Dobry den,
pc se chova spomalene, dlouho trva kym nastartuji a da se s pocitacem pracovat.
Tady jsou logy:
HIJACK LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:34, on 8.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Instal\HijackThis™ 202\HijackThis™ 202\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.profesia.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45A03924-D45F-464C-A6F2-D4697E8AA846}: NameServer = 10.21.20.9
O23 - Service: CQJVNFBLPH - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CQJVNFBLPH.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5026 bytes
RSIT LOG:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-08 13:09:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (70%) free of 35 GB
Total RAM: 246 MB (29% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:48, on 8.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Instal\RSIT.exe
C:\Instal\HijackThis™ 202\HijackThis™ 202\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.profesia.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45A03924-D45F-464C-A6F2-D4697E8AA846}: NameServer = 10.21.20.9
O23 - Service: CQJVNFBLPH - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CQJVNFBLPH.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5015 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\defrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-23 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-23 126976]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe [2004-07-15 36864]
"UC_SMB"= []
""= []
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe [2004-12-11 446464]
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2004-12-16 90112]
"Mouse Suite 98 Daemon"=ICO.EXE []
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-03-13 949376]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-03-18 98304]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2004-12-11 446464]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-23 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
pwdmon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\ucsmb.exe"="C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"E:\Trillian\trillian.exe"="E:\Trillian\trillian.exe:*:Disabled:Trillian"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\ucsmb.exe"="C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-03-08 11:07:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-08 11:00:27 ----SHD---- C:\found.000
2010-03-08 09:26:27 ----D---- C:\Program Files\trend micro
2010-03-08 09:26:21 ----D---- C:\rsit
2010-02-26 13:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-18 12:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-18 12:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-18 12:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-18 12:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-18 12:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-18 12:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-18 12:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-18 12:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-18 12:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
======List of files/folders modified in the last 1 months======
2010-03-08 13:09:21 ----AD---- C:\WINDOWS\system32
2010-03-08 13:04:28 ----D---- C:\WINDOWS\Temp
2010-03-08 11:36:27 ----D---- C:\WINDOWS\Prefetch
2010-03-08 11:36:18 ----D---- C:\WINDOWS\system32\drivers
2010-03-08 11:21:17 ----AD---- C:\WINDOWS
2010-03-08 11:07:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-08 10:51:18 ----SHD---- C:\WINDOWS\Installer
2010-03-08 10:51:18 ----HD---- C:\Config.Msi
2010-03-08 10:51:17 ----A---- C:\WINDOWS\ODBC.INI
2010-03-08 09:31:58 ----D---- C:\Instal
2010-03-08 09:26:27 ----RD---- C:\Program Files
2010-03-08 07:57:20 ----SHD---- C:\WINDOWS\CSC
2010-02-26 13:36:07 ----HD---- C:\WINDOWS\inf
2010-02-26 13:36:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-26 13:35:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-26 13:35:09 ----A---- C:\WINDOWS\imsins.BAK
2010-02-26 13:34:53 ----D---- C:\WINDOWS\system32\CatRoot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-03-13 15424]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-03-13 512096]
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 b57w2k;Broadcom NetXtreme Fast Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-07 126720]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-23 807742]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-02-05 392832]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HPPLSBULK;HPPLSBULK; C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-03 9344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-01-17 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-24 21568]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-02-02 12416]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2004-12-16 385024]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-03-13 552064]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-12-24 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 CQJVNFBLPH;CQJVNFBLPH; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CQJVNFBLPH.exe [2010-03-08 543616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]
-----------------EOF-----------------
dekuji s pozdravem
Petr
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
spomalené pc, prikladam logy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: spomalené pc, prikladam logy
Zdravím 
Na logu se pracuje, prosím o strpení.
Příště nemusíte dávat log z HJT, je integrovaný v RSIT.
Na logu se pracuje, prosím o strpení.
Příště nemusíte dávat log z HJT, je integrovaný v RSIT.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: spomalené pc, prikladam logy
Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano" Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna 
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte. Během skenování může být počítač restartován. Znáte tuto adresu:NameServer = 10.21.20.9
Re: spomalené pc, prikladam logy
Dobry den,
adresu 10.21.20.9 znam, je to muj router.
Prikladam log z combofixu:
ComboFix 10-03-07.05 - Administrator 08.03.2010 15:17:30.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.246.19 [GMT 1:00]
Running from: c:\instal\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pwdmon.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-08 12:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-08 12:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-08 10:00 . 2010-03-08 10:00 -------- d-----w- C:\found.000
2010-03-08 08:26 . 2010-03-08 08:26 -------- d-----w- c:\program files\trend micro
2010-03-08 08:26 . 2010-03-08 08:26 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 07:26 . 2006-10-05 07:20 32784 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 13:46 . 2009-10-14 11:24 -------- d-----w- c:\documents and settings\Uzivatel3\Application Data\U3
2010-02-24 13:40 . 2009-10-14 11:38 110592 ----a-w- c:\documents and settings\Uzivatel3\Application Data\U3\temp\cleanup.exe
2009-12-31 16:50 . 1980-01-01 07:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-09 17:51 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 1980-01-01 07:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 1980-01-01 07:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 05:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-22 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-07-14 36864]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-12-11 446464]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-13 949376]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4899:TCP"= 4899:TCP:adview
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.3.2007 7:42 15424]
S3 CQJVNFBLPH;CQJVNFBLPH;c:\docume~1\ADMINI~1\LOCALS~1\Temp\CQJVNFBLPH.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CQJVNFBLPH.exe [?]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [3.2.2005 0:29 9344]
.
Contents of the 'Scheduled Tasks' folder
2010-03-05 c:\windows\Tasks\defrag.job
- C:\defrag.cmd [2008-09-30 12:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.profesia.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {45A03924-D45F-464C-A6F2-D4697E8AA846} = 10.21.20.9
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-UC_SMB - (no file)
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 15:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2937187025-1648329678-159091724-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,9d,41,7f,e6,96,b1,4a,9f,39,0f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,9d,41,7f,e6,96,b1,4a,9f,39,0f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-08 15:45:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-08 14:45
Pre-Run: 26 179 280 896 bytes free
Post-Run: 24 adresárov, 26 721 169 408 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
- - End Of File - - BB8F9B803D0B4D6E1FA62A5808E91141
S pozdravem
Petr
adresu 10.21.20.9 znam, je to muj router.
Prikladam log z combofixu:
ComboFix 10-03-07.05 - Administrator 08.03.2010 15:17:30.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.246.19 [GMT 1:00]
Running from: c:\instal\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pwdmon.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-08 12:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-08 12:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-08 10:00 . 2010-03-08 10:00 -------- d-----w- C:\found.000
2010-03-08 08:26 . 2010-03-08 08:26 -------- d-----w- c:\program files\trend micro
2010-03-08 08:26 . 2010-03-08 08:26 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 07:26 . 2006-10-05 07:20 32784 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 13:46 . 2009-10-14 11:24 -------- d-----w- c:\documents and settings\Uzivatel3\Application Data\U3
2010-02-24 13:40 . 2009-10-14 11:38 110592 ----a-w- c:\documents and settings\Uzivatel3\Application Data\U3\temp\cleanup.exe
2009-12-31 16:50 . 1980-01-01 07:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-09 17:51 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 1980-01-01 07:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 1980-01-01 07:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 05:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-22 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-07-14 36864]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-12-11 446464]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-13 949376]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4899:TCP"= 4899:TCP:adview
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.3.2007 7:42 15424]
S3 CQJVNFBLPH;CQJVNFBLPH;c:\docume~1\ADMINI~1\LOCALS~1\Temp\CQJVNFBLPH.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CQJVNFBLPH.exe [?]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [3.2.2005 0:29 9344]
.
Contents of the 'Scheduled Tasks' folder
2010-03-05 c:\windows\Tasks\defrag.job
- C:\defrag.cmd [2008-09-30 12:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.profesia.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {45A03924-D45F-464C-A6F2-D4697E8AA846} = 10.21.20.9
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-UC_SMB - (no file)
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 15:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2937187025-1648329678-159091724-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,9d,41,7f,e6,96,b1,4a,9f,39,0f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,9d,41,7f,e6,96,b1,4a,9f,39,0f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-08 15:45:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-08 14:45
Pre-Run: 26 179 280 896 bytes free
Post-Run: 24 adresárov, 26 721 169 408 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
- - End Of File - - BB8F9B803D0B4D6E1FA62A5808E91141
S pozdravem
Petr
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: spomalené pc, prikladam logy
Odinstalujte všechny emulátory virtuálních mechanik. Stáhněte SPTD http://www.duplexsecure.com/en/downloads
- Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
- zvolte možnost Uninstall a restartujte PC.
Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe Start > Spustit (Win + R)- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878Re: spomalené pc, prikladam logy
Dobry den,
ten SPTD mi nesel dat to Uninstall.
Napisal: No SPTD version was detected. Select action to be performed.
Ostatne jsem udelal, vypis s mbr je tady:
No SPTD version was detected. Select action to be performed.
Log z gmer napisu zitra.
Diky.
Petr
ten SPTD mi nesel dat to Uninstall.
Napisal: No SPTD version was detected. Select action to be performed.
Ostatne jsem udelal, vypis s mbr je tady:
No SPTD version was detected. Select action to be performed.
Log z gmer napisu zitra.
Diky.
Petr
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: spomalené pc, prikladam logy
Dobry den,
log z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
S pozdravem Petr
log z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
S pozdravem Petr
Re: spomalené pc, prikladam logy
este log z gmer
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2010-03-10 08:12:42
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
Device \FileSystem\Fastfat \Fat A8E48D20
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )
---- Files - GMER 1.0.15 ----
File C:\RRUbackups\Documents and Settings 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Default User 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1005 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1005\78e172a2-a8af-43f5-8d68-699577bc370e 388 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1005\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\user 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1006 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1006\3ab009fb-ca51-427a-b33e-a0185c04796e 388 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1006\926cfb2b-79bf-446e-bee4-2403e8f233a1 388 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1006\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\hints.dat 8192 bytes
File C:\RRUbackups\pu.dat 224 bytes
File C:\RRUbackups\SAM 262144 bytes
File C:\RRUbackups\system 4456448 bytes
File C:\RRUbackups\system.dat 12288 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\0CCA20LU4ECAIYCFISCA2XHXIECAKARW48CANRCSDLCAD7GRO4CALNCWIHCAYH29RWCAVDX2F2CA5B1OYXCAIX8Z90CAIJXPOCCAP3YBKYCAHUVE67CA1DFEV2CA5QAW04CAOS5T2TCABSTPXOCADMVJBJ.jpg 2779 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\15q66n4.jpg 59115 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\17CA0GV4A3CASI38TWCAGDKTUWCAP33EBKCAEMDF5WCAG9BNKJCAYK0VB0CAV0O5SSCAOUETD2CAPXWLDVCAHHYRTTCASH81O7CAZIJFXICAQ82YLLCA7YCAMWCANEVHJJCA1GHVOACAEL8EPGCAP02O6X.jpg 4369 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\180full-terence-hill.jpg 35873 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\1CCACLCME2CADNSBYGCACA893LCA8ZC7EHCAQIC11ECAX5EYSACARXRBQ3CAOHXSGPCABM95KYCA9TTNH1CA7PLIW1CA1LED5BCAE2OZ5UCA1WJ6NZCAMOOESVCAYQXVMDCA5KG2IYCA1G3D90CA3M0UZH.jpg 3973 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\3KCALNYW0FCAJ976U6CAI2Z1EQCALNRC1MCAADFSORCA14AOCMCA5K0J54CAEQ801VCA5TKSULCA3UIO3OCAKFMOECCAVR344NCA4PBAVSCADO73LHCAWM31E7CAFQP2ZTCAT3JA9PCA3S3FTKCAZLZOV1.jpg 2205 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\46CAJYP3EDCAIOZK1NCAZ5C3K2CACYOCDFCAG0O1UPCAPNB5MCCA25E6DRCA4OMUD1CA6R2Y8VCAY0SPZ2CANS63RBCAZJ0SH4CA9R3C3XCAXGQ2ZXCAZVIQC2CA8T0IX7CA7822E1CA1RRWUHCAU6BPHL.jpg 4405 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\4NCA17XA55CA0IKKABCA44N1SUCA5686WJCAY0LSMBCASKMYHACAPRWAQFCA11PYVACAI37NWMCA8JRY2SCAO0U5UACA5WDRS4CARIMAJBCAZRO172CASQ1N37CA9A792PCAIVSH8RCALKZOZHCAW8WL0N.jpg 2648 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\5FCAEWNSBQCA3RJPTNCA5QAEXSCATMTC94CAE52LVKCA2AW2CMCAICRAQ5CAQBGS2WCAM85C9WCA3HQU5KCAXK1FEJCA4E7NZ8CAPSWXJKCA69SYFJCA29PKU7CA11J7L2CAMLSECTCAWG7Y3QCALITE80.jpg 2912 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\5GCA2IEWKBCAC80AUMCAKVARHWCA2C7S36CAOF5M61CA7L2PI8CAGRNGJYCA9BUA2OCACU3118CAKJ1QWJCA0PRGA6CA8VRO0MCAR8SQT4CAX6TY8MCABG1VXNCAGFUAJFCAGTBJHSCAUXXR3ZCA94BAMV.jpg 3532 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\5MCAOAN2HXCAAHBKFVCA0R6ZEECAE4O47KCA6ZVRWWCANSA4OBCAJLNLOJCANC3X73CAIM9P1HCA4RYEYECAYABN50CABDN5QNCAI1HTCXCAIY3A2PCA9AWHRFCAQ9JHWDCA8LKG12CA9814OZCA34MEH6.jpg 4376 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\5WCAO6K7EOCASQI2AECA70GQ8GCA6H5U9TCAKNDGAFCAQ46MNWCAWKHW5TCA0GH7QFCA2TI1X1CAS2VT5FCA03RPLUCA8QA1JUCA2GHD0GCATQCM5QCA0OE7RQCAOYT893CAWDPA0VCAHKE9HKCA5ZS57G.jpg 3776 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6BCAE2SGYKCAES0S1MCA178Y03CA45RU39CAP45TV6CAZ8OOPYCA9J72HYCA157AUKCAA6AEC8CARU95XSCAZV5PGPCA91S3B0CASJZDMUCAD4TVMVCAPQYNN5CA0KWSRJCA2RY3KCCAMK0OKXCAXZYOGW.jpg 2446 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6FCAGO0XWLCAL6AXHRCAZDMC9PCAK9F126CAEQ3IN7CARFKMA3CASKGUZOCA3PW2H9CASV2CLGCABX6PGKCADZQ49XCAIBUEONCAWVJ3UTCA4IGUA8CA40LWF6CAUA2L2ICA9NRV7BCA8F0TKZCAFO9TXO.jpg 2103 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6ICA3MBANHCA5HIH64CAS0SD3SCALAFM8JCAA46O3HCAY1P5BCCAYMJ3JNCAQ2DFWGCASSVY2ICA55L9EYCAP3AILRCAPXP510CA5WAQ6ZCA9499U2CADWF7S3CAH7ZS8UCACF8SXHCA974W08CASFUP93.jpg 3868 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6SCAMZFFMYCAWOQE0TCAJTV41FCAQ8UKNGCAUOQB8VCA7UR1RDCA2R41N0CA0A5USRCACHCBPBCARVNSKKCAXBYM2PCADUMD1HCAMRH1WGCAR87LGICA3460WWCABM458FCAZOLTBCCAQW89PTCASYLKD4.jpg 5021 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6WCA5X9KKJCAJTV31SCA28AJ3MCALZNRP0CAAST6FECAQ3EKKVCA6GKETMCAY0OYHZCALF1I0MCAHNU2LHCAQTU51ICAU0ISZDCAEIN82ZCAUFM8GBCANJCR5TCAMFLDGQCA1I8WC1CAA16U6LCA2LW1AZ.jpg 4586 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\7GCA5WRS1ZCACNYH3YCAP0LR4ICA9DCI8FCA0U9Z2RCA52GHL3CAMX5RALCAYOZMVFCAOB46RTCA4G2OGGCA5QD0N9CATK35L5CALZPFSPCASFOU2RCAA1DRS3CAS4LS3BCA4W30A2CAYLOXCFCAOV05CO.jpg 4424 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\800PX-~1.JPG 58305 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\87CAA6Y1F6CA3XXKY4CA8EUSH1CAP0FFG5CA89MQJPCAZ874HDCA2BQHHSCAVSMIM2CA9GPZCSCABCF2UMCALS53JFCAVVSU55CA4771NDCAX7H0BRCA2QV0JICACSRJQLCAROEGO2CAAVF0YLCAYBAW68.jpg 3049 bytes
---- EOF - GMER 1.0.15 ----
PS Musel som to trochu skratit lebo to sem nevoslo.
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2010-03-10 08:12:42
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
Device \FileSystem\Fastfat \Fat A8E48D20
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )
---- Files - GMER 1.0.15 ----
File C:\RRUbackups\Documents and Settings 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Default User 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1005 0 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1005\78e172a2-a8af-43f5-8d68-699577bc370e 388 bytes
File C:\RRUbackups\Documents and Settings\poloreckeho\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1005\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\user 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1006 0 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1006\3ab009fb-ca51-427a-b33e-a0185c04796e 388 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1006\926cfb2b-79bf-446e-bee4-2403e8f233a1 388 bytes
File C:\RRUbackups\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-2937187025-1648329678-159091724-1006\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500 0 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\0ffc5584-fe4e-42f0-baa9-040c0ae9bfd4 388 bytes
File C:\RRUbackups\Documents and Settings\Uzivatel3\Application Data\Microsoft\Protect\S-1-5-21-1231169973-1869493917-702843532-500\Preferred 24 bytes
File C:\RRUbackups\hints.dat 8192 bytes
File C:\RRUbackups\pu.dat 224 bytes
File C:\RRUbackups\SAM 262144 bytes
File C:\RRUbackups\system 4456448 bytes
File C:\RRUbackups\system.dat 12288 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\0CCA20LU4ECAIYCFISCA2XHXIECAKARW48CANRCSDLCAD7GRO4CALNCWIHCAYH29RWCAVDX2F2CA5B1OYXCAIX8Z90CAIJXPOCCAP3YBKYCAHUVE67CA1DFEV2CA5QAW04CAOS5T2TCABSTPXOCADMVJBJ.jpg 2779 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\15q66n4.jpg 59115 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\17CA0GV4A3CASI38TWCAGDKTUWCAP33EBKCAEMDF5WCAG9BNKJCAYK0VB0CAV0O5SSCAOUETD2CAPXWLDVCAHHYRTTCASH81O7CAZIJFXICAQ82YLLCA7YCAMWCANEVHJJCA1GHVOACAEL8EPGCAP02O6X.jpg 4369 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\180full-terence-hill.jpg 35873 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\1CCACLCME2CADNSBYGCACA893LCA8ZC7EHCAQIC11ECAX5EYSACARXRBQ3CAOHXSGPCABM95KYCA9TTNH1CA7PLIW1CA1LED5BCAE2OZ5UCA1WJ6NZCAMOOESVCAYQXVMDCA5KG2IYCA1G3D90CA3M0UZH.jpg 3973 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\3KCALNYW0FCAJ976U6CAI2Z1EQCALNRC1MCAADFSORCA14AOCMCA5K0J54CAEQ801VCA5TKSULCA3UIO3OCAKFMOECCAVR344NCA4PBAVSCADO73LHCAWM31E7CAFQP2ZTCAT3JA9PCA3S3FTKCAZLZOV1.jpg 2205 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\46CAJYP3EDCAIOZK1NCAZ5C3K2CACYOCDFCAG0O1UPCAPNB5MCCA25E6DRCA4OMUD1CA6R2Y8VCAY0SPZ2CANS63RBCAZJ0SH4CA9R3C3XCAXGQ2ZXCAZVIQC2CA8T0IX7CA7822E1CA1RRWUHCAU6BPHL.jpg 4405 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\4NCA17XA55CA0IKKABCA44N1SUCA5686WJCAY0LSMBCASKMYHACAPRWAQFCA11PYVACAI37NWMCA8JRY2SCAO0U5UACA5WDRS4CARIMAJBCAZRO172CASQ1N37CA9A792PCAIVSH8RCALKZOZHCAW8WL0N.jpg 2648 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\5FCAEWNSBQCA3RJPTNCA5QAEXSCATMTC94CAE52LVKCA2AW2CMCAICRAQ5CAQBGS2WCAM85C9WCA3HQU5KCAXK1FEJCA4E7NZ8CAPSWXJKCA69SYFJCA29PKU7CA11J7L2CAMLSECTCAWG7Y3QCALITE80.jpg 2912 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\5GCA2IEWKBCAC80AUMCAKVARHWCA2C7S36CAOF5M61CA7L2PI8CAGRNGJYCA9BUA2OCACU3118CAKJ1QWJCA0PRGA6CA8VRO0MCAR8SQT4CAX6TY8MCABG1VXNCAGFUAJFCAGTBJHSCAUXXR3ZCA94BAMV.jpg 3532 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\5MCAOAN2HXCAAHBKFVCA0R6ZEECAE4O47KCA6ZVRWWCANSA4OBCAJLNLOJCANC3X73CAIM9P1HCA4RYEYECAYABN50CABDN5QNCAI1HTCXCAIY3A2PCA9AWHRFCAQ9JHWDCA8LKG12CA9814OZCA34MEH6.jpg 4376 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\5WCAO6K7EOCASQI2AECA70GQ8GCA6H5U9TCAKNDGAFCAQ46MNWCAWKHW5TCA0GH7QFCA2TI1X1CAS2VT5FCA03RPLUCA8QA1JUCA2GHD0GCATQCM5QCA0OE7RQCAOYT893CAWDPA0VCAHKE9HKCA5ZS57G.jpg 3776 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6BCAE2SGYKCAES0S1MCA178Y03CA45RU39CAP45TV6CAZ8OOPYCA9J72HYCA157AUKCAA6AEC8CARU95XSCAZV5PGPCA91S3B0CASJZDMUCAD4TVMVCAPQYNN5CA0KWSRJCA2RY3KCCAMK0OKXCAXZYOGW.jpg 2446 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6FCAGO0XWLCAL6AXHRCAZDMC9PCAK9F126CAEQ3IN7CARFKMA3CASKGUZOCA3PW2H9CASV2CLGCABX6PGKCADZQ49XCAIBUEONCAWVJ3UTCA4IGUA8CA40LWF6CAUA2L2ICA9NRV7BCA8F0TKZCAFO9TXO.jpg 2103 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6ICA3MBANHCA5HIH64CAS0SD3SCALAFM8JCAA46O3HCAY1P5BCCAYMJ3JNCAQ2DFWGCASSVY2ICA55L9EYCAP3AILRCAPXP510CA5WAQ6ZCA9499U2CADWF7S3CAH7ZS8UCACF8SXHCA974W08CASFUP93.jpg 3868 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6SCAMZFFMYCAWOQE0TCAJTV41FCAQ8UKNGCAUOQB8VCA7UR1RDCA2R41N0CA0A5USRCACHCBPBCARVNSKKCAXBYM2PCADUMD1HCAMRH1WGCAR87LGICA3460WWCABM458FCAZOLTBCCAQW89PTCASYLKD4.jpg 5021 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\6WCA5X9KKJCAJTV31SCA28AJ3MCALZNRP0CAAST6FECAQ3EKKVCA6GKETMCAY0OYHZCALF1I0MCAHNU2LHCAQTU51ICAU0ISZDCAEIN82ZCAUFM8GBCANJCR5TCAMFLDGQCA1I8WC1CAA16U6LCA2LW1AZ.jpg 4586 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\7GCA5WRS1ZCACNYH3YCAP0LR4ICA9DCI8FCA0U9Z2RCA52GHL3CAMX5RALCAYOZMVFCAOB46RTCA4G2OGGCA5QD0N9CATK35L5CALZPFSPCASFOU2RCAA1DRS3CAS4LS3BCA4W30A2CAYLOXCFCAOV05CO.jpg 4424 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\800PX-~1.JPG 58305 bytes
File C:\Documents and Settings\Uzivatel3\Desktop\aaa auto bazar\Nový priečinok (3)\Nový priečinok\GOLF\vianoce\Nový prie\Nový priečinok\Nový priečinok (4)\POKEC 2100\KOMBI TAXI DAS\New Folder\CD RE\2500 GERMANY\112\New Folder\PLOCHA\DAMA 2\GAPKO A VERONIKA 2009\87CAA6Y1F6CA3XXKY4CA8EUSH1CAP0FFG5CA89MQJPCAZ874HDCA2BQHHSCAVSMIM2CA9GPZCSCABCF2UMCALS53JFCAVVSU55CA4771NDCAX7H0BRCA2QV0JICACSRJQLCAROEGO2CAAVF0YLCAYBAW68.jpg 3049 bytes
---- EOF - GMER 1.0.15 ----
PS Musel som to trochu skratit lebo to sem nevoslo.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: spomalené pc, prikladam logy
Dobry den,
DEKUJI.
Ano - jde to uz lip. Jeste neco treba pocistit, nebo defragmentovat?
Petr
DEKUJI.
Ano - jde to uz lip. Jeste neco treba pocistit, nebo defragmentovat?
Petr
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Přispějete na provoz fóra?