:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-09 10:24
.
Před spuštěním: Volných bajtů: 22 143 234 048
Po spuštění: Volných bajtů: 22 269 792 256
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E43C4A7EAFD23AFD1B725789E444CE49
413FC2A0C716421B3158746D63736515
Dekuji
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 10/09/2013 11:54:32 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\WINDOWS\system32\NWTRAY.EXE (PID: 432) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 10/09/2013 11:55:11 AM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)
--------------------
Zde je log z CF:
ComboFix 13-10-08.01 - user 09.10.2013 11:59:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2012.1300 [GMT 2:00]
Spuštěný z: c:\documents and settings\All Users\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\oaPassCn.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-09 do 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 08:55 . 2013-10-09 08:55 17750408 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-08 09:15 . 2013-10-08 09:15 -------- d-----w- C:\rsit
2013-10-08 09:15 . 2013-10-08 09:15 -------- d-----w- c:\program files\trend micro
2013-10-04 06:28 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{40E3B9DF-5DE1-49BB-B50B-A517F4BD50F9}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 10:05 . 2011-10-31 13:59 17488 ----a-w- c:\windows\gdrv.sys
2013-10-09 07:55 . 2012-04-05 08:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 07:55 . 2011-11-03 08:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-09 07:37 . 2011-11-14 14:11 96768 ----a-w- c:\windows\system32\PrintMon.dll
2013-09-09 07:36 . 2011-12-08 12:19 338944 ----a-r- c:\windows\system32\oacoinst.dll
2013-09-09 07:35 . 2011-11-09 10:42 43520 ------r- c:\windows\system32\drivers\oafile.sys
2013-09-09 07:35 . 2011-11-09 10:42 19456 ------r- c:\windows\system32\drivers\oaRegMgr.sys
2013-09-09 07:35 . 2011-11-09 10:42 333312 ----a-r- c:\windows\system32\oaKelNt.dll
2013-09-06 08:57 . 2013-09-06 08:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-06 08:57 . 2013-09-06 08:58 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-06 08:57 . 2012-05-09 08:39 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-06 08:57 . 2011-11-04 07:36 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-05 05:02 . 2011-11-02 07:19 7328304 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-08-09 01:56 . 2002-09-23 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2002-09-23 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2002-09-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2002-09-23 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2011-10-31 12:12 385024 ------w- c:\windows\system32\html.iec
2013-08-07 02:22 . 2011-11-02 07:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 13:30 . 2002-09-23 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 144920]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"Corel File Shell Monitor"="d:\sw\CorelIOMonitor.exe" [2008-01-15 16200]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
JmenoUzivatele.lnk - c:\program files\User_name\JmenoUzivatele.exe [2011-11-2 302592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oaKel]
2013-09-09 07:35 333312 ----a-r- c:\windows\system32\oaKelNt.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\SW\\Programs\\RM.exe"=
"d:\\SW\\Programs\\Studio.exe"=
"d:\\SW\\Programs\\umi.exe"=
"d:\\SW\\_EasyPHP-5-3-8-1\\mysql\\bin\\mysqld.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GLOBALLYOPENPORTS\List]
"5529:TCP"= 5529:TCP:oa_nh29
"5528:TCP"= 5528:TCP:oa_nh28
"5527:TCP"= 5527:TCP:oa_nh27
"5526:TCP"= 5526:TCP:oa_nh26
"5525:TCP"= 5525:TCP:oa_nh25
"5524:TCP"= 5524:TCP:oa_nh24
"5523:TCP"= 5523:TCP:oa_nh23
"5522:TCP"= 5522:TCP:oa_nh22
"5521:TCP"= 5521:TCP:oa_nh21
"5520:TCP"= 5520:TCP:oa_nh20
"5519:TCP"= 5519:TCP:oa_nh19
"5518:TCP"= 5518:TCP:oa_nh18
"5517:TCP"= 5517:TCP:oa_nh17
"5516:TCP"= 5516:TCP:oa_nh16
"5515:TCP"= 5515:TCP:oa_nh15
"5514:TCP"= 5514:TCP:oa_nh14
"5513:TCP"= 5513:TCP:oa_nh13
"5512:TCP"= 5512:TCP:oa_nh12
"5511:TCP"= 5511:TCP:oa_nh11
"5510:TCP"= 5510:TCP:oa_nh10
"5509:TCP"= 5509:TCP:oa_nh9
"5508:TCP"= 5508:TCP:oa_nh8
"5507:TCP"= 5507:TCP:oa_nh7
"5506:TCP"= 5506:TCP:oa_nh6
"5505:TCP"= 5505:TCP:oa_nh5
"5504:TCP"= 5504:TCP:oa_nh4
"5503:TCP"= 5503:TCP:oa_nh3
"5502:TCP"= 5502:TCP:oa_nh2
"5501:TCP"= 5501:TCP:oa_nh1
"5500:TCP"= 5500:TCP:oa_nh0
"5020:TCP"= 5020:TCP:oa_rcclient
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 oaFile;oaFile;c:\windows\system32\drivers\oafile.sys [9.11.2011 12:42 43520]
R0 oaRegMgr;oaRegMgr;c:\windows\system32\drivers\oaRegMgr.sys [9.11.2011 12:42 19456]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [31.10.2011 15:05 18544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 16:04 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 14:47 105784]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.3.2013 15:19 1341664]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [31.10.2011 14:56 68136]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [31.10.2011 15:03 88688]
R2 rcClient;rcClient;c:\program files\OA10\rcClient --> c:\program files\OA10\rcClient [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [31.10.2011 15:05 65136]
R3 oaServerNT;oaServerNT;c:\program files\OA10\oaServerNT --> c:\program files\OA10\oaServerNT [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.10.2011 15:03 2804720]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-08 05:44 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:55]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 10:18]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 10:18]
.
2013-10-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.gozhorice.cz/
uInternet Connection Wizard,ShellNext = hxxp://socialgames.splashtop.com/redirectGames/?oem=gbbcu02&os=Windows&p=G41MT-S2P&pv=1.1.6&v=3&flv=&c=1029&t=d41d8cd98f00b204e9800998ecf8427e&l=cs-CZ
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{A11E0C41-FA1E-482B-A86A-1FFA52291FCB}: NameServer = 192.168.180.2,192.168.176.3
Name-Space Handler: ftp\WorkSpy - {5D3387A9-354F-4efd-8939-5AFB4FAAFE1D} - c:\program files\OA10\WorkSpDw.dll
Name-Space Handler: http\WorkSpy - {12584F2C-7F9B-4e6a-B49D-3D31CD14A340} - c:\program files\OA10\WorkSpDw.dll
Name-Space Handler: https\WorkSpy - {B4041D07-5D17-44be-B975-3151919DC7D5} - c:\program files\OA10\WorkSpDw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\g1eg4etf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gozhorice.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-09 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oaServerNT]
"ImagePath"="c:\program files\OA10\oaServerNT"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcClient]
"ImagePath"="c:\program files\OA10\rcClient"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\oaKelNt.dll
c:\windows\system32\msi.dll
c:\program files\OA10\lgFnc.dll
.
- - - - - - - > 'Explorer.exe'(172)
c:\windows\system32\msi.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\OA10\rcClient.exe
c:\program files\OA10\oaServerNT.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\OA10\oaServerNt.exe
c:\program files\OA10\WorkSpApUia.exe
c:\windows\system32\NWTRAY.EXE
.
**************************************************************************
.
Celkový čas: 2013-10-09 12:24:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-09 10:24
.
Před spuštěním: Volných bajtů: 22 143 234 048
Po spuštění: Volných bajtů: 22 269 792 256
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E43C4A7EAFD23AFD1B725789E444CE49
413FC2A0C716421B3158746D63736515
Dekuji
Re: prosim o kontrolu, havet mi brani spustit IE
Tyhle aplikace a povolene porty vw FW znate 
c:\program files\OA10\rcClient
c:\program files\OA10\oaServerNT
"5529:TCP"= 5529:TCP:oa_nh29
"5020:TCP"= 5020:TCP:oa_rcclient
Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/
- c:\program files\User_name\JmenoUzivatele.exe
- Kliknete na Choose file
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Kliknete na Scan It
- Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
- Vysledek analyzy sem vlozte (jako odkaz)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
jirka-cesky-raj
- Návštěvník
- Příspěvky: 12
- Registrován: 20 dub 2009 10:09
Re: prosim o kontrolu, havet mi brani spustit IE
Dobry den,
oba soubory i jejich otevrene porty jsou OK. Je to zakoupeny program od Sodatu.
JmenoUzivatele proslo kontrolou take OK - je to mnou napsany programek z Delphi.
Jiri
oba soubory i jejich otevrene porty jsou OK. Je to zakoupeny program od Sodatu.
JmenoUzivatele proslo kontrolou take OK - je to mnou napsany programek z Delphi.
Jiri
Re: prosim o kontrolu, havet mi brani spustit IE
IE nejde stale spustit??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
jirka-cesky-raj
- Návštěvník
- Příspěvky: 12
- Registrován: 20 dub 2009 10:09
Re: prosim o kontrolu, havet mi brani spustit IE
Dobry den,
situace stale stejna. V priloze zasilam screen Spravce uloh, kde je oznaceny (mne nic nerikajici) proces.
Pokud pustim MS UpDate (rucne) nebo IE, tak nic. Jakmile ukoncim oznaceny proces, IE okamzite nabehne.
situace stale stejna. V priloze zasilam screen Spravce uloh, kde je oznaceny (mne nic nerikajici) proces.
Pokud pustim MS UpDate (rucne) nebo IE, tak nic. Jakmile ukoncim oznaceny proces, IE okamzite nabehne.
- Přílohy
-
- Spravce-uloh.PNG (24.67 KiB) Zobrazeno 1281 x
Re: prosim o kontrolu, havet mi brani spustit IE
Tak se na toho fesaka podivame 
Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu
- Do okna vlozte skript nize
Kód: Vybrat vše
:filefind *WorkSpApUia*.*- Kliknete na Look
- Tlacitko Look se zmeni na Scanning a zsedne
- Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
- Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
jirka-cesky-raj
- Návštěvník
- Příspěvky: 12
- Registrován: 20 dub 2009 10:09
Re: prosim o kontrolu, havet mi brani spustit IE
Dobry den,
prikladam log. Koukam na tu slozku, OA je OptimAccess, koupeny program, ktery chrani nastaveni stroje.
Nedavno byla vydana nova aktualizace, kterou jsem nainstaloval.
---
SystemLook 30.07.11 by jpshortstuff
Log created at 12:13 on 11/10/2013 by user
Administrator - Elevation successful
========== filefind ==========
Searching for "*WorkSpApUia*.*"
C:\Program Files\OA10\WorkSpApUia.exe --a---- 77256 bytes [08:25 22/02/2013] [07:36 09/09/2013] BBF5C1B3CB67E4821807A873621E8AC0
C:\WINDOWS\Prefetch\WORKSPAPUIA.EXE-1E4EF160.pf --a---- 28916 bytes [05:31 10/10/2013] [10:10 11/10/2013] C6DB9FAD1B79C9F68BA374794FA6782A
-= EOF =-
prikladam log. Koukam na tu slozku, OA je OptimAccess, koupeny program, ktery chrani nastaveni stroje.
Nedavno byla vydana nova aktualizace, kterou jsem nainstaloval.
---
SystemLook 30.07.11 by jpshortstuff
Log created at 12:13 on 11/10/2013 by user
Administrator - Elevation successful
========== filefind ==========
Searching for "*WorkSpApUia*.*"
C:\Program Files\OA10\WorkSpApUia.exe --a---- 77256 bytes [08:25 22/02/2013] [07:36 09/09/2013] BBF5C1B3CB67E4821807A873621E8AC0
C:\WINDOWS\Prefetch\WORKSPAPUIA.EXE-1E4EF160.pf --a---- 28916 bytes [05:31 10/10/2013] [10:10 11/10/2013] C6DB9FAD1B79C9F68BA374794FA6782A
-= EOF =-
Re: prosim o kontrolu, havet mi brani spustit IE
zdravicko,
pak bych asi kontaktoval technickou podporu daneho programu...
pak bych asi kontaktoval technickou podporu daneho programu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
jirka-cesky-raj
- Návštěvník
- Příspěvky: 12
- Registrován: 20 dub 2009 10:09
Re: prosim o kontrolu, havet mi brani spustit IE
Pokud je co se tyce haveti PC cisty, obratim se na ne.
Dekuji
Jiri
Dekuji
Jiri
Re: prosim o kontrolu, havet mi brani spustit IE
- Prejmenujte ComboFix na Uninstall
- Spustte jej
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Na havet se zda byt PC cisty"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?