Stránka 2 z 2

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 26 kvě 2009 13:41
od Vincent
1. log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Windows\temp\HTTC726.tmp moved successfully.
File/Folder C:\Windows\temp\HTTCB85.tmp not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
Folder move failed. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\Installer\MSI2CF3.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\Installer\MSI35A3.tmp scheduled to be moved on reboot.
C:\WINDOWS\SoftwareDistribution\Download\01f177f57c696e67ba2ad8bbff69aa98\BITBB1E.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\cb96f1335ea7ae6cc867913545f47065\BITB948.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\e63556b5fbd4fd98c9cedb37f98c8b8a\BITBA42.tmp moved successfully.
File move failed. C:\WINDOWS\temp\gmeF1D7.tmp scheduled to be moved on reboot.
C:\WINDOWS\temp\HTT8D04.tmp moved successfully.
C:\WINDOWS\temp\HTTC726.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Honza\AppData\Local\Temp\etilqs_jjMZZdHpdWhsiHabM7tO scheduled to be deleted on reboot.
File delete failed. C:\Users\Honza\AppData\Local\Temp\etilqs_Xqv8wDjtbgokm4mDWiTP scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\gmeF1D7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\spserv.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05262009_131211

2. log:
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2180
Windows 6.0.6001 Service Pack 1

26.5.2009 14:23:40
mbam-log-2009-05-26 (14-23-40).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objektu skenováno: 257012
Uplynulý cas: 1 hour(s), 0 minute(s), 16 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 26 kvě 2009 13:58
od motji
:arrow:Otevřete znovu Otmoveit a klikněte na tlačítko CleanUp,potvrďte ok

:arrow: smažte gmer a rootrepeal

:arrow: Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /u

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

:arrow: Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry


:arrow: Klikněte mi do podpisu na SVI a podle návodu zapněte a vypněte obnovu systému, někdy se tam viry schovávají

:arrow: Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?

:arrow: až budete stahovat aktualizace, zkuste vypnout firewall

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 26 kvě 2009 19:07
od Vincent
konečně se podařilo nainstalovat tu aktualizaci. Nicméně po opětovném spuštění počítače se zase ukázalo, že "systém windows nemůže provést vyhledávání nových aktualizací". Tak nevím, počítač jinak funguje úplně bez problémů, až tady na to. Možná už by za tím žádný vir být nemusel ani jiná potvora být nemusely? Zatím díky!

zde je nový log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2009-05-26 19:59:29
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 285 GB (61%) free of 467 GB
Total RAM: 3069 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:43, on 26.5.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\helppane.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Honza\Desktop\RSIT.exe
C:\Program Files\trend micro\Honza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\Windows\system32\MSTMON_Y.EXE STARTUP
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c98f484d9f520) (gupdate1c98f484d9f520) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 7931 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{EAE89F15-6917-47E6-9672-600F1902C115}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-03-09 37888]
"KONICA MINOLTA PagePro 1400W STD"=C:\Windows\system32\MSTMON_Y.EXE [2005-08-22 184320]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-02-27 38768]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-02-27 640376]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\acaptuser32.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=36

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-26 19:59:29 ----D---- C:\rsit
2009-05-26 19:05:38 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-26 19:05:38 ----A---- C:\Windows\system32\infocardapi.dll
2009-05-26 19:05:37 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-26 19:05:37 ----A---- C:\Windows\system32\icardres.dll
2009-05-26 19:05:37 ----A---- C:\Windows\system32\icardagt.exe
2009-05-26 19:05:36 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-26 19:05:33 ----A---- C:\Windows\system32\PresentationHost.exe
2009-05-26 18:59:04 ----A---- C:\Windows\system32\dfshim.dll
2009-05-26 18:59:00 ----A---- C:\Windows\system32\mscoree.dll
2009-05-26 18:58:59 ----A---- C:\Windows\system32\netfxperf.dll
2009-05-26 18:58:43 ----A---- C:\Windows\system32\mscorier.dll
2009-05-26 18:58:37 ----A---- C:\Windows\system32\mscories.dll
2009-05-24 13:13:13 ----A---- C:\ComboFix.txt
2009-05-24 13:10:03 ----SHD---- C:\$RECYCLE.BIN
2009-05-24 13:08:09 ----D---- C:\Windows\temp
2009-05-23 15:24:56 ----D---- C:\ProgramData\WindowsSearch
2009-05-23 14:42:05 ----RASHD---- C:\autorun.inf
2009-05-23 13:20:49 ----A---- C:\Windows\zip.exe
2009-05-23 13:20:49 ----A---- C:\Windows\SWXCACLS.exe
2009-05-23 13:20:49 ----A---- C:\Windows\SWSC.exe
2009-05-23 13:20:49 ----A---- C:\Windows\SWREG.exe
2009-05-23 13:20:49 ----A---- C:\Windows\sed.exe
2009-05-23 13:20:49 ----A---- C:\Windows\PEV.exe
2009-05-23 13:20:49 ----A---- C:\Windows\NIRCMD.exe
2009-05-23 13:20:49 ----A---- C:\Windows\grep.exe
2009-05-23 13:20:34 ----D---- C:\Windows\ERDNT
2009-05-23 13:18:34 ----D---- C:\Qoobox
2009-05-23 13:12:30 ----D---- C:\Program Files\CCleaner
2009-05-21 21:35:15 ----D---- C:\Program Files\trend micro
2009-05-21 19:00:10 ----D---- C:\Users\Honza\AppData\Roaming\Malwarebytes
2009-05-21 19:00:05 ----D---- C:\ProgramData\Malwarebytes
2009-05-21 19:00:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-14 09:15:57 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-05-09 10:08:23 ----D---- C:\Program Files\Elecard
2009-05-03 08:39:03 ----D---- C:\ProgramData\Apple Computer
2009-05-03 08:39:03 ----D---- C:\Program Files\QuickTime
2009-04-28 09:08:38 ----HDC---- C:\ProgramData\{1CFDD724-D742-4A0A-A374-89DBFF6ECA5F}

======List of files/folders modified in the last 1 months======

2009-05-26 19:59:40 ----D---- C:\Windows\Prefetch
2009-05-26 19:58:29 ----D---- C:\Windows\System32
2009-05-26 19:58:28 ----D---- C:\Windows\inf
2009-05-26 19:58:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-26 19:53:49 ----D---- C:\Users\Honza\AppData\Roaming\MxBoost
2009-05-26 19:53:34 ----D---- C:\Windows\Tasks
2009-05-26 19:51:44 ----D---- C:\Users\Honza\AppData\Roaming\Skype
2009-05-26 19:19:01 ----D---- C:\Windows\Microsoft.NET
2009-05-26 19:19:00 ----RSD---- C:\Windows\assembly
2009-05-26 19:12:47 ----D---- C:\Windows\system32\cs-CZ
2009-05-26 19:12:37 ----D---- C:\Windows\system32\XPSViewer
2009-05-26 19:12:37 ----D---- C:\Windows\system32\wbem
2009-05-26 19:12:37 ----D---- C:\Windows\system32\en-US
2009-05-26 19:11:41 ----D---- C:\Windows\winsxs
2009-05-26 19:10:32 ----SHD---- C:\Windows\Installer
2009-05-26 19:08:23 ----D---- C:\Windows\system32\catroot2
2009-05-26 19:08:18 ----D---- C:\Windows\system32\catroot
2009-05-26 18:58:11 ----SHD---- C:\System Volume Information
2009-05-26 17:47:38 ----D---- C:\Program Files\Google
2009-05-26 17:27:51 ----D---- C:\Windows\system32\Msdtc
2009-05-26 17:27:49 ----D---- C:\Windows
2009-05-26 17:27:08 ----D---- C:\Windows\system32\config
2009-05-26 17:27:01 ----D---- C:\Windows\system32\Tasks
2009-05-26 17:27:01 ----D---- C:\Windows\system32\spool
2009-05-26 17:27:01 ----D---- C:\Windows\Minidump
2009-05-26 17:26:59 ----D---- C:\Windows\registration
2009-05-26 13:29:13 ----D---- C:\ProgramData\Google Updater
2009-05-26 13:20:37 ----D---- C:\Windows\system32\drivers
2009-05-24 14:06:02 ----D---- C:\Users\Honza\AppData\Roaming\Mozilla
2009-05-24 14:05:58 ----D---- C:\Program Files\Mozilla Firefox
2009-05-24 13:11:15 ----D---- C:\Windows\system32\WDI
2009-05-24 13:10:02 ----A---- C:\Windows\system.ini
2009-05-24 13:07:32 ----D---- C:\Windows\AppPatch
2009-05-24 13:07:31 ----D---- C:\Program Files\Common Files
2009-05-23 15:24:56 ----HD---- C:\ProgramData
2009-05-23 13:28:05 ----RD---- C:\Program Files
2009-05-23 13:13:29 ----D---- C:\Windows\Debug
2009-05-23 12:59:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-23 12:57:26 ----D---- C:\ProgramData\Symantec
2009-05-21 17:05:59 ----D---- C:\Program Files\Maxthon2
2009-05-09 10:06:22 ----D---- C:\Users\Honza\AppData\Roaming\BSplayer
2009-05-07 11:13:15 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-07 11:11:51 ----D---- C:\Program Files\Common Files\InstallShield
2009-05-03 08:39:18 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-15 3691520]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2004-09-10 84064]
S3 a159bm02;a159bm02; C:\Windows\system32\drivers\a159bm02.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-15 679936]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 SentinelProtectionServer;SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2004-09-10 189536]
S2 gupdate1c98f484d9f520;Služba Google Update (gupdate1c98f484d9f520); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-09 651720]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

-----------------EOF-----------------

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 26 kvě 2009 19:55
od motji
Log je v pořádku, viry by to být nemělo.

Zkuste pc optimalizovat Vista managerem http://www.slunecnice.cz/sw/vista-manager/

Hlásí Vám to nějakou chybu?

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 27 kvě 2009 09:37
od Vincent
nejsem si jist, jestli jsem udělal přesně to, co jste chtěl. prošel jsem to "optimizerem" a nahlásilo mi to opět pouze chybu ve vyhledávání aktualizací. Rovněž mám uložený log, ten ale nejde otevřít. Těch funkcí je v tom manageru víc, tak nevím, jestli jsem použil tu správnou.

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 27 kvě 2009 09:46
od motji
Můžete sem napsat jakou chybu, je tam u toho nějaký kod?

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 27 kvě 2009 10:31
od Vincent
80072EFD

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 27 kvě 2009 10:52
od motji
podle toho kodu něco těm aktualizacím brání. Pokud máte zapnutý firewall, zkuste ho vypnout

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 27 kvě 2009 10:56
od Vincent
už to vypadá, že to bude v pořádku. Mockrát vám děkuju za pomoc!

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 27 kvě 2009 11:23
od motji
Není zač :) . Pokud by ty aktualizace stále nešli stahnout, ozvěte se, něco vymyslíme :)

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 01 lis 2010 08:24
od Karya
Cauko

Precital som snad vsetko ale nemozem najst postup pre mna.Moj problem je ze na disku C a D mam adresar autorun.inf a v nich subor lpt3.This folder was created by Flas tento subor nejde zmazat co je to?A este mam tu flesku na ktoru nejde zapisovat aj ked nema ochrany prepinac na uzamknutie. dakujem

Re: zavirovaný PC, chyba 80072EFD a 80240016

Napsal: 01 lis 2010 16:18
od motji
Karya píše:Cauko

Precital som snad vsetko ale nemozem najst postup pre mna.Moj problem je ze na disku C a D mam adresar autorun.inf a v nich subor lpt3.This folder was created by Flas tento subor nejde zmazat co je to?A este mam tu flesku na ktoru nejde zapisovat aj ked nema ochrany prepinac na uzamknutie. dakujem
Založte si prosím vlastní topic a vložte do něj log ze Rsitu, viz můj pdopis.
Pak se někdo z nás rádců na log podívá :)