Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosím o kontrolu PC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
76033347
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 19 říj 2006 17:42

prosím o kontrolu PC

#1 Příspěvek od 76033347 »

Logfile of random's system information tool 1.06 (written by random/random)
Run by towi1700 at 2010-05-24 07:58:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (22%) free of 24 GB
Total RAM: 1023 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58, on 24.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDFSnake\PDFSnake\PDFSnakeHotFolder.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\TEMP\RSIT.exe
C:\Program Files\trend micro\towi1700.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.113.124.2:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.upce.cz
O15 - Trusted Zone: http://fis-web1.upce.cz
O15 - Trusted Zone: http://fis-web2.upce.cz
O15 - Trusted Zone: http://ifis.upce.cz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7532451086
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4312664663
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://kamera-m.upce.cz/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = upce.cz
O17 - HKLM\Software\..\Telephony: DomainName = upce.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = upce.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = upce.cz
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Snake Hot Folders - Rennie Glen Software LLC - C:\Program Files\PDFSnake\PDFSnake\PDFSnakeHotFolder.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8665 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-04 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-03-24 3309568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-03-24 46080]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2004-04-12 425984]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=0
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0
"ForceStartMenuLogOff"=1
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"nodrivetypeautorun"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\SUPDSvc.exe"="C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service"
"C:\WINDOWS\system32\efi.exe"="C:\WINDOWS\system32\efi.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\towi1700\hogpb.exe"="C:\Documents and Settings\towi1700\hogpb.exe:*:Enabled:ENABLE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5989d02f-2134-11df-b1d2-000d615e62d4}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63234614-5580-11de-b02c-000d615e62d4}]
shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93d8c128-c203-11dd-af96-000d615e62d4}]
shell\AutoRun\command - G:\traveller.exe DisCryptor Traveller

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a79a9137-e227-11dd-afaf-000d615e62d4}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e61f1c16-9a92-11dd-af71-000d615e62d4}]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eba5633d-2d44-11dd-aef8-000d615e62d4}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Main.exe
shell\open\command - G:\Main.exe


======List of files/folders created in the last 1 months======

2010-05-21 12:42:14 ----D---- C:\eset
2010-05-21 11:49:27 ----A---- C:\WINDOWS\OEWABLog.txt
2010-05-12 07:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-07 12:22:54 ----D---- C:\Documents and Settings\towi1700\Data aplikací\HP
2010-05-07 12:21:40 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-05-07 12:08:14 ----A---- C:\WINDOWS\system32\hpipn7tf.dll
2010-05-07 10:09:56 ----D---- C:\Documents and Settings\towi1700\Data aplikací\Hewlett-Packard
2010-05-03 10:17:58 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-03 10:17:58 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-03 10:17:57 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-03 10:17:57 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-05-24 07:58:12 ----D---- C:\Program Files\Trend Micro
2010-05-24 07:57:56 ----A---- C:\WINDOWS\WINCMD.INI
2010-05-24 07:47:10 ----AD---- C:\WINDOWS
2010-05-24 07:42:46 ----D---- C:\WINDOWS\Prefetch
2010-05-24 07:38:04 ----D---- C:\WINDOWS\TEMP
2010-05-24 07:31:42 ----D---- C:\WINDOWS\security
2010-05-24 07:25:08 ----A---- C:\WINDOWS\SMSCFG.ini
2010-05-21 15:09:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-21 14:58:45 ----SHD---- C:\RECYCLER
2010-05-21 14:49:54 ----SHD---- C:\WINDOWS\Installer
2010-05-21 14:49:44 ----HD---- C:\WINDOWS\inf
2010-05-21 14:49:44 ----AD---- C:\WINDOWS\system32\drivers
2010-05-21 14:49:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-21 11:55:30 ----D---- C:\WINDOWS\system32
2010-05-21 08:02:51 ----D---- C:\WINDOWS\Internet Logs
2010-05-19 07:44:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-05-19 07:44:17 ----D---- C:\Program Files\Internet Explorer
2010-05-19 07:44:13 ----D---- C:\WINDOWS\ie8updates
2010-05-19 07:43:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-12 07:47:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-05-12 07:46:58 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 07:46:41 ----D---- C:\Program Files\Outlook Express
2010-05-11 12:28:34 ----D---- C:\Documents and Settings\towi1700\Data aplikací\Adobe
2010-05-10 07:36:31 ----D---- C:\WINDOWS\WinSxS
2010-05-07 12:28:29 ----D---- C:\Program Files\Hewlett-Packard
2010-05-07 12:21:40 ----D---- C:\Program Files\Common Files
2010-05-07 10:09:41 ----D---- C:\Program Files\MSXML 4.0
2010-05-05 10:13:49 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-05-03 10:17:55 ----D---- C:\Program Files\Java
2010-05-03 08:45:25 ----D---- C:\Documents and Settings\towi1700\Data aplikací\XnView
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-28 14:11:54 ----D---- C:\Program Files\PDFTools
2010-04-27 08:19:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\BlazeVideo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 PDIHWCTL;PDIHWCTL; \??\C:\WINDOWS\system32\drivers\pdihwctl.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-06-24 991400]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2005-11-28 11744]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2003-06-16 369920]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF15BDA;AF9015 BDA Device; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2010-03-04 483200]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-03-06 329856]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-03-06 99712]
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-06-11 47272]
S3 catchme;catchme; \??\C:\DOCUME~1\towi1700\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 i1;i1 Pro; C:\WINDOWS\System32\Drivers\i1.sys [2003-11-27 26045]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-03-24 1895648]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Vsp;Vsp; \??\C:\WINDOWS\system32\drivers\Vsp.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CcmExec;Hostitel agenta serveru SMS; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-03-24 571904]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PDF Snake Hot Folders;PDF Snake Hot Folders; C:\Program Files\PDFSnake\PDFSnake\PDFSnakeHotFolder.exe [2008-01-14 204800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Wuser32;SMS Remote Control Agent; C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe [2006-03-24 241664]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-03-24 110659]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-30 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-30 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15662
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: prosím o kontrolu PC

#2 Příspěvek od JaRon »

stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
76033347
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 19 říj 2006 17:42

Re: prosím o kontrolu PC

#3 Příspěvek od 76033347 »

ComboFix 10-05-23.06 - towi1700 24.05.2010 8:45.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.625 [GMT 2:00]
Spuštěný z: c:\documents and settings\towi1700\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\systeminfo.dll

----- BITS: Možné infikované stránky -----

hxxp://wsus.upce.cz
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-24 do 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-21 12:54 . 2010-05-21 12:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-21 10:42 . 2010-05-21 10:55 -------- d-----w- C:\eset
2010-05-21 09:49 . 2010-05-21 09:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-07 10:21 . 2010-05-07 10:28 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-07 10:08 . 2010-02-16 14:02 118272 ----a-w- c:\windows\system32\hpipn7tf.dll
2010-05-07 10:08 . 2010-02-16 14:02 245248 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpipp7tf.dll
2010-05-03 08:17 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 05:58 . 2009-04-14 08:56 -------- d-----w- c:\program files\Trend Micro
2010-05-21 09:55 . 2006-06-14 07:19 2404 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-20 05:33 . 2009-07-31 05:54 4246958 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-05-07 10:28 . 2009-11-27 12:19 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 08:09 . 2006-10-16 05:22 -------- d-----w- c:\program files\MSXML 4.0
2010-05-03 08:17 . 2006-06-29 05:44 -------- d-----w- c:\program files\Java
2010-04-28 12:11 . 2008-08-11 08:14 -------- d-----w- c:\program files\PDFTools
2010-04-07 19:08 . 2010-04-07 19:08 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-04-07 11:38 . 2010-04-07 11:31 -------- d-----w- c:\program files\Elf Bowling Holiday Bundle
2010-04-07 11:31 . 2010-04-07 11:31 -------- d-----w- c:\program files\ReflexiveArcade
2010-03-31 05:25 . 2006-06-29 05:43 -------- d-----w- c:\program files\Common Files\Java
2010-03-29 05:02 . 2004-08-18 10:00 84224 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 05:02 . 2004-08-18 10:00 442360 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 06:17 . 2004-08-18 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 11:32 . 2010-03-04 11:32 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2010-03-04 11:32 . 2010-03-04 11:32 483200 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2010-03-04 11:32 . 2010-03-04 08:46 140 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-02-25 06:18 . 2004-08-18 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2005-07-14 10:31 . 2005-07-14 10:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 13:32 . 2005-06-26 13:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 20:37 . 2005-06-21 20:37 45568 --sha-r- c:\windows\system32\cygz.dll
2006-05-03 09:06 . 2008-04-17 13:33 163328 --sh--r- c:\windows\system32\flvDX.dll
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2008-02-11 13:33 . 2007-12-06 10:07 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-24 3309568]
"nwiz"="nwiz.exe" [2004-03-24 782336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-03-24 46080]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-04-12 425984]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-9-14 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-577094795-3224523113-2082681977-10269\Scripts\Logon\0\0]
"Script"=registry.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-577094795-3224523113-2082681977-10269\Scripts\Logon\1\0]
"Script"=FCHT_KPF.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-577094795-3224523113-2082681977-10399\Scripts\Logon\0\0]
"Script"=registry.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-577094795-3224523113-2082681977-10399\Scripts\Logon\1\0]
"Script"=\\sf01\depl$\CDS\cds.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-577094795-3224523113-2082681977-10399\Scripts\Logon\2\0]
"Script"=start.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-577094795-3224523113-2082681977-5196\Scripts\Logon\0\0]
"Script"=registry.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-577094795-3224523113-2082681977-5196\Scripts\Logon\1\0]
"Script"=FCHT_KPF.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [26.6.2009 15:08 40496]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 21:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 21:07 810120]
R2 PDF Snake Hot Folders;PDF Snake Hot Folders;c:\program files\PDFSnake\PDFSnake\PDFSnakeHotFolder.exe [15.2.2008 12:27 204800]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [14.10.2008 13:14 14416]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.6.2008 09:18 716272]
S3 i1;i1 Pro;c:\windows\system32\drivers\i1.sys [14.10.2008 13:14 26045]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [6.6.2006 10:50 3351]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyServer = 195.113.124.2:3128
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: upce.cz\fis-web1
Trusted Zone: upce.cz\fis-web2
Trusted Zone: upce.cz\ifis
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://kamera-m.upce.cz/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\towi1700\Data aplikací\Mozilla\Firefox\Profiles\zh9mfyw4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://beta.centrum.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 08:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(740)
c:\program files\Bonjour\mdnsNSP.dll
.
Celkový čas: 2010-05-24 08:56:00
ComboFix-quarantined-files.txt 2010-05-24 06:55

Před spuštěním: 5 602 684 928
Po spuštění: 6 643 175 424
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15662
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: prosím o kontrolu PC

#4 Příspěvek od JaRon »

no nejaki smejdici boli odstraneni :) vycisti PC s CCleanerom a ak nie su ziadne problemy - hotovo :)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
76033347
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 19 říj 2006 17:42

Re: prosím o kontrolu PC

#5 Příspěvek od 76033347 »

stále je to pomalý i po čištění CCleanerem.
Budu to muset odvézt technikům do firmy. protže to vypadá na hardwarovej problém asi.
Díky moc
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15662
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: prosím o kontrolu PC

#6 Příspěvek od JaRon »

no ak je pomaly skus este nasledovne dva body:
1. USBFix - vid navod motji http://www.viry.cz/forum/viewtopic.php? ... ix#p861397
2. MBAM
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“