VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosim o kontrolu

https://forum.viry.cz:443/viewtopic.php?t=108447

Stránka 1 z 2

Prosim o kontrolu

Napsal: 13 led 2011 08:12
od justrideit
Prosim vas o kontrolu pc, prikladam log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sabolova at 2011-01-13 08:09:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (70%) free of 38 GB
Total RAM: 1150 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:49, on 13.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Canon\VDC\AuVdc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Sabolova\Dokumenty\Preberanie\RSIT.exe
C:\Program Files\trend micro\Sabolova.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: K2.lnk = K2\K2_3main.exe
O4 - Startup: Sieť.lnk = C:\BATCH\NETUSE.BAT
O4 - Startup: Zástupce - E-mail.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA15BCD-75C0-4CBF-8734-58990C7F32DA}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O24 - Desktop Component 0: (no name) - http://www.fun-online.sk/wall/images/1058775112.jpg

--
End of file - 4246 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2010-01-27 256280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]

C:\Documents and Settings\Sabolova\Nabídka Start\Programy\Po spuštění
K2.lnk - L:\K2\K2_3main.exe
Sieť.lnk - C:\BATCH\NETUSE.BAT
Zástupce - E-mail.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Disabled:Trillian"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-01-13 08:09:14 ----D---- C:\rsit
2011-01-13 08:09:14 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 months======

2011-01-13 08:09:46 ----D---- C:\WINDOWS\temp
2011-01-13 08:09:14 ----RD---- C:\Program Files
2011-01-13 08:09:10 ----D---- C:\WINDOWS\Prefetch
2011-01-13 07:57:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-13 07:49:57 ----A---- C:\WINDOWS\WINCMD.INI
2011-01-13 07:45:12 ----D---- C:\WINDOWS
2011-01-13 07:44:46 ----D---- C:\WINDOWS\system32
2011-01-13 07:36:18 ----D---- C:\WINDOWS\Debug
2011-01-13 07:22:23 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-13 07:22:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-13 07:21:11 ----HD---- C:\WINDOWS\inf
2011-01-13 07:19:16 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-13 07:19:12 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-05 07:19:00 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-04 07:57:16 ----D---- C:\Program Files\Outlook Express
2010-12-16 16:08:37 ----RSH---- C:\boot.ini
2010-12-16 16:08:37 ----N---- C:\WINDOWS\win.ini
2010-12-16 16:08:37 ----N---- C:\WINDOWS\system.ini
2010-12-16 16:08:24 ----D---- C:\Documents and Settings\Sabolova\Data aplikací\Skype
2010-12-16 15:54:25 ----D---- C:\Documents and Settings\Sabolova\Data aplikací\skypePM
2010-12-16 07:58:39 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-10-10 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-01-14 108736]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-01-14 78272]
S3 catchme;catchme; \??\C:\DOCUME~1\Sabolova\LOCALS~1\Temp\catchme.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Canon NetSpot Suite Service;Canon NetSpot Suite Service; C:\Program Files\Canon\VDC\AuVdc.exe [2001-01-12 53248]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-12-24 69632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2007-09-03 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Prosim o kontrolu

Napsal: 13 led 2011 09:52
od justrideit
Sorry, zabudol som pridat s cim je problem. Ten je pri spusteni programu K2, stale vypisuje chybove hlasenie pri spusteni a ak ho nahodou raz za cas otvori, tak aj pri ukonceni programu vyhadzuje chybu. Je to informacny system nainstalovany na sieti. Neviem uz fakt co sa mohlo dosrat..dik za rady ako dalej :)

Re: Prosim o kontrolu

Napsal: 13 led 2011 10:53
od motji
Hezké dopoledne :)
Zkoušel jste ten program přeinstalovat?

Re: Prosim o kontrolu

Napsal: 13 led 2011 10:58
od justrideit
Program ma licenciu pre 13 uzivatelov, pricom na vsetkych pocitacoch sa sprava normalne, da sa spustit bez problemov, akurat na tomto pc to blbne. Moze to byt chyba OS? Ze bude lepsie ho preinstalovat, alebo je mozne to opravit? Dik

Edit: Program prechadza dost casto aktualizaciami, pretoze sa meni alebo doplna podla poziadaviek. Na pc sa nedavno doplnovala pamat RAM, kedze som myslel ze problem bude v nedostatku pamati, ktora bola 256 MB (rozsirena na 1 GB), co vsak nepomohlo...

Re: Prosim o kontrolu

Napsal: 13 led 2011 11:03
od motji
Já bych zkusila ten program přeinstalovat. Program neznám, ale pokud zlobí, bude problém v něm, mohl se nějak poškodit.

Re: Prosim o kontrolu

Napsal: 13 led 2011 11:06
od justrideit
Problem s PC teda nevidno ziadny? :) tak skusim teda zistit ci je mozne ho preinstalovat..

Re: Prosim o kontrolu

Napsal: 13 led 2011 11:22
od motji
žádný virový problém nevidím :) .
Ještě mi sem můžete vložit log ze rsitu s názvem info.txt

:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Re: Prosim o kontrolu

Napsal: 13 led 2011 11:26
od justrideit
info.txt zo zlozky RSIT:

info.txt logfile of random's system information tool 1.08 2011-01-13 08:09:54

======Uninstall list======

-->C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\Canon\VDCUninst.isu" -a -y -c"C:\Program Files\Canon\VDCUninst.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A81200000003}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Color Network ScanGear Ver.2.21-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{8EDF23FC-A3FE-4E0F-8FBB-DEB0439D0A44} UNINSTALL
Convert XLSX to XLS-->MsiExec.exe /I{3B65F1C6-9969-4FF5-9FCD-E0EC2A3F4DAD}
Crystal Runtime 8.5-->C:\WINDOWS\IsUn0405.exe -fC:\WINDOWS\CRYSTAL\UninstCR.isu
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
ESET Smart Security-->MsiExec.exe /I{F73F733A-7E69-43E6-BA22-99124291B95F}
FormEdik 1.20-->"C:\Program Files\FormEdik\unins000.exe"
Formik 2.16B-->"C:\Program Files\Formik\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Color LaserJet 2820/2830/2840 2.0-->"C:\Program Files\HP\Digital Imaging\{1030DCDC-2425-407d-BEE1-13558B837FCA}\setup\hpzscr01.exe" -datfile hppscr01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
IrfanView (remove only)-->K:\Pracovny\IrfanView\iv_uninstall.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 97 Standard-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Std.stf
Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PDFCreator-->"C:\Program Files\PDFCreator\unins000.exe"
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
WinBackup-->"C:\Program Files\LIUtilities\WinBackup\unins000.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

192.168.1.190 NPI6609A8

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET personal firewall

======System event log======

Computer Name: KLIENT02
Event Code: 2511
Message: Obnovení sdílené položky OL30 se nezdařilo, protože složka C:\OL30 neexistuje. Smažte sdílenou položku příkazem net share OL30 /delete, nebo vytvořte složku C:\OL30 znovu.

Record Number: 41309
Source Name: Server
Time Written: 20100913075401.000000+120
Event Type: warning
User:

Computer Name: KLIENT02
Event Code: 2511
Message: Obnovení sdílené položky OL30 se nezdařilo, protože složka C:\OL30 neexistuje. Smažte sdílenou položku příkazem net share OL30 /delete, nebo vytvořte složku C:\OL30 znovu.

Record Number: 41290
Source Name: Server
Time Written: 20100910154640.000000+120
Event Type: warning
User:

Computer Name: KLIENT02
Event Code: 2511
Message: Obnovení sdílené položky OL30 se nezdařilo, protože složka C:\OL30 neexistuje. Smažte sdílenou položku příkazem net share OL30 /delete, nebo vytvořte složku C:\OL30 znovu.

Record Number: 41270
Source Name: Server
Time Written: 20100910071222.000000+120
Event Type: warning
User:

Computer Name: KLIENT02
Event Code: 2511
Message: Obnovení sdílené položky OL30 se nezdařilo, protože složka C:\OL30 neexistuje. Smažte sdílenou položku příkazem net share OL30 /delete, nebo vytvořte složku C:\OL30 znovu.

Record Number: 41251
Source Name: Server
Time Written: 20100909180100.000000+120
Event Type: warning
User:

Computer Name: KLIENT02
Event Code: 2511
Message: Obnovení sdílené položky OL30 se nezdařilo, protože složka C:\OL30 neexistuje. Smažte sdílenou položku příkazem net share OL30 /delete, nebo vytvořte složku C:\OL30 znovu.

Record Number: 41232
Source Name: Server
Time Written: 20100909063723.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: KLIENT02
Event Code: 1041
Message: Systém Windows se nemůže dotazovat na položku registru DllName pro {7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná registrace.

Record Number: 3559
Source Name: Userenv
Time Written: 20100810214335.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: KLIENT02
Event Code: 1041
Message: Systém Windows se nemůže dotazovat na položku registru DllName pro {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná registrace.

Record Number: 3558
Source Name: Userenv
Time Written: 20100810142119.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: KLIENT02
Event Code: 1041
Message: Systém Windows se nemůže dotazovat na položku registru DllName pro {7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná registrace.

Record Number: 3557
Source Name: Userenv
Time Written: 20100810142119.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: KLIENT02
Event Code: 1041
Message: Systém Windows se nemůže dotazovat na položku registru DllName pro {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná registrace.

Record Number: 3556
Source Name: Userenv
Time Written: 20100810141426.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: KLIENT02
Event Code: 1041
Message: Systém Windows se nemůže dotazovat na položku registru DllName pro {7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná registrace.

Record Number: 3555
Source Name: Userenv
Time Written: 20100810141426.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Edit:

sken programu MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5510

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13.1.2011 11:49:49
mbam-log-2011-01-13 (11-49-45).txt

Typ kontroly: Rychlý test
Testované objekty: 139006
Uplynulý čas: 5 minut, 26 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Re: Prosim o kontrolu

Napsal: 13 led 2011 14:12
od motji
V mbamu vše smažte.
Můžeme zkusit ještě combofix, ale předtím si udělejte zálohu důležitých dat. Pokud je to služební pc, at Vám něco nepoškodí/ nesmažte

Re: Prosim o kontrolu

Napsal: 13 led 2011 14:38
od justrideit
Medzitym som skusil urobit aj defragmentaciu disku..po ukonceni som prisiel na to ako keby na tomto pc blblo pripojenie do siete. PC mrzne ako keby na etapy, teraz fakt uz neetusim co to sposobuje, kedze neukazuje ziadny problem. Medzitym som spustil aj ten program, ktory vyhadzoval chybove hlasenia, spustit ho spustilo, tak som ho vypol, ze to skusim znova. Medzitym PC zamrzol a znova nesiel spustit program. Skusil som prezriet kable i router, vsetko vyzera byt ok..nechapem..idem spravit zalohu, snad ten combofix pomoze :) dik za pomoc zatim

Re: Prosim o kontrolu

Napsal: 13 led 2011 14:40
od motji
Tu zálohu si ale udělejte, combofix v poslední době taky trochu zlobí, je to holt jen program :D , ale stále s nejlepší detekcí, co znám :)

:arrow: Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Prosim o kontrolu

Napsal: 18 led 2011 13:27
od justrideit
zdravim po dlhsej dobe, bol tu vikend a den volna, tak skor som nemohol :) stihol som vsak spravit zalohu a spustit combofix, prikladam log:

ComboFix 11-01-17.04 - Sabolova 18.01.2011 13:09:50.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1022.674 [GMT 1:00]
Running from: c:\documents and settings\Sabolova\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-18 10:20 . 2011-01-18 10:21 -------- d-----w- c:\documents and settings\Sabolova\Local Settings\Data aplikací\OpenCandy
2011-01-18 10:20 . 2011-01-18 10:20 -------- d-----w- c:\documents and settings\Sabolova\Data aplikací\OpenCandy
2011-01-13 10:43 . 2011-01-13 10:43 -------- d-----w- c:\documents and settings\Sabolova\Data aplikací\Malwarebytes
2011-01-13 10:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 10:42 . 2011-01-13 10:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-13 10:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 10:42 . 2011-01-13 10:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 07:09 . 2011-01-13 07:09 -------- d-----w- c:\program files\trend micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2004-10-06 12:51 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2002-10-10 17:13 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-05 05:02 . 2004-08-23 18:35 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:02 . 2009-06-30 05:36 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-05 05:02 . 2002-10-10 17:21 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 04:59 . 2004-08-17 22:44 370176 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-10-10 17:11 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-11-02 12:26 . 2006-06-20 10:48 15462504 ----a-w- c:\windows\system32\U2L_K201.DLL
2010-10-28 13:09 . 2002-10-10 16:57 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2002-10-10 17:25 1853312 ------w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2004-10-6 60416]
Sieś.lnk - c:\batch\NETUSE.BAT [2006-8-24 186]

c:\documents and settings\Sabolova\Nabˇdka Start\Programy\Po spuçtŘnˇ\
K2.lnk - l:\k2\K2_3main.exe [2010-11-11 10579048]
Sieś.lnk - c:\batch\NETUSE.BAT [2006-8-24 186]
Z stupce - E-mail.lnk - [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02 26100520 ----a-w- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AudioSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3128:TCP"= 3128:TCP:192.168.1.0/255.255.255.0:Enabled:KLIENT10

R2 Canon NetSpot Suite Service;Canon NetSpot Suite Service;c:\program files\Canon\Vdc\AuVdc.exe [7.10.2004 7:46 53248]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.10.2009 9:16 472280]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: {ABA15BCD-75C0-4CBF-8734-58990C7F32DA} = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sabolova\Data aplikací\Mozilla\Firefox\Profiles\v0biin2a.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-18 13:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-963894560-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-01-18 13:19:26
ComboFix-quarantined-files.txt 2011-01-18 12:19
ComboFix2.txt 2011-01-18 12:04
ComboFix3.txt 2009-07-10 12:24

Pre-Run: Volných bajtů: 28 304 781 312
Post-Run: Volných bajtů: 28 293 931 008

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - DD6A4F4DE03DC98A2E7DFCEE13D8BAF6

Re: Prosim o kontrolu

Napsal: 18 led 2011 13:48
od motji
Tento program bych přeinstalovala
Z stupce - E-mail.lnk - [N/A]

Jinak pc se chová jak?

Re: Prosim o kontrolu

Napsal: 18 led 2011 14:05
od justrideit
Ten zastupca je odkaz na outlook, s ktorym nie su problemy. Skor teraz blbne siet, mam taky pocit akoby chvilu vsetko islo a vo chvili nic. Skusal som vypnut windows firewall a tiez firewall, ktory obsahuje eset, no nic nepomohlo. Problemy so spustenim programu suvisia s problemami so sietou. Je tam integrovana sietova karta, skusal som uz aj pc rozobrat a poskladat, no na nic som neprisiel. Router je v poriadku, tak neviem kde je pes zakopany..som z toho hotovy..ten combofix nic nenasiel?

Re: Prosim o kontrolu

Napsal: 18 led 2011 14:10
od motji
Combofix je ok.
Zkuste přeinstalovat ovladače od síťovky
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz