prosim o kontrolu

Zpráva

grubero · #1 Příspěvek od **grubero** » 17 zář 2010 09:02

Logfile of random's system information tool 1.08 (written by random/random)
Run by pos at 2010-09-17 09:59:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 66 GB (87%) free of 76 GB
Total RAM: 1014 MB (57% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-29 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-29 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-29 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-10-16 18782720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\pos.YVESROCHER\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Zástupce - cisti.lnk - C:\POS\cisti.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 2 months======

2010-09-17 09:59:05 ----D---- C:\Program Files\trend micro
2010-09-17 09:59:04 ----D---- C:\rsit
2010-09-17 09:53:27 ----D---- C:\Program Files\CCleaner
2010-09-17 09:49:22 ----D---- C:\Documents and Settings\pos.YVESROCHER\Data aplikací\TeamViewer
2010-09-16 09:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-16 09:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-16 09:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-16 09:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-16 09:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-16 09:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-16 09:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-08-23 11:31:22 ----RA---- C:\WINDOWS\system32\drivers\ipgdnd51.sys
2010-08-23 11:31:20 ----D---- C:\WINDOWS\OEM_ICPLUS
2010-08-11 21:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-11 21:16:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-11 21:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-11 21:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-11 21:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-11 21:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-11 21:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-11 21:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-03 21:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$

======List of files/folders modified in the last 2 months======

2010-09-17 09:59:08 ----D---- C:\WINDOWS\Prefetch
2010-09-17 09:59:05 ----RD---- C:\Program Files
2010-09-17 09:55:45 ----SHD---- C:\WINDOWS\Installer
2010-09-17 09:55:06 ----D---- C:\WINDOWS\system32
2010-09-17 09:53:49 ----D---- C:\WINDOWS\Temp
2010-09-17 09:45:38 ----D---- C:\POS
2010-09-17 09:05:28 ----D---- C:\WINDOWS\security
2010-09-17 09:04:53 ----SD---- C:\WINDOWS\Tasks
2010-09-17 08:59:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-16 21:09:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-16 19:06:57 ----D---- C:\posta
2010-09-16 09:14:58 ----D---- C:\WINDOWS
2010-09-16 09:05:51 ----HD---- C:\WINDOWS\inf
2010-09-16 09:05:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-16 09:05:41 ----A---- C:\WINDOWS\imsins.BAK
2010-09-16 09:05:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-16 09:03:25 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-23 11:31:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-23 11:31:38 ----D---- C:\WINDOWS\system32\drivers
2010-08-17 15:17:06 ----A---- C:\WINDOWS\system32\spoolsv.exe
2010-08-12 09:38:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-12 09:38:07 ----RSD---- C:\WINDOWS\assembly
2010-08-11 21:15:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 21:14:40 ----D---- C:\WINDOWS\WinSxS
2010-08-11 21:10:50 ----D---- C:\Program Files\Internet Explorer
2010-08-11 21:08:19 ----D---- C:\Program Files\Movie Maker
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-22 17:46:07 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2010-07-22 08:19:05 ----A---- C:\WINDOWS\system32\xpsp4res.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-10-21 5934592]
R3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\ipgdnd51.sys [2006-11-14 33408]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 oxmf;OXPCI Bus enumerator; C:\WINDOWS\system32\DRIVERS\oxmf.sys [2005-11-15 16512]
S1 oxser;OX16C95x Serial port driver; C:\WINDOWS\system32\DRIVERS\oxser.sys [2005-11-15 53376]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 Oxmfuf;Filter driver for OX16PCI95x ports; C:\WINDOWS\system32\DRIVERS\oxmfuf.sys [2005-11-15 5376]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2009-02-19 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2009-02-19 62592]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 17 zář 2010 11:57

Zdravim a pekny den preji

Tohle C:\POS\cisti.bat znate

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

VIRY.CZ

prosim o kontrolu

prosim o kontrolu

Re: prosim o kontrolu