VIRY.CZ

Ahoj a prosím o kontrolu ...

ComboFix 10-09-01.04 - MH 03.09.2010 9:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.959 [GMT 2:00]
Spuštěný z: c:\users\MH\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MH\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
c:\users\MH\AppData\Local\Microsoft\Windows\Temporary Internet Files\TRNCOM.INI
c:\users\MH\AppData\Local\Microsoft\Windows\Temporary Internet Files\WDICT32.INI
c:\users\MH\AppData\Roaming\AD ON Multimedia
c:\users\MH\AppData\Roaming\inst.exe
c:\windows\system32\%appdata%
c:\windows\system32\Chip.dll
c:\windows\system32\Pvt.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-03 do 2010-09-03 )))))))))))))))))))))))))))))))
.

2010-09-03 07:31 . 2010-09-03 07:34 -------- d-----w- c:\users\MH\AppData\Local\temp
2010-09-03 07:31 . 2010-09-03 07:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-02 13:51 . 2010-09-02 13:51 -------- d-----w- c:\programdata\McAfee
2010-09-02 13:32 . 2010-09-02 13:32 -------- d-----w- c:\program files\MPC HomeCinema
2010-09-02 10:43 . 2010-09-02 10:43 -------- d-----w- c:\users\MH\AppData\Roaming\EuroTalk
2010-08-20 10:41 . 2009-08-19 21:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-08-19 12:42 . 2010-08-19 12:42 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 3
2010-08-18 08:33 . 2010-08-18 08:33 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-11 12:45 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 12:45 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 12:45 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 07:34 . 2010-06-04 10:55 34613 ----a-w- c:\programdata\nvModes.dat
2010-09-03 07:31 . 2009-11-26 11:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-02 13:15 . 2009-09-23 13:11 -------- d-----w- c:\users\MH\AppData\Roaming\uTorrent
2010-09-02 12:48 . 2008-02-27 07:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 11:09 . 2007-01-08 21:09 610486 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 11:09 . 2007-01-08 21:09 119102 ----a-w- c:\windows\system32\perfc005.dat
2010-09-02 11:03 . 2007-11-22 08:54 -------- d-----w- c:\program files\Microsoft.NET
2010-09-02 10:46 . 2008-01-10 10:05 -------- d-----w- c:\users\MH\AppData\Roaming\Media Player Classic
2010-09-02 09:20 . 2007-11-23 08:12 -------- d-----w- c:\users\MH\AppData\Roaming\Canon
2010-08-31 12:55 . 2008-04-18 09:25 2776 --sha-w- c:\programdata\KGyGaAvL.sys
2010-08-18 08:33 . 2007-11-21 16:21 127504 ----a-w- c:\users\MH\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 08:28 . 2007-10-19 16:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-18 08:24 . 2009-01-12 09:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-17 11:06 . 2008-05-19 06:35 -------- d-----w- c:\program files\Opera
2010-08-11 13:08 . 2008-01-08 12:39 -------- d-----w- c:\programdata\DVD Shrink
2010-08-11 12:51 . 2007-10-19 16:55 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 12:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-06 07:52 . 2007-12-04 13:19 -------- d-----w- c:\program files\CCleaner
2010-08-06 07:45 . 2009-04-03 09:23 -------- d-----w- c:\program files\ODIR
2010-08-06 07:41 . 2009-03-25 15:16 -------- d-----w- c:\programdata\MainType
2010-08-06 06:52 . 2007-12-21 14:05 -------- d-----w- c:\program files\Java
2010-07-29 11:31 . 2010-07-29 11:31 96920 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-07-29 11:31 . 2010-07-29 11:31 136632 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-07-29 11:31 . 2010-07-29 11:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-22 11:34 . 2007-12-18 13:54 -------- d-----w- c:\users\MH\AppData\Roaming\Vso
2010-07-22 11:33 . 2007-12-18 13:54 47360 ----a-w- c:\users\MH\AppData\Roaming\pcouffin.sys
2010-07-22 11:33 . 2010-07-22 11:33 -------- d-----w- c:\users\MH\AppData\Roaming\NVIDIA
2010-07-22 11:33 . 2010-03-26 07:55 -------- d-----w- c:\program files\DVDFab 7
2010-07-19 10:12 . 2009-11-11 14:17 -------- d-----w- c:\users\MH\AppData\Roaming\HpUpdate
2010-06-26 06:05 . 2010-08-11 12:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 12:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 12:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 12:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-18 17:31 . 2010-08-11 12:44 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 12:44 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 12:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-11 12:44 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-11 12:44 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-11 12:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-12-17 516096]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 144792]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

c:\users\MH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2008-10-15 1010688]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2009-4-15 155715]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"recinfo578"=c:\recinfo\RecInfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):22,71,2e,bb,03,ff,c9,01

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 135664]
R2 IWPORT;IWPORT;c:\windows\SYSTEM32\DRIVERS\IWPORT.SYS [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-12 721904]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 NaturalColor;NaturalColor;c:\windows\system32\drivers\MTictwl.sys [2008-10-31 14080]
S2 DBService;SyncThru Web Admin Service Database Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDatabase.exe [2006-01-16 114688]
S2 DispatcherServiceNT;SyncThru Web Admin Service Dispatcher Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDispatcher.exe [2006-01-16 106496]
S2 DMService;SyncThru Web Admin Service Device Manager Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDeviceManager.exe [2006-01-16 327680]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 SLPService;SyncThru Web Admin Service SLP Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvSLP.exe [2006-01-16 110592]
S2 SNMPService;SyncThru Web Admin Service SNMP Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvSNMP.exe [2006-01-16 229376]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-22 5120]
S2 WebServiceNT;SyncThru Web Admin Service Web Server;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTWebServer.exe [2006-01-16 126976]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 13:53]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 13:53]

2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{1F8E8708-0FE9-4A7F-9B5E-F4C74B1F25BF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to &Teleport - c:\users\MH\AppData\Local\Temp\7zS2B27.tmp\teleport.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: ppl.cz\klient
TCP: {24E57552-97EB-4D46-9B35-56F175540F9D} = 212.158.128.2,212.158.128.3
FF - ProfilePath - c:\users\MH\AppData\Roaming\Mozilla\Firefox\Profiles\9ck4rjtb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - component: c:\users\MH\AppData\Roaming\Mozilla\Firefox\Profiles\9ck4rjtb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 09:34
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2010-09-03 09:49:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-03 07:49
ComboFix2.txt 2009-06-01 14:34

Před spuštěním: Volných bajtů: 14 685 573 120
Po spuštění: Volných bajtů: 14 544 183 296

- - End Of File - - 628A2D5CE237A5D55D9CF06E7C01B6AE

8 položek bylo smazáno, zbytek logu vypadá čistý. Nastala nějaká změna?

Ahoj a díky za kontrolu, zdá se to lepší , možná ty aktualizace win nějaké teď co byly...

možná ty aktualizace win nějaké teď co byly...

Stane se občas, že se nenainstaluje, nebo se nainstaluje nekorektně a pak to dělá problém. Nemáte zač!

VIRY.CZ

Prosim o kontrolu logu, po startu PC zatuhává.

Prosim o kontrolu logu, po startu PC zatuhává.

Re: Prosim o kontrolu logu, po startu PC zatuhává.

Re: Prosim o kontrolu logu, po startu PC zatuhává.

Re: Prosim o kontrolu logu, po startu PC zatuhává.