Posílám log z hijackthis, už se to v něm asi nedělá, ale mám teď jen problematické připojení k netu, tak aspoň tohle. Připadá mi, že je spuštěno a běží příliš mnoho věcí. A jednou dokonce naskočilo okno s odpočtem času k vypnutí PC. Prosím moc o radu.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:58, on 3.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
O:\Programy záloha\Antiviry a jiné čístící prográmky\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Display Stix - System tray] C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - c:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - c:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8512790187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8512776609
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: ????????
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7279 bytes
Ještě se mi podařil log z Combofix:
ComboFix 10-08-02.03 - spravce 03.08.2010 12:12:18.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2796 [GMT 2:00]
Spuštěný z: L:\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\config.ini
c:\windows\Install.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.
2010-08-03 09:11 . 2010-08-03 09:11 -------- d-----w- c:\documents and settings\spravce\DoctorWeb
2010-08-03 09:11 . 2010-08-03 09:12 -------- d-----w- c:\temp\RarSFX0
2010-08-03 09:11 . 2008-04-14 06:52 390144 ----a-w- c:\windows\system32\CF2402.exe
2010-08-03 09:05 . 2010-08-03 10:09 1024 ---ha-w- c:\temp\spserv.dat
2010-08-03 09:05 . 2010-08-03 10:09 1024 ---ha-w- c:\temp\spnserv.dat
2010-08-03 09:05 . 2010-08-03 10:09 1024 ---ha-w- c:\temp\gnserv.dat
2010-08-03 09:03 . 2010-08-03 09:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-03 08:23 . 2010-08-03 08:23 -------- d-----w- C:\Deckard
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 09:02 . 2008-08-28 13:45 -------- d-----w- c:\program files\IncrediMail
2010-06-25 14:25 . 2001-10-25 14:00 97236 ----a-w- c:\windows\system32\perfc005.dat
2010-06-25 14:25 . 2001-10-25 14:00 470648 ----a-w- c:\windows\system32\perfh005.dat
2010-06-19 13:11 . 2008-08-18 04:43 -------- d-----w- c:\program files\Axesstel
2010-06-16 14:47 . 2010-06-16 14:47 -------- d-----w- c:\program files\PhotoMail Maker
2010-06-12 18:45 . 2008-08-08 18:27 -------- d-----w- c:\program files\CCleaner
2007-09-20 02:45 . 2010-06-01 14:33 90112 ----a-r- c:\program files\axesstel.dll
2007-09-20 02:45 . 2010-06-01 14:33 118784 ----a-r- c:\program files\MSP_Uninstall.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Display Stix - System tray"="c:\program files\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"nwiz"="nwiz.exe" [2006-02-13 1519616]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-07 917504]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^APC UPS Status.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^spravce^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Guage.lnk]
path=c:\documents and settings\spravce\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^spravce^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\documents and settings\spravce\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^spravce^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Scheduler.lnk]
path=c:\documents and settings\spravce\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^spravce^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\spravce\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^spravce^Nabídka Start^Programy^Po spuštění^Webshots.lnk]
path=c:\documents and settings\spravce\Nabídka Start\Programy\Po spuštění\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display Stix - System tray]
2004-04-24 19:16 245760 ----a-w- c:\program files\Fractalis Software\Display Stix 2.5\dstix.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-12-15 07:46 976784 ----a-w- c:\progra~1\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-22 19:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-06-16 14:46 353736 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-14 12:12 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-12-05 10:30 2295072 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 -c----w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 12:21 2213160 -c--a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-02-13 13:05 86016 ------w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 05:36 14854144 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
2004-08-30 14:37 286720 ----a-w- c:\windows\vsnpstd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [25.1.2009 20:15 5248]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [25.12.2009 13:44 12800]
R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [25.12.2009 13:44 43008]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27.4.2007 2:00 316992]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys --> c:\windows\system32\drivers\wf2kvcap.sys [?]
S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [25.12.2009 13:44 102400]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys --> c:\windows\system32\drivers\wf2ktunr.sys [?]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys --> c:\windows\system32\drivers\wf2kxbar.sys [?]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [25.1.2009 20:15 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2009 18:28 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 10:27 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\spravce\Data aplikací\Mozilla\Firefox\Profiles\pnzt86j6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.idnes.cz
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Asociace souborů -------
.
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-PinnacleDriverCheck - c:\windows\system32\\PSDrvCheck.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WinFast Schedule - c:\program files\WinFast\WFTVFM\WFWIZ.exe
AddRemove-Pinnacle HFX Volume 1 - c:\windows\unvise32.exe \unvol1log
AddRemove-Wubi - r:\ubuntu\uninstall-wubi.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 12:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="1A10135488512A195BA61D5050240AD004C4D91DFC154A11A788FC057FE0DE684C3EFA9EA9C78D0CDD94EAB1192512D02A277552C5DD5C05EDCD5EE5149C5D8A79C08EE0FD615BCAD492BCE548D5DE738A6F1EACC805330BEA30A8BA3DCD664FF1C7E6E9B233ECE533EA56C3FAFCC6DD58FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C31F54817356EA528FA4F181CA4795BD2968909807D4D7DFD407D7AF54210036E0F3C2864E2735AE6A9F903E258DE5C28CD77DC3B1126A882A188DDFEAC5AB9EF59A84FB30AA163C2AD193083229D06681E17220836EBA9B1029AA09C4BAF55B8F5AD8649F629C84789C96CB47CE0F4DC454DCB303564D1B67D007847D58D7AF47D206BED6FE225C07188DA305879D7153662207DCC768582646A72FBF3166595BABA6E702AC827C24F3AEF3619DA74E49804B9C12CAFBF48B96EEC3BC68E6251AF9DD3A2CFFA13A341A77687181DA262C5C088CEF9C20C81B4869E89DC62D4A090C9345902BA40FB18798B6C207CCEE9CB0ECEFC4D028CE9C08F0C6EBE9D32C04627FCEED3F099AB59C1A12E72D8799A6FC32329B468F6017DCA9278E5F286B26B7D6F4049261F53BF72FC9C41353656251FEF31B111138A3FDD62383F39EDBA53FC1FAFE08B635A37E1B90A36B9ADC597BF747837BE40100DD1FEC02EE71C638137F52288728C69E14EC3CC6DB31CD2A5AAC468AF55EDDDA195BE2C882057792E232F02A1D2D77095D4DD3FF41152ADE24745EBF7DD22826E78CF1697A0798D451CDD3D05C59321DBF91D42D267B34914E13173610576D315B030201AD1F074E7DE6444FC8CA37071A4EAB4FEEDB9DB36AC19EFB01B1869EED8346F423B3FC96B0F7D0DC909FE1AC7A00701E3FEEEE075BBDD5C9E96479E05EC83AAB48D7BE7D631B4131DC1301B069C018EE29DF418B406B632D790D99398CD99008D1950F067326A519DE1573684ACBFCE4F6B7F058A682F71FEC33B2D1DC2C71FD7537BCA8DDE55CBE6B8A7F0D1C77D33F231D76DC2A3269FA79265943AF3AFBD99574F1E6E6A7C0609396816AC4A463187DA58DDDADBCD41DB816AB3CA6ECA1345623157E2693D8A0679F4B40E72FD46BD777324069AABE41739713CDEA4E3DD47D59DA775D8C867D4B4BB9C1EE3D8EDB9BBABD4A84A9C97CB08B1A1B96B9B5C7CB8A0056816A2AEE04AC1E439A6612D147F1AC6DF3DCE6F5FDC799C52FC6455B634DD29AFE22574093C9CE87225F489583EEA14F9A5C482A8CE2AA8D5750790BC170A907466FBD32033F7C51030460F8719DD9B779E55ECF614B88622D6205A48D1F17B112BA869ED7713DD887A594A13D1498390222B4E0B0CAEBACB879D0408FA71"
"OODLED02.00.00.02WSSV"="76A92DD17E718F674553FBDEDDECC5ED45452D1DE92F0B2B596DAE234CFECD8EE09ADC844136CB7AF72BEE9BC3C39A8E91552C5F0CAF0D8855F4F448DA3AE132DA701D4793044260282B934EAE4C18FE0B8559666FB3A7303973FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667E69B16B83D497D1EECEE6D3D9405B0DB23C2E2A07540DC52068B4E2B19278100B6A76166FAE5AA88EEF2E4EBFE4916C8CDECC1BEDEEAA9FA6EF16232E8F036E5D0FCDA6A135C09221283E6605E665AEAF5583983FC71F3033C25925DE085C023CFEAB35001DF9D01352194DF7E907CDEDE56F48E9429D72F3AE638C3D9FBFDC6A1451149CF691F9E0E51FCD54341B02723BB9224FBAB282D86FE1EA2BF2EFC468AE38CAB22B578D7A19C28CDA13560AA2EE226A81E586B8A12B7055993BB7DF79F23326EAC4349EECD8E8EFA26EDA8B34129B6A97BCFD73CA25F1FEA6789F81BCD6183303956668842391FB3ECB05971F0EFBE54A5F95E1953C8960065BB98CE5202F531A3F8D52F81AFBCF0298677F3271D2D7B457F9E5B10CA0765C9C03A96BFEEF1D4DEF5D44EE40CBBD1A13DB9331E1BE597164FEE249BC0FE096445F15CFD1154A66F5DD0B896E9661630640F8AE8573F42E51CD8760C0884011ABC846B475A6ED16F046EA4176B7C26C2D29736EC42043A18DA1939C9040F04E15FEEF42A3D06288B0286293A342E8A5B20A5DADFD27363A5C622B7941B89ECC9285D0D0A31D29D0432A1C5286C22F0902B447CD08141C3975C18227C38553D7055332C1D3283CB30B6815A5CC0712C8D93308721CC14078FDF560BE7C945198AE9862FEDC0B76FF7721AAD26E32CB18F3FD6C90336077BBED5E9EA9142234761AF23555CDE84E8D80E9068A987D39BE9D7DF74014328936D09931C051829B3CFAD86439994733F64F44218DEE6DC2701C92220F77D7C68F58749DDA6C608EE4637E2812EEF8118BE583E2E913DB237D146ABC59873F832C92434552ACC63AC4B5C20FD737D9F42232B4800614BB2D0E7423B4467360AD0E97433879A2CD4C474F4D70719D1B22F5DA6D7C641D5AE1E6777465D3CDA0E486E52D5E1556C66336E1D585222851472CF46189F7B266EED8462F43846FBD7BD035CE2328C971A18FA3425F763B290C56ECAE78CA808A9B08CC4A4DE04362FFDE674542D443C61B6EDDBF3738A7AE8054338DCF2BACB907C5BA3E4BF4A2CCE756C4156E959ED26F72E7C2FA6930053B2EB56BC1CF348C20D64C77B2E4303E4B97CAC4B627642C4E539BF765553EA77F2193284B4EDD358BDAD3FDEDEEB6495009064C7789FD38B331F961BA7EFE6F28E109A615013CBDA13515ABDEC13FE77A3B85A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2010-08-03 12:18:28
ComboFix-quarantined-files.txt 2010-08-03 10:18
Před spuštěním: Volných bajtů: 38 285 242 368
Po spuštění: Volných bajtů: 38 854 754 304
- - End Of File - - 6D76D28A91C79CB07F7FE1C62A001EA0
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zpomalený náběh PC, nelze připojit k internetu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Zpomalený náběh PC, nelze připojit k internetu
zdravim
otevrete si Poznamkovy blok, do ktereho zkopirujete tento text:
restart a novy log z RSIT sem
otevrete si Poznamkovy blok, do ktereho zkopirujete tento text:
pote ulozte vysledny soubor jako napr. uprava.reg (jako typ souboru zvolte pri ukladani Vsechny soubory) a dvojitym poklikanim spustte, pripadne hlasky o uprave registru potvrdteREGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
restart a novy log z RSIT sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Přispějete na provoz fóra?