Preventivna kontrola pc

Zpráva

justrideit · #16 Příspěvek od **justrideit** » 14 dub 2010 14:55

log z combofixu:

ComboFix 10-04-13.04 - Jano . 04. 2010 15:44:38.5.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.421.1051.18.1790.907 [GMT 2:00]
Running from: c:\users\Ján\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-14 13:49 . 2010-04-14 13:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-14 13:49 . 2010-04-14 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-14 13:49 . 2010-04-14 13:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-14 13:43 . 2010-04-14 13:44 -------- d-----w- C:\32788R22FWJFW
2010-04-14 13:30 . 2010-04-14 13:30 -------- d-----w- C:\_OTL
2010-04-14 10:35 . 2010-04-14 10:39 -------- d-----w- c:\program files\trend micro
2010-04-14 10:35 . 2010-04-14 10:39 -------- d-----w- C:\rsit
2010-03-30 09:07 . 2010-03-30 09:07 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 13:39 . 2010-03-05 09:03 34800 ----a-w- c:\programdata\nvModes.dat
2010-04-01 07:03 . 2009-04-06 10:37 -------- d-----w- c:\program files\AutoPlan
2010-03-31 05:09 . 2009-06-30 08:37 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 05:08 . 2009-06-30 08:37 -------- d-----w- c:\program files\Java
2010-03-10 02:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 02:28 . 2009-07-02 13:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 09:18 . 2010-03-05 09:17 -------- d-----w- c:\program files\DWG TrueView 2010
2010-03-05 09:17 . 2010-03-05 09:17 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-05 09:17 . 2009-03-24 07:51 -------- d-----w- c:\programdata\Autodesk
2010-03-05 09:06 . 2010-03-05 09:06 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-05 09:03 . 2008-12-22 15:12 -------- d-----w- c:\programdata\NVIDIA
2010-03-05 09:02 . 2010-03-05 09:01 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-05 09:00 . 2010-03-05 09:00 -------- d-----w- c:\program files\Microsoft
2010-03-05 08:59 . 2010-03-05 08:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-05 08:38 . 2009-02-04 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 09:16 . 2009-10-05 06:56 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 09:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 02:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 02:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-12 10:32 . 2010-03-05 09:01 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00 . 2010-02-24 00:54 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 00:53 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 00:53 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 00:54 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 00:53 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 00:53 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 00:53 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 00:53 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 00:53 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 00:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-19 10:04 . 2010-01-19 10:04 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-01-19 10:04 . 2010-01-19 10:04 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2008-09-25 11:43 . 2008-09-25 11:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files\Fujitsu Siemens Computers\LaunchCenter\LaunchCenter.exe [2008-8-7 106496]

c:\users\J n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Spustit soubor Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2009-6-22 196424]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2009-3-16 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-06-25 11:49 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):15,36,51,77,32,14,ca,01

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-08-31 36608]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 oxpar;OX16PCI95x Parallel port driver;c:\windows\system32\drivers\oxpar.sys [2007-01-24 80128]
R4 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\GBM - Disk_D-Full.job
- c:\program files\Genie-Soft\Zyxel GBMLite 8.0\GBM8.exe [2010-01-12 09:51]

2010-04-14 c:\windows\Tasks\GBM - Outlook-maily-Full.job
- c:\program files\Genie-Soft\Zyxel GBMLite 8.0\GBM8.exe [2010-01-12 09:51]

2010-04-14 c:\windows\Tasks\User_Feed_Synchronization-{EDECED51-3237-4FA2-840C-721607024CA8}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fujitsu-siemens.com/index2
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {2BBE78AD-AD9B-4CCE-A27E-601DC2AAC7B1} = 195.80.171.4,195.28.64.119
FF - ProfilePath - c:\users\Ján\AppData\Roaming\Mozilla\Firefox\Profiles\pv4loft3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.regulus.sk
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 15:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-14 15:51:20
ComboFix-quarantined-files.txt 2010-04-14 13:51
ComboFix2.txt 2010-04-14 12:49
ComboFix3.txt 2009-09-07 14:21
ComboFix4.txt 2009-07-10 13:33

Pre-Run: 18 156 969 984 bytes free
Post-Run: 18 127 466 496 bytes free

- - End Of File - - 34035884C7C4B0CD80AFC905C4F3CC18

#17 Příspěvek od **Caroprd111** » 14 dub 2010 14:57

Jak to vypadá s PC

justrideit · #18 Příspěvek od **justrideit** » 14 dub 2010 14:58

Zatial vsetko v poriadku

dikes moc..keby nieco tak sa ozvem..dik za pomoc este raz..pekny den prajem

firewall a antivir mozem zapnut uz, co?

#19 Příspěvek od **Caroprd111** » 14 dub 2010 15:01

Firewall a antivir zapněte. Poprosím o nový log z RSIT.

justrideit · #20 Příspěvek od **justrideit** » 14 dub 2010 15:03

log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jano at 2010-04-14 16:03:26
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 17 GB (28%) free of 61 GB
Total RAM: 1790 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:29, on 14. 4. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Users\Ján\Downloads\RSIT.exe
C:\Program Files\trend micro\Jano.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu-siemens.com/index2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu Siemens Computers\LaunchCenter\LaunchCenter.exe (User 'Default user')
O4 - Startup: Spustit soubor Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BBE78AD-AD9B-4CCE-A27E-601DC2AAC7B1}: NameServer = 195.80.171.4,195.28.64.119
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BBE78AD-AD9B-4CCE-A27E-601DC2AAC7B1}: NameServer = 195.80.171.4,195.28.64.119
O17 - HKLM\System\CS2\Services\Tcpip\..\{2BBE78AD-AD9B-4CCE-A27E-601DC2AAC7B1}: NameServer = 195.80.171.4,195.28.64.119
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5745 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GBM - Disk_D-Full.job
C:\Windows\tasks\GBM - Outlook-maily-Full.job
C:\Windows\tasks\User_Feed_Synchronization-{EDECED51-3237-4FA2-840C-721607024CA8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2008-06-25 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
C:\PROGRA~1\APC\APCPOW~1\Display.exe [2003-06-11 209016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe

C:\Users\Ján\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Spustit soubor Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-04-14 15:51:22 ----D---- C:\Windows\temp
2010-04-14 15:51:21 ----A---- C:\ComboFix.txt
2010-04-14 15:50:43 ----SHD---- C:\$RECYCLE.BIN
2010-04-14 15:44:00 ----D---- C:\ComboFix
2010-04-14 15:43:46 ----A---- C:\Windows\SWXCACLS.exe
2010-04-14 15:43:44 ----D---- C:\32788R22FWJFW
2010-04-14 15:30:58 ----D---- C:\_OTL
2010-04-14 14:04:43 ----A---- C:\Windows\MBR.exe
2010-04-14 12:35:49 ----D---- C:\Program Files\trend micro
2010-04-14 12:35:48 ----D---- C:\rsit
2010-04-14 04:04:50 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 21:59:20 ----D---- C:\Windows\pss
2010-03-31 11:17:21 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 11:17:18 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 11:17:17 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 11:17:17 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 11:17:16 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 11:17:16 ----A---- C:\Windows\system32\occache.dll
2010-03-31 11:17:16 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 11:17:15 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 11:17:15 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 11:17:13 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 11:17:12 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 11:17:12 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 11:17:11 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 11:17:11 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 11:17:11 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 11:17:10 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-31 11:17:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 11:17:09 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 11:17:08 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 07:09:18 ----D---- C:\ProgramData\Sun
2010-03-31 07:08:56 ----A---- C:\Windows\system32\javaws.exe
2010-03-31 07:08:56 ----A---- C:\Windows\system32\javaw.exe
2010-03-31 07:08:56 ----A---- C:\Windows\system32\java.exe
2010-03-30 11:07:08 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-04-14 16:03:23 ----D---- C:\Windows\winsxs
2010-04-14 16:01:35 ----SHD---- C:\Windows\Installer
2010-04-14 16:01:17 ----D---- C:\Windows\System32
2010-04-14 16:00:43 ----D---- C:\System Volume Information
2010-04-14 15:51:23 ----D---- C:\Qoobox
2010-04-14 15:51:22 ----D---- C:\Windows
2010-04-14 15:49:36 ----A---- C:\Windows\system.ini
2010-04-14 15:47:42 ----D---- C:\Windows\system32\drivers
2010-04-14 15:47:42 ----D---- C:\Windows\AppPatch
2010-04-14 15:47:41 ----D---- C:\Program Files\Common Files
2010-04-14 15:38:59 ----D---- C:\Windows\inf
2010-04-14 15:38:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-14 15:37:08 ----D---- C:\Windows\Prefetch
2010-04-14 14:40:11 ----D---- C:\Windows\system32\catroot
2010-04-14 14:37:02 ----D---- C:\Windows\system32\catroot2
2010-04-14 14:32:14 ----A---- C:\Windows\ntbtlog.txt
2010-04-14 12:35:49 ----RD---- C:\Program Files
2010-04-12 11:41:01 ----D---- C:\Windows\Tasks
2010-04-12 11:41:01 ----D---- C:\Windows\system32\Tasks
2010-04-12 08:24:24 ----D---- C:\temp
2010-04-11 14:29:52 ----D---- C:\Windows\Minidump
2010-04-09 08:11:34 ----D---- C:\Program Files\Mozilla Firefox
2010-04-06 19:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-04 18:31:14 ----D---- C:\Users\Ján\AppData\Roaming\Skype
2010-04-04 16:04:30 ----D---- C:\Users\Ján\AppData\Roaming\skypePM
2010-04-01 09:03:52 ----D---- C:\Program Files\AutoPlan
2010-03-31 13:08:18 ----D---- C:\Windows\system32\migration
2010-03-31 13:08:18 ----D---- C:\Program Files\Internet Explorer
2010-03-31 07:09:18 ----D---- C:\ProgramData
2010-03-31 07:09:17 ----D---- C:\Program Files\Common Files\Java
2010-03-31 07:08:53 ----D---- C:\Program Files\Java
2010-03-23 10:55:13 ----D---- C:\Users\Ján\AppData\Roaming\XnView

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2004-07-30 31654]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R3 catchme;catchme; \??\C:\Users\JN0731~1\AppData\Local\Temp\catchme.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-09-10 1035168]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-01-12 11586280]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-08-31 36608]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2008-01-21 21504]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 mbr;mbr; \??\C:\Users\JN0731~1\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 Oxmfuf;Filter driver for OX16PCI95x ports; C:\Windows\system32\drivers\oxmfuf.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-12-12 78848]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2008-07-20 324120]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 oxpar;OX16PCI95x Parallel port driver; C:\Windows\system32\drivers\oxpar.sys [2007-01-24 80128]
S4 oxser;OX16C95x Serial port driver; C:\Windows\system32\drivers\oxser.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2003-06-11 155770]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2005-09-10 73728]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-01-11 129640]
R2 TestHandler;Fujitsu Diagnostic Testhandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2009-02-19 341264]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]

-----------------EOF-----------------

#21 Příspěvek od **Caroprd111** » 14 dub 2010 15:11

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.

Obrázek

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte a použijte http://oldtimer.geekstogo.com/TFC.exe

Obrázek

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

justrideit · #22 Příspěvek od **justrideit** » 14 dub 2010 15:30

To bude vsetko?? ci este nieco? ak som to uz spravil..

#23 Příspěvek od **Caroprd111** » 14 dub 2010 15:31

Je to vše

justrideit · #24 Příspěvek od **justrideit** » 14 dub 2010 15:35

Tak este raz velka vdaka

dufam, ze to uz pojde vsetko ako ma..ved by som sa cudoval keby ze nie po tolkych pokusoch

heh dikes..ste borci!

mate moj obdiv

#25 Příspěvek od **Caroprd111** » 14 dub 2010 15:36

Nemáte zač

VIRY.CZ

Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc

Re: Preventivna kontrola pc