prosim o kontrolu - PC6

[Fantas!]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Erika at 2010-01-22 08:27:51
Systém Microsoft Windows XP Professional Service Pack 2
System drive E: has 129 GB (93%) free of 138 GB
Total RAM: 2037 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:01, on 22.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\igfxsrvc.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\LINKMAGIC\LINKMAGIC.EXE
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Microsoft Office\Office10\MSACCESS.EXE
C:\MirandaPlus\miranda32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
Z:\Install\viry\RSIT.exe
E:\Program Files\trend micro\Erika.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] E:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [WinPatrol System Monitor] E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - pripoj.lnk = C:\batch\pripoj.bat
O4 - Startup: Zástupce - WinPatrol.lnk = E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - Global Startup: LINKMAGIC.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzoa32 - E:\WINDOWS\
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 4305 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=E:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=E:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
"Persistence"=E:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"SkyTel"=E:\WINDOWS\SkyTel.EXE [2007-08-03 1826816]
"Alcmtr"=E:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ISUSPM Startup"=E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"egui"=E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-08-18 1447168]
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinPatrol"=E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2005-12-12 222784]
"WinPatrol System Monitor"=E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [2005-12-12 222784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"Skype"=E:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]

E:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
LINKMAGIC.lnk - E:\Program Files\LINKMAGIC\LINKMAGIC.EXE
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE

E:\Documents and Settings\Erika\Nabídka Start\Programy\Po spuštění
Zástupce - pripoj.lnk - C:\batch\pripoj.bat
Zástupce - WinPatrol.lnk - E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
E:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzoa32]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\MirandaPlus\miranda32.exe"="C:\MirandaPlus\miranda32.exe:*:Enabled:Miranda IM"
"E:\WINDOWS\system32\winver.exe"="E:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-22 08:27:51 ----D---- E:\Program Files\trend micro
2010-01-22 08:27:50 ----D---- E:\rsit
2010-01-22 08:26:28 ----D---- E:\Documents and Settings\Erika\Data aplikací\GHISLER
2010-01-22 06:02:21 ----D---- E:\WINDOWS\LastGood
2010-01-13 14:30:02 ----HDC---- E:\WINDOWS\$NtUninstallKB955759$
2010-01-13 14:29:54 ----HDC---- E:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-01-22 08:27:57 ----D---- E:\WINDOWS\Prefetch
2010-01-22 08:27:51 ----RD---- E:\Program Files
2010-01-22 08:27:51 ----D---- E:\WINDOWS\Temp
2010-01-22 08:24:58 ----D---- E:\Program Files\Mozilla Firefox
2010-01-22 08:18:21 ----D---- E:\Documents and Settings\Erika\Data aplikací\Skype
2010-01-22 06:04:55 ----D---- E:\Documents and Settings\Erika\Data aplikací\skypePM
2010-01-22 06:03:01 ----HD---- E:\WINDOWS\inf
2010-01-22 06:02:22 ----HD---- E:\WINDOWS\$hf_mig$
2010-01-22 06:02:21 ----D---- E:\WINDOWS
2010-01-22 06:02:20 ----D---- E:\WINDOWS\system32\CatRoot2
2010-01-21 14:35:09 ----A---- E:\WINDOWS\SchedLgU.Txt
2010-01-18 11:21:13 ----SHD---- E:\WINDOWS\Installer
2010-01-18 11:20:22 ----D---- E:\WINDOWS\Help
2010-01-14 06:05:51 ----D---- E:\WINDOWS\AppPatch
2010-01-13 14:30:05 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-01-13 14:30:04 ----D---- E:\WINDOWS\system32
2010-01-13 14:30:00 ----A---- E:\WINDOWS\imsins.BAK
2010-01-05 01:17:46 ----A---- E:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; E:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; E:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 intelppm;Řadič procesoru Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R2 eamon;EAMON; E:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 ialm;ialm; E:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller; E:\WINDOWS\system32\DRIVERS\m4cxw2k3.sys [2007-02-15 250752]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 gdrv;gdrv; \??\E:\WINDOWS\gdrv.sys []
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support; E:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support; E:\WINDOWS\system32\DRIVERS\skvlan.sys [2006-05-17 19328]
S3 usbprint;Třída USB Printer; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S3 EhttpSrv;Eset HTTP Server; E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-08-18 19200]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Doporučuji aktualizovat Adobe Reader http://www.stahuj.centrum.cz/podnikani_ ... batreader/

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzoa32]

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

-uložte ho na plochu a spusťte.
-do okénka zkopírujte

Kód: Vybrat vše

:filefind
winzoa32

:regfind
winzoa32

-klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem


Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
- Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
- Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít


Znáte tohle C:\batch\pripoj.bat

Jsou s PC nějaké problémy