Rapidny ubytok miesta na C:

[eter]

Dobry den,
mam uz starsi PC s winXP, ale nedavno sa mi nejak stratilo miesto z C: Vzdy som tam mal okolo 2GB volneho miesta a teraz permanentne pod 200MB. Z logu zistite ze mam NOD32 a Zone alarm. Ak mi poradite co mi zozralo tolko miesta, budem vdacny. Vopred dakujem.


log 3 month

Logfile of random's system information tool 1.06 (written by random/random)
Run by leeloo at 2010-06-29 21:52:05
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 133 MB (2%) free of 7 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:15, on 29. 6. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\net\BlueTooth\B\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Antiwir\NOD32\NOD\nod32krn.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
E:\Antiwir\ZoneAlarm\ZoneAlarm\zlclient.exe
E:\Antiwir\NOD32\NOD\nod32kui.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Antiwir\RSIT\RSIT.exe
E:\Antiwir\!hijaks\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Antiwir\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "E:\Antiwir\NOD32\NOD\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DLD.EXE] E:\net\RapidNoLimit\DLD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29BB7EB0-0C4F-4DE6-888F-26026B56D2E5}: NameServer = 10.10.1.1,195.28.75.114
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A614194-640D-4775-9C5B-CAF0279A660B}: NameServer = 10.10.0.2,10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\net\BlueTooth\B\BTNtService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Antiwir\NOD32\NOD\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5339 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll [2004-05-13 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"ZoneAlarm Client"=E:\Antiwir\ZoneAlarm\ZoneAlarm\zlclient.exe [2009-05-28 1005960]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"nod32kui"=E:\Antiwir\NOD32\NOD\nod32kui.exe [2009-09-02 921600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"DLD.EXE"=E:\net\RapidNoLimit\DLD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
E:\programy\Nokia 6230i\PC Suite 6.41\Nokia PC Suite 6\Launch Application 2.exe -onlytray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
E:\Antiwir\SpywareDoctor\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^autobahn.lnk]
C:\PROGRA~1\Autobahn\autobahn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
E:\net\BLUETO~1\B\BLUESO~1.EXE [2004-08-27 1011712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
E:\VIDEO\Common\Bin\WINCIN~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^leeloo^Nabídka Start^Programy^Po spuštění^OpenOffice.org 1.0.lnk]
E:\programy\OPENOF~1\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-11 190976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\net\mIRC v6.15 sk\mirc.exe"="E:\net\mIRC v6.15 sk\mirc.exe:*:Enabled:mIRC"
"E:\net\mIRC v6.15 sk\mIRC v6.15 sk\mirc.exe"="E:\net\mIRC v6.15 sk\mIRC v6.15 sk\mirc.exe:*:Enabled:mIRC"
"E:\NET\LimeWireWin\LimeWire\LimeWire.exe"="E:\NET\LimeWireWin\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"E:\net\skype\skype\skype\Phone\Skype.exe"="E:\net\skype\skype\skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\net\LimeWire\LimeWire.exe"="E:\net\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"E:\net\Skype\Phone\Skype.exe"="E:\net\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"
"E:\net\BlueTooth\B\BlueSoleil.exe"="E:\net\BlueTooth\B\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"E:\net\Utorrent\U\uTorrent.exe"="E:\net\Utorrent\U\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-06-29 21:52:05 ----D---- C:\rsit
2010-06-23 21:53:33 ----D---- C:\Documents and Settings\leeloo\Data aplikací\SMS Sender

======List of files/folders modified in the last 3 months======

2010-06-29 21:52:05 ----D---- C:\WINDOWS\Prefetch
2010-06-29 21:51:56 ----A---- C:\WINDOWS\WINCMD.INI
2010-06-29 21:51:55 ----D---- C:\WINDOWS\Temp
2010-06-29 21:42:45 ----D---- C:\WINDOWS\Internet Logs
2010-06-29 21:38:40 ----D---- C:\Documents and Settings\leeloo\Data aplikací\Skype
2010-06-29 21:38:07 ----D---- C:\Documents and Settings\leeloo\Data aplikací\skypePM
2010-06-29 21:36:44 ----SHC---- C:\Program Files\Desktop.ini
2010-06-29 13:18:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-29 12:44:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-29 01:48:23 ----D---- C:\WINDOWS
2010-06-29 01:46:41 ----AD---- C:\Program Files
2010-06-28 23:23:22 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-06-28 22:39:52 ----D---- C:\Program Files\Mozilla Firefox
2010-06-22 00:27:00 ----A---- C:\WINDOWS\wdict32.INI
2010-05-28 14:13:28 ----D---- C:\WINDOWS\system32
2010-05-21 12:13:44 ----SH---- C:\boot.ini
2010-05-21 12:13:44 ----AC---- C:\WINDOWS\system.ini
2010-05-21 12:13:44 ----A---- C:\WINDOWS\win.ini
2010-05-20 20:49:58 ----SHD---- C:\WINDOWS\Installer
2010-05-19 20:50:49 ----D---- C:\WINDOWS\system32\drivers
2010-05-17 12:03:47 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-17 150544]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-05-28 365448]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2003-10-10 19712]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-08-25 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2004-08-11 10579]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-08-11 60756]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-08-11 81416]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2004-08-20 23512]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CoolerXPDriver;CoolerXPDriver; \??\C:\Program Files\MSI\PC Alert 4\NTCooler.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NPF;Netgroup Packet Filter; \??\C:\WINDOWS\system32\drivers\packet.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; E:\net\BlueTooth\B\BTNtService.exe [2004-08-27 102400]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NOD32krn;NOD32 Kernel Service; E:\Antiwir\NOD32\NOD\nod32krn.exe [2009-09-02 507904]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-05-28 2414984]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe []

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DLD.EXE] E:\net\RapidNoLimit\DLD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

E:\Antiwir\!hijaks\HiJackThis.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !

Defragmentuj disku buď integrovaným windows nástrojem,

nebo jinou aplikací, například Defragglerem


Nakonec použij Mbam z mého podpisu.

[eter]

Dobry,
Velmi to nepomohlo, urobil som vsetko. Mbam nenasiel nic, defragmentaciu som urobil s defragglerom (aj to nie celu, lebo to robilo celu noc az doobeda a ajtak neurobilo), lebo s win sa pochopitelne nedalo ked je menej ako 15% free. Len nechapem kde sa mohlo stratit 2GB z dna na den. Mal som tam len win a paru programikov. Tu je log z hijacku.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:45, on 30. 6. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\net\BlueTooth\B\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Antiwir\NOD32\NOD\nod32krn.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
E:\Antiwir\ZoneAlarm\ZoneAlarm\zlclient.exe
E:\Antiwir\NOD32\NOD\nod32kui.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Antiwir\!hijaks\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Antiwir\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "E:\Antiwir\NOD32\NOD\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - E:\programy\PCTRAN~2\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29BB7EB0-0C4F-4DE6-888F-26026B56D2E5}: NameServer = 10.10.1.1,195.28.75.114
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A614194-640D-4775-9C5B-CAF0279A660B}: NameServer = 10.10.0.2,10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\net\BlueTooth\B\BTNtService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Antiwir\NOD32\NOD\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4358 bytes

[Roli]

Nyní použijeme větší kalibr tak že důkladně číst, protože tenhle softík netoleruje chyby.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

[eter]

Zdravim,
No uz je to lepsie uz je cez 600MB volneho miesta, ale este stale to nie je ono.

co som tak zachytil toto zmazal, neviem odkial, ani preco: kernel1.exe a Thumbs.db

tu je log z neho:

ComboFix 10-06-29.04 - eter . 06. 2010 23:38:25.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.258 [GMT 2:00]
Running from: c:\documents and settings\eter\Plocha\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 100 bytes in 1 streams.
ADS - netcfgx.dll: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\kernel1.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-29 21:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 21:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 19:52 . 2010-06-29 19:52 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 21:59 . 2009-09-13 20:05 2250188832 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-30 21:54 . 2009-09-13 20:05 26372300 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-13 19:35 . 2007-07-03 06:22 25330417 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-04-28 07:44 . 2010-04-28 07:55 2650112 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2010-04-16 23:05 . 2010-04-16 23:07 2695168 ----a-w- c:\windows\Internet Logs\xDB19.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"ZoneAlarm Client"="e:\antiwir\ZoneAlarm\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
"nod32kui"="e:\antiwir\NOD32\NOD\nod32kui.exe" [2009-09-02 921600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\net\\BlueTooth\\B\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:*:Disabled:Red Swoosh
"5000:UDP"= 5000:UDP:*:Disabled:Red Swoosh

S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21. 6. 2007 17:21 30720]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Web Rebates. - file://c:\program files\WebRebates4\websrebates\webtrebates\toprC0.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - e:\programy\PCTRAN~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - e:\programy\PCTRAN~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - e:\programy\PCTRAN~2\PCTRAN~1\webie.dll
TCP: {29BB7EB0-0C4F-4DE6-888F-26026B56D2E5} = 10.10.1.1,195.28.75.114
TCP: {7A614194-640D-4775-9C5B-CAF0279A660B} = 10.10.0.2,10.10.10.1
FF - ProfilePath - c:\documents and settings\leeloo\Data aplikací\Mozilla\Firefox\Profiles\17lekq52.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: e:\video\Vlc\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 23:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Mixer.exe
c:\windows\system32\rundll32.exe
e:\net\BlueTooth\B\BTNtService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
e:\antiwir\NOD32\NOD\nod32krn.exe
.
**************************************************************************
.
Completion time: 2010-07-01 00:03:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 22:03

Pre-Run: 178 758 144
Post-Run: 701 473 792

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /kernel=kernel1.exe

- - End Of File - - 152F221C0193A0D99A737D13FBD05EBB

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\Internet Logs\xDB1A.tmp
c:\windows\Internet Logs\xDB19.tmp

FireFox::
FF - ProfilePath - c:\documents and settings\leeloo\Data aplikací\Mozilla\Firefox\Profiles\17lekq52.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[eter]

ComboFix 10-06-30.03 - leeloo . 07. 2010 13:31:37.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.135 [GMT 2:00]
Running from: c:\documents and settings\leeloo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\leeloo\Plocha\CFScript.txt
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\Internet Logs\xDB19.tmp"
"c:\windows\Internet Logs\xDB1A.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Internet Logs\xDB19.tmp
c:\windows\Internet Logs\xDB1A.tmp

.
((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-06-29 21:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 21:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 19:52 . 2010-06-29 19:52 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 11:39 . 2009-09-13 20:05 2254499872 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-07-01 01:01 . 2009-09-13 20:05 26409716 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-13 19:35 . 2007-07-03 06:22 25330417 ----a-w- c:\windows\Internet Logs\tvDebug.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"ZoneAlarm Client"="e:\antiwir\ZoneAlarm\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
"nod32kui"="e:\antiwir\NOD32\NOD\nod32kui.exe" [2009-09-02 921600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\net\\BlueTooth\\B\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:*:Disabled:Red Swoosh
"5000:UDP"= 5000:UDP:*:Disabled:Red Swoosh

S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21. 6. 2007 17:21 30720]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Web Rebates. - file://c:\program files\WebRebates4\websrebates\webtrebates\toprC0.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - e:\programy\PCTRAN~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - e:\programy\PCTRAN~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - e:\programy\PCTRAN~2\PCTRAN~1\webie.dll
TCP: {29BB7EB0-0C4F-4DE6-888F-26026B56D2E5} = 10.10.1.1,195.28.75.114
TCP: {7A614194-640D-4775-9C5B-CAF0279A660B} = 10.10.0.2,10.10.10.1
FF - ProfilePath - c:\documents and settings\leeloo\Data aplikací\Mozilla\Firefox\Profiles\17lekq52.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 4
FF - plugin: e:\video\Vlc\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 13:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\imon.dll
.
Completion time: 2010-07-01 13:42:31
ComboFix-quarantined-files.txt 2010-07-01 11:42
ComboFix2.txt 2010-06-30 22:03

Pre-Run: 610 035 712
Post-Run: 586 448 896

- - End Of File - - D3F4D12E7BE91CA9232E6D0A2DD04B50

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[eter]

Dik, uz je to lepsie uz je 0.98GB volneho aspon nieco. Ak sa mozem spytat, co to vlastne bolo, nejaky vir alebo ina neplecha?

A este jeden malilinky problemik mam. Stava sa to skoro stale, cim viac robim na kompe, tak potom ked ho chcem normalne vypnut cez start, len blikne plocha a nic. Musim sa odhlasit a potom ctrl-alt-del a dat vypnut. Asi 3 mesiace to pozorujem. Cim to bude? Bud zastaraly HW, Style XP alebo nieco ine?

[Roli]

No něco málo nepořádku tam bylo, ale spíše ti hodně místa na disku užírají automatické body obnovy.

Klikni pravým myšítkem na Tento počítač, vyber Vlastnosti a na kartě Obnovení systému přesuň jezdec na nejméně.

Style XP a podobná zkrášlovadla dokáží občas taky pěkně rozhodit PC.

Také to může být právě tím, že systém nemá dostatek místa pro uložení všeho při vypnutí.

Nebo také úplně něčím jiným, tak že se zeptám u toho ZoneAlarm Security Suite máš zapnutý pouze firewall ?

[eter]

No ja som mal dokonca obnovy vypnute na vsetkych jednotkach a asi mas pravdu mal by som asi zainvestovat aspon do ramky, nielen do diskov, len na tych mi ako tak zalezalo

Zone alarm mam len firewall zapnuty. Antivir a antispyware vyprsala uz platnost, ja som chcel len firewall Zone alarm.

Skusim urobit este defragmentaciu do konca, nech sa spamat trochu disk. Velke diky zatial.

[Roli]

Když budeš přidávat RAMku dej pozor aby byla parametrově stejná s tou co tam máš.

Pokud nevíš jakou, použij Everest

Sice se jedná o trial ale náš účel splní.

Nainstaluj ho >> spusť >> klik na Počítač >> dále Přehled,

nahoře v aplikaci klikni na Zpráva vyber Rychlá zpráva >> Prostý text

a vše mi sem zkopíruj, kouknu se na to.

No a s tou defragmentací to asi bude horší když máš tak málo místa na systémovém disku.

Zkus některá data pokud to půjde přesunout na jiný disk aby se tento trošku uvolnil.

Jinak nemáš zač.

[eter]

Ja viem ake potrebujem, ale som pre istotu pozrel do manualu maticnej max 3x1GB DDR 266-400MHz, ale z toho iba jednu 400Mhz, trochu v tom prehlad mam. Co je zvlastnejsie je, ze stare DDRky su drahsie ako nove DDR3 .

Defragmentaciu urobil win aj ked iba 14% bolo volneho a dost rychlo. Na C: mam len win a par programikov co sa nedalo inde instalnut. Ja som na to dost haklivy instalovat veci k winu, preto som bol trosku v soku, ze mi zozralo tolko miesta, ked som si vedomy maleho zasvinenia programov. Clovek sa ale uci vzdy a najlepsie na vlastnych chybach pokusom a omylom.

[Roli]

Ja viem ake potrebujem, ale som pre istotu pozrel do manualu maticnej max 3x1GB DDR 266-400MHz, ale z toho iba jednu 400Mhz, trochu v tom prehlad mam. Co je zvlastnejsie je, ze stare DDRky su drahsie ako nove DDR3

Bohužel tomu tak je, ale jak jsem psal dej pozor na to aby přidaná RAM měla stejné hodnoty jako ta co tam máš,

kdyby ne mohlo by se stát že ti Windows padnou na hubu

Clovek sa ale uci vzdy a najlepsie na vlastnych chybach pokusom a omylom.

No jo no.

Tak že pokud již není žádný problém máme hotovo.