Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Podezřelá prodleva při nabíhání XP

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
balabanb
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 02 dub 2008 15:23

Podezřelá prodleva při nabíhání XP

#1 Příspěvek od balabanb »

Počítač je prý po odvirování (údajně policejní virus), ale žádné logy ani jiné podrobnosti nemám. Zdá se, že všechno funguje normálně ALE při startu WXPSP3 v úseku "Načítání osobního nastavení" až po zobrazení ikon na ploše je podivná více než minutová prodleva, při které není vidět ani žádná disková aktivita. Na začátku té pauzy problikne FDD a CD. Pak systém normálně naběhne a při práci nejsou znát žádné problémy. Žádné cizí služby neběží, vypnuto už je teď i několik Mikrosoftích. Zkoušel jsem MBAM, SAS, AVG Free - žádnou potvoru neodhalily, ale moc mě to neuspokojilo, tak přikládám log z RSIT a prosím o kontrolu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Uživatel at 2013-09-25 12:58:47
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 109 GB (23%) free of 477 GB
Total RAM: 2047 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:58:52, on 25.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79190167-9B4B-426C-903C-B6B73F1CEC51}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 3286 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.msn.com/?pc=UP22&ocid=UP22DHP&dt=053013"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer]
"Description"=Zylom Games Player 1.00
"Path"=C:\Documents and Settings\All Users\Data aplikací\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt
nsRLCT4Player.xpt

C:\Program Files\Mozilla Firefox\plugins\
CrazyTalk4Native.dll
ctdomemhelper.dll
ctframeplayerobject.dll
ctplayerobject.dll
imagickrt.dll
libdivx.dll
np32dsw.dll
npdivx32.dll
npdivx32.xpt
npDivxPlayerPlugin.dll
NPOFF12.DLL
nppdf32.dll
npRLCT4Player.dll
nsIDivxPlayerPlugin.xpt
rlcontentclass.dll
RLMusicPacker.dll
RLMusicUnpacker.dll
RLVoicePacker.dll
RLVoiceUnpacker.dll
ShockwavePlugin.class
ssldivx.dll

C:\Program Files\Mozilla Firefox\searchplugins\
mall-cz.xml
zumie.xml

C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\extensions\
ascsurfingprotection@iobit.com
ChoiceGuard@Microsoft
cs@dictionaries.addons.mozilla.org
{20a82645-c095-46ed-80e3-08825760534b}

C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\
bingp.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
inbox-hledn.xml
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-23 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-23 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [2011-08-30 223104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
C:\Program Files\Olympus\ib\olycamdetect.exe [2012-02-02 96128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v2]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2004-06-17 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^LUMIX Simple Viewer.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\SIMS\RACER\racer.exe"="C:\SIMS\RACER\racer.exe:*:Enabled:racer"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe"="C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP"
"C:\Program Files\EverStep\Program\EverStep.exe"="C:\Program Files\EverStep\Program\EverStep.exe:*:Enabled:EverStep"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth"
"C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe"="C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:*:Disabled:The Sims™ 3"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.I263"=I263_32.drv
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.xvid"=xvidvfw.dll
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-09-25 12:58:47 ----D---- C:\rsit
2013-09-25 12:47:21 ----D---- C:\Program Files\trend micro
2013-09-25 10:01:30 ----SHD---- C:\RECYCLER
2013-09-25 08:13:22 ----N---- C:\WINDOWS\system32\spmsg2.dll
2013-09-25 08:13:14 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2013-09-25 07:51:53 ----D---- C:\fedc0632e403a835ac017be4d3e291
2013-09-24 14:50:37 ----HD---- C:\WINDOWS\system32\GroupPolicy
2013-09-24 14:48:33 ----ASH---- C:\hiberfil.sys
2013-09-24 14:21:17 ----D---- C:\AdwCleaner
2013-09-24 14:16:30 ----D---- C:\WINDOWS\temp
2013-09-24 14:16:29 ----A---- C:\ComboFix.txt
2013-09-24 13:56:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-09-24 13:56:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2013-09-24 11:30:26 ----D---- C:\Intel
2013-09-24 11:26:36 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\gtopala
2013-09-24 09:47:16 ----D---- C:\Program Files\Microsoft Bootvis
2013-09-24 08:12:30 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\ElevatedDiagnostics
2013-09-24 08:11:11 ----D---- C:\WINDOWS\system32\windowspowershell
2013-09-23 11:37:33 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-09-23 11:37:33 ----A---- C:\WINDOWS\system32\javaws.exe
2013-09-23 11:37:21 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-23 11:37:09 ----D---- C:\Program Files\Java
2013-09-23 11:12:35 ----D---- C:\WINDOWS\Prefetch
2013-09-23 11:02:30 ----N---- C:\WINDOWS\system32\ieencode.dll
2013-09-23 11:01:35 ----A---- C:\WINDOWS\001519_.tmp
2013-09-23 10:59:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2013-09-23 09:21:05 ----D---- C:\pres
2013-09-23 07:57:27 ----D---- C:\WINDOWS\erdnt
2013-09-11 06:13:26 ----D---- C:\Program Files\OLYMPUS
2013-09-11 06:13:23 ----D---- C:\Program Files\DIFX
2013-09-11 06:12:15 ----RA---- C:\WINDOWS\system32\atl80.dll
2013-09-11 06:12:14 ----RA---- C:\WINDOWS\system32\mfc80u.dll
2013-08-27 21:37:20 ----D---- C:\WINDOWS\system32\MRT

======List of files/folders modified in the last 1 month======

2013-09-25 12:58:41 ----A---- C:\WINDOWS\WINCMD.INI
2013-09-25 12:53:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-25 12:49:51 ----D---- C:\Program Files
2013-09-25 11:55:26 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-25 10:19:25 ----D---- C:\WINDOWS\system32
2013-09-25 10:19:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-25 10:09:23 ----AD---- C:\WINDOWS
2013-09-25 10:00:53 ----D---- C:\WINDOWS\system32\drivers
2013-09-25 09:59:24 ----RSD---- C:\WINDOWS\assembly
2013-09-25 09:59:24 ----D---- C:\WINDOWS\Microsoft.NET
2013-09-25 09:52:35 ----SHD---- C:\WINDOWS\Installer
2013-09-25 09:52:34 ----D---- C:\Config.Msi
2013-09-25 09:50:44 ----D---- C:\WINDOWS\WinSxS
2013-09-25 08:44:54 ----D---- C:\WINDOWS\system32\XPSViewer
2013-09-25 08:13:25 ----HD---- C:\WINDOWS\inf
2013-09-25 08:12:58 ----D---- C:\WINDOWS\system32\cs-cz
2013-09-25 08:11:18 ----RSD---- C:\WINDOWS\Fonts
2013-09-25 07:52:07 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-24 14:57:35 ----D---- C:\WINDOWS\security
2013-09-24 14:13:25 ----A---- C:\WINDOWS\system.ini
2013-09-24 14:13:12 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-24 14:09:54 ----D---- C:\WINDOWS\AppPatch
2013-09-24 14:09:51 ----D---- C:\Program Files\Common Files
2013-09-24 13:09:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-09-24 13:09:53 ----HD---- C:\Program Files\InstallShield Installation Information
2013-09-24 12:32:57 ----RSHD---- C:\WINDOWS\system32\dllcache
2013-09-24 12:29:23 ----D---- C:\Program Files\Intel
2013-09-24 11:18:42 ----A---- C:\WINDOWS\NeroDigital.ini
2013-09-24 10:12:24 ----D---- C:\WINDOWS\system32\LogFiles
2013-09-24 09:35:26 ----D---- C:\Program Files\MSECache
2013-09-24 09:11:23 ----SD---- C:\WINDOWS\Tasks
2013-09-24 08:11:14 ----D---- C:\WINDOWS\system32\config
2013-09-24 08:00:55 ----D---- C:\Program Files\Windows Live
2013-09-24 07:51:39 ----D---- C:\WINDOWS\Debug
2013-09-24 07:43:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-09-23 12:38:34 ----D---- C:\Program Files\Internet Explorer
2013-09-23 12:23:38 ----D---- C:\Program Files\Messenger
2013-09-23 12:22:04 ----HD---- C:\WINDOWS\$hf_mig$
2013-09-23 12:14:30 ----D---- C:\Program Files\Outlook Express
2013-09-23 11:37:37 ----D---- C:\Program Files\Common Files\Java
2013-09-23 11:37:12 ----A---- C:\WINDOWS\system32\javaw.exe
2013-09-23 11:37:12 ----A---- C:\WINDOWS\system32\java.exe
2013-09-23 11:37:11 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-09-23 11:22:41 ----D---- C:\WINDOWS\SoftwareDistribution
2013-09-23 11:22:33 ----D---- C:\WINDOWS\Help
2013-09-23 11:02:27 ----D---- C:\WINDOWS\system32\oobe
2013-09-23 10:59:28 ----D---- C:\WINDOWS\ehome
2013-09-23 10:50:30 ----SHD---- C:\System Volume Information
2013-09-23 10:50:30 ----D---- C:\WINDOWS\system32\Restore
2013-09-23 10:00:37 ----RD---- C:\Program Files\Skype
2013-09-23 10:00:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-09-23 09:21:53 ----D---- C:\Archiv
2013-09-23 08:49:14 ----D---- C:\WINDOWS\Logs
2013-09-23 08:34:14 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-09-23 08:34:10 ----D---- C:\Program Files\Common Files\PC Tools
2013-09-23 08:20:41 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\uTorrent
2013-09-23 08:15:56 ----RASH---- C:\boot.ini
2013-09-23 08:15:56 ----A---- C:\WINDOWS\win.ini
2013-09-20 08:16:57 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-17 06:16:47 ----D---- C:\marek
2013-09-16 21:49:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-09-16 21:41:32 ----A---- C:\WINDOWS\system32\MRT.exe
2013-09-14 19:54:44 ----D---- C:\Program Files\StepMania
2013-09-12 06:22:56 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\IObit
2013-09-08 13:43:58 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\OpenOffice.org2
2013-09-07 12:00:22 ----D---- C:\Program Files\Zoner
2013-08-29 10:33:57 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Zoner
2013-08-27 21:39:54 ----D---- C:\WINDOWS\system32\MpEngineStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-09-12 477240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-10-19 250368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2012-06-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2012-06-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2012-06-27 123648]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 catchme;catchme; \??\C:\DOCUME~1\UIVATE~3\LOCALS~1\Temp\catchme.sys []
S4 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S4 TrueSight;TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-10-11 520192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-03-18 79360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-19 1045256]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-25 117656]
S3 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT; C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2008-12-18 9158656]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT; C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-11-05 238952]
S4 gupdate1ca38236c9b8de8;Služba Google Update (gupdate1ca38236c9b8de8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-09-23 182696]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezřelá prodleva při nabíhání XP

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Kdo to odvirovaval a jak? To jste nekomu zaplatil?
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
balabanb
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 02 dub 2008 15:23

Re: Podezřelá prodleva při nabíhání XP

#3 Příspěvek od balabanb »

Není to můj počítač a bohužel ani žádné podrobnosti o čištění nemám, dotyčného Viktora Čističe taky neznám. Nezůstaly tam ani žádné logy. Odstraňoval jsem z toho nějaké zakousnuté pozůstatky Advanced System Care, TuneUp Utilities a asi tam bylo i AVG free 2012. Třeba po použití ComboFixu jsem tam ale žádné stopy nenašel. Podle datumu na adresářích bych si tipnul, že při tom byl doinstalováván SP3, ale jestli to bylo všechno v pořádku dokončeno, to nevím, jelikož byl nějaký nabouraný Windows Installer a Update. Mimo jiné jsem musel i odstranit .NET Frameworky (Cleanup Tooll) a doinstalovat je znova. Teď už Windows Update normálně běží, okna jsou zaktualizována.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezřelá prodleva při nabíhání XP

#4 Příspěvek od vyosek »

:arrow: Zkuste se podivat po tomto logu C:\ComboFix.txt

:arrow: Stahnete FRST 32-bit version z teto stranky http://www.bleepingcomputer.com/downloa ... scan-tool/

:arrow: Spuštění FRST
  • Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na [Ano].
  • Dooznačíme položku Addition.txt - viz obrázek.
    Obrázek
  • Klikneme na tlačítko [Scan], čímž spustíme skenování.
  • Počkáme na dokončení skenování FRST
  • Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
  • Na ploše nám zbyde utilita FRST a dva logy - FRST.txt a Addition.txt - nic z toho zatím nemažeme!
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
balabanb
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 02 dub 2008 15:23

Re: Podezřelá prodleva při nabíhání XP

#5 Příspěvek od balabanb »

C:\ComboFix.txt - díval jsem se špatně, opravdu tam byl.

ComboFix 13-09-24.02 - Uživatel 24.09.2013 14:04:08.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1498 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-24 do 2013-09-24 )))))))))))))))))))))))))))))))
.
.
2013-09-24 11:56 . 2013-09-24 11:56 -------- d-----w- C:\IObit
2013-09-24 11:56 . 2013-09-24 11:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-09-24 11:56 . 2013-09-24 11:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2013-09-24 11:56 . 2013-09-24 11:56 -------- d-----w- c:\program files\IObit
2013-09-24 09:30 . 2013-09-24 09:30 -------- d-----w- C:\Intel
2013-09-24 09:26 . 2013-09-24 09:26 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\gtopala
2013-09-24 07:47 . 2013-09-24 11:45 -------- d-----w- c:\program files\Microsoft Bootvis
2013-09-24 07:06 . 2013-09-24 07:06 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\ParetoLogic
2013-09-24 07:06 . 2013-09-24 07:06 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\DriverCure
2013-09-24 07:05 . 2013-09-24 07:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ParetoLogic
2013-09-24 06:40 . 2008-04-13 20:04 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2013-09-24 06:39 . 2001-08-17 19:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2013-09-24 06:38 . 2001-10-24 10:24 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2013-09-24 06:37 . 2001-08-17 19:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2013-09-24 06:36 . 2001-08-17 18:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2013-09-24 06:35 . 2001-08-17 18:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2013-09-24 06:34 . 2001-07-21 20:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2013-09-24 06:33 . 2001-10-24 10:24 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2013-09-24 06:32 . 2001-08-17 19:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2013-09-24 06:31 . 2001-10-24 10:25 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2013-09-24 06:30 . 2001-08-17 20:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2013-09-24 06:29 . 2001-08-17 19:49 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2013-09-24 06:28 . 2001-08-17 19:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2013-09-24 06:27 . 2001-10-24 09:48 727786 ----a-w- c:\windows\system32\dllcache\ltck000c.sys
2013-09-24 06:26 . 2001-08-17 19:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2013-09-24 06:25 . 2001-10-24 10:24 26624 ----a-w- c:\windows\system32\dllcache\icam3ext.dll
2013-09-24 06:24 . 2001-08-17 19:52 5760 ----a-w- c:\windows\system32\dllcache\hpt4qic.sys
2013-09-24 06:23 . 2001-10-24 10:24 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2013-09-24 06:22 . 2001-10-24 10:25 62464 ----a-w- c:\windows\system32\dllcache\eqnloop.exe
2013-09-24 06:21 . 2001-10-24 10:24 38985 ----a-w- c:\windows\system32\dllcache\disrvsu.dll
2013-09-24 06:20 . 2008-04-13 22:06 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys
2013-09-24 06:19 . 2001-10-24 10:25 32256 ----a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2013-09-24 06:18 . 2001-10-24 10:24 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-09-24 06:12 . 2013-09-24 06:12 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\ElevatedDiagnostics
2013-09-23 11:27 . 2013-09-23 11:27 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\MFAData
2013-09-23 11:17 . 2013-09-23 11:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-09-23 11:14 . 2013-09-23 11:14 -------- d-----w- C:\smeti
2013-09-23 09:57 . 2013-08-08 06:05 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-09-23 09:37 . 2013-09-23 09:37 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-23 09:37 . 2013-09-23 09:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-23 09:37 . 2013-09-23 09:37 -------- d-----w- c:\program files\Java
2013-09-23 09:22 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-09-23 09:02 . 2008-04-14 06:51 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2013-09-23 09:02 . 2008-04-14 06:51 81920 ------w- c:\windows\system32\ieencode.dll
2013-09-23 09:01 . 2006-12-28 22:31 19569 ----a-w- c:\windows\001519_.tmp
2013-09-23 07:21 . 2013-09-23 08:53 -------- d-----w- C:\pres
2013-09-23 05:40 . 2013-09-23 07:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\wGggloBiDGK
2013-09-22 03:14 . 2013-09-23 07:33 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\lUDIAQjc
2013-09-11 04:18 . 2013-09-11 04:56 -------- d-----w- c:\documents and settings\Sims\Plocha
2013-09-11 04:18 . 2013-09-11 04:18 -------- d-----w- c:\documents and settings\Sims\Nabídka Start
2013-09-11 04:13 . 2013-09-11 04:27 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\OLYMPUS
2013-09-11 04:13 . 2013-09-11 04:16 -------- d-----w- c:\program files\OLYMPUS
2013-09-11 04:13 . 2013-09-11 04:13 -------- d-----w- c:\program files\DIFX
2013-09-11 04:12 . 2005-09-22 23:07 95744 ----a-r- c:\windows\system32\atl80.dll
2013-09-11 04:12 . 2005-09-22 23:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2013-09-11 04:12 . 2005-09-22 23:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2013-09-11 04:12 . 2005-09-23 01:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2013-08-27 19:37 . 2013-09-16 19:44 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-24 09:30 . 2013-09-24 09:30 32768 ----a-w- c:\windows\inf\UpdateUSB.exe
2013-09-23 09:37 . 2010-10-21 11:23 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-23 09:37 . 2011-06-02 16:10 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-20 06:16 . 2012-07-19 10:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 06:16 . 2011-10-14 11:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2010-10-21 11:23 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2010-10-21 11:23 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2010-10-21 11:23 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2010-10-21 11:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2010-10-21 11:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2010-10-21 11:22 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2010-10-21 11:23 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2010-10-21 11:23 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2010-10-21 11:23 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2010-10-21 11:23 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2010-10-21 11:23 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2010-10-21 11:23 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-10-01 14:00 . 2010-10-21 11:17 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2006-06-15 19:33 . 2013-08-25 11:15 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 . 2013-08-25 11:15 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 . 2013-08-25 11:15 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 . 2013-08-25 11:15 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 . 2013-08-25 11:15 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2009-05-01 21:02 . 2013-08-25 11:15 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-04-10 17:35 . 2013-08-25 11:15 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 . 2013-08-25 11:15 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 . 2013-08-25 11:15 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 . 2013-08-25 11:15 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 . 2013-08-25 11:15 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-05-01 21:02 . 2013-08-25 11:15 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 17:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2011-08-30 15:31 223104 ------w- c:\program files\OLYMPUS\ib\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
2012-02-02 14:14 96128 ------w- c:\program files\OLYMPUS\ib\olycamdetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v2]
2004-06-17 13:27 442368 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\SIMS\\RACER\\racer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\EverStep\\Program\\EverStep.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Electronic Arts\\The Sims 3\\Game\\Bin\\Sims3Launcher.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.12.2010 21:18 36608]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [21.10.2010 13:14 323584]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [5.10.2012 18:13 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [5.10.2012 18:13 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [5.10.2012 18:13 123648]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [24.12.2010 21:18 238952]
S4 gupdate1ca38236c9b8de8;Služba Google Update (gupdate1ca38236c9b8de8);c:\program files\Google\Update\GoogleUpdate.exe [21.10.2010 13:12 133104]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 22:20 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... earchTerms}
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{79190167-9B4B-426C-903C-B6B73F1CEC51}: NameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP&dt=053013
FF - ExtSQL: 2013-09-24 15:56; ascsurfingprotection@iobit.com; c:\documents and settings\UĹľivatel\Data aplikacĂ­\Mozilla\Firefox\Profiles\wjqzpwax.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2010-10-21 13:21; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-07-10 11:57; avg@toolbar; c:\documents and settings\All Users\Data aplikací\AVG Secure Search\FireFoxExt\15.5.0.2
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-24 14:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-09-24 14:16:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-24 12:16
ComboFix2.txt 2013-09-23 07:13
ComboFix3.txt 2013-09-23 06:14
.
Před spuštěním: Volných bajtů: 120 287 797 248
Po spuštění: Volných bajtů: 120 338 354 176
.
- - End Of File - - E142121F17EEE13E613A527FA9AABCAE
8F558EB6672622401DA993E1E865C861
Nahoru
balabanb
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 02 dub 2008 15:23

Re: Podezřelá prodleva při nabíhání XP

#6 Příspěvek od balabanb »

Log z FRST má přes 100 kilo, posílám ho v příloze.
Přílohy
FRST.zip
(18.79 KiB) Staženo 37 x
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezřelá prodleva při nabíhání XP

#7 Příspěvek od vyosek »

:arrow: A spusteny nebyl jednou, ale vicekrat :roll: Kdo ma ted cuchat, co se tam s nim delo :?:

:arrow: Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

:arrow: Nebezpeci CFka
  • Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
  • Maze stopy po haveti, takze v logu z RSIT neni nic videt
  • Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
  • CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
  • CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
balabanb
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 02 dub 2008 15:23

Re: Podezřelá prodleva při nabíhání XP

#8 Příspěvek od balabanb »

Tak Log z AdwCleaneru už tam je taky dva dny starej. Posílám ho.

# AdwCleaner v3.005 - Report created 24/09/2013 at 14:22:26
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Uživatel - PC
# Running from : C:\Documents and Settings\Uživatel\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Deleted : C:\Program Files\SiteRanker
Folder Deleted : C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\GamePlayLabs Plugin
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\DriverCure
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\ParetoLogic
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\SweetPacksToolbarData
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\Extensions\plugin3@gameplaylabs.com
Folder Deleted : C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\SweetIm.xml
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe]
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SiteRanker
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GamePlayLabs Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GamePlayLabs Plugin

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchMigratedDefaultName]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchMigratedDefaultUrl]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Data aplikací\\AVG Secure Search\\11.1.0.7");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://start.icq.com/");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Line Deleted : user_pref("extensions.enabledAddons", "plugin3%40gameplaylabs.com:3.0,jqs%40sun.com:1.0,ascsurfingprotection%40iobit.com:1.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1369917342");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1369917368");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.fr", "1369917364");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.ranonce", true);
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.rule_/", "1369917368");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_installerid", "vid-exe");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_pid", "5");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_revision", "5");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_source", "4caa425a93dbdb1f6d1082322");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_sub_id", "a-0-2398-9346-7103-0-54-0");
Line Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_zdata", "9346&subid=");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.fr", "1369917364");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_/", "1369917368");

*************************

AdwCleaner[R0].txt - [12529 octets] - [24/09/2013 14:21:19]
AdwCleaner[S0].txt - [12063 octets] - [24/09/2013 14:22:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12124 octets] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezřelá prodleva při nabíhání XP

#9 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [pdfFactory Dispatcher v2] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [442368 2004-06-17] (FinePrint Software, LLC)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [ROC_JAN2013_TB] - "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB
HKU\Administrator\...\Winlogon: [Shell] cmd.exe [ 2008-04-14] (Microsoft Corporation) <==== ATTENTION 
HKU\Administrator\...\Command Processor:  <===== ATTENTION!

KLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZUMIE126&keywords={searchTerms}
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DefaultScope {33F487B8-8AFD-4418-9D10-E39464A99FCA} URL = http://search.seznam.cz/searchScreen?w={searchTerms}&mod=f
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {33F487B8-8AFD-4418-9D10-E39464A99FCA} URL = http://search.seznam.cz/searchScreen?w={searchTerms}&mod=f
SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = 
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Handler: livecall - No CLSID Value - 
Handler: msnim - No CLSID Value - 

FF DefaultSearchEngine: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP&dt=053013
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\inbox-hledn.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\qipsearch.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\Extensions\ascsurfingprotection@iobit.com

S3 catchme; \??\C:\DOCUME~1\UIVATE~3\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x]

DisableService: gupdate1ca38236c9b8de8

2013-09-24 13:56 - 2013-09-24 13:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\IObit
2013-09-24 13:56 - 2013-09-24 13:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-09-23 07:44 - 2013-09-23 07:44 - 00003114 _____ C:\Documents and Settings\Administrator\Plocha\RKreport[0]_D_09232013_074418.txt
2013-09-23 07:43 - 2013-09-23 07:43 - 00003029 _____ C:\Documents and Settings\Administrator\Plocha\RKreport[0]_S_09232013_074305.txt
2013-09-23 07:40 - 2013-09-23 09:33 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Data aplikací\wGggloBiDGK
2013-09-23 07:40 - 2013-09-23 07:44 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha\RK_Quarantine
2013-09-22 08:25 - 2013-09-22 08:25 - 00197632 _____ C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\tovA3tyCm
2013-09-22 08:25 - 2013-09-22 08:25 - 00197632 _____ C:\Documents and Settings\Uživatel\Data aplikací\X3oxuWh2q
2013-09-22 08:25 - 2013-09-22 08:25 - 00197632 _____ C:\Documents and Settings\All Users\Data aplikací\ns8hxne9b5
2013-09-22 05:14 - 2013-09-23 09:33 - 00000000 ____D C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\lUDIAQjc
2013-09-22 05:14 - 2013-09-22 05:14 - 00197632 _____ C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\hmUBS4Uy
2013-09-22 05:14 - 2013-09-22 05:14 - 00197632 _____ C:\Documents and Settings\Uživatel\Data aplikací\vO3sKNMdx
2013-09-22 05:14 - 2013-09-22 05:14 - 00197632 _____ C:\Documents and Settings\All Users\Data aplikací\ufpwkyrhH32
2013-09-23 09:33 - 2013-09-23 07:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Data aplikací\wGggloBiDGK
2013-09-23 09:33 - 2013-09-22 05:14 - 00000000 ____D C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\lUDIAQjc
2013-09-17 23:22 - 2013-03-07 16:46 - 60485632 _____ C:\WINDOWS\system32\config\software.iobit
2013-09-17 23:22 - 2013-03-07 16:46 - 00315392 _____ C:\WINDOWS\system32\config\default.iobit
2013-09-17 23:22 - 2013-03-07 16:46 - 00090112 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-09-17 23:22 - 2013-03-07 16:46 - 00028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-09-12 06:22 - 2013-02-11 15:21 - 00000000 ____D C:\Documents and Settings\Uživatel\Data aplikací\IObit
C:\Program Files\AVG Secure Search

Hosts:
CMD: shutdown /r /f /t 2
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
balabanb
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 02 dub 2008 15:23

Re: Podezřelá prodleva při nabíhání XP

#10 Příspěvek od balabanb »

Předkládám Fixlog.txt (prodleva při startu zůstala).

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-09-2013
Ran by Uživatel at 2013-09-26 13:16:19 Run:1
Running from C:\Documents and Settings\Uživatel\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [pdfFactory Dispatcher v2] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [442368 2004-06-17] (FinePrint Software, LLC)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [ROC_JAN2013_TB] - "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB
HKU\Administrator\...\Winlogon: [Shell] cmd.exe [ 2008-04-14] (Microsoft Corporation) <==== ATTENTION
HKU\Administrator\...\Command Processor: <===== ATTENTION!

KLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZUMIE126&keyw ... earchTerms}
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DefaultScope {33F487B8-8AFD-4418-9D10-E39464A99FCA} URL = http://search.seznam.cz/searchScreen?w= ... rms}&mod=f
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33F487B8-8AFD-4418-9D10-E39464A99FCA} URL = http://search.seznam.cz/searchScreen?w= ... rms}&mod=f
SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL =
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Handler: livecall - No CLSID Value -
Handler: msnim - No CLSID Value -

FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP22&ocid=UP22DHP&dt=053013
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\inbox-hledn.xml
FF SearchPlugin: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\qipsearch.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\Extensions\ascsurfingprotection@iobit.com

S3 catchme; \??\C:\DOCUME~1\UIVATE~3\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x]

DisableService: gupdate1ca38236c9b8de8

2013-09-24 13:56 - 2013-09-24 13:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\IObit
2013-09-24 13:56 - 2013-09-24 13:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-09-23 07:44 - 2013-09-23 07:44 - 00003114 _____ C:\Documents and Settings\Administrator\Plocha\RKreport[0]_D_09232013_074418.txt
2013-09-23 07:43 - 2013-09-23 07:43 - 00003029 _____ C:\Documents and Settings\Administrator\Plocha\RKreport[0]_S_09232013_074305.txt
2013-09-23 07:40 - 2013-09-23 09:33 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Data aplikací\wGggloBiDGK
2013-09-23 07:40 - 2013-09-23 07:44 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha\RK_Quarantine
2013-09-22 08:25 - 2013-09-22 08:25 - 00197632 _____ C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\tovA3tyCm
2013-09-22 08:25 - 2013-09-22 08:25 - 00197632 _____ C:\Documents and Settings\Uživatel\Data aplikací\X3oxuWh2q
2013-09-22 08:25 - 2013-09-22 08:25 - 00197632 _____ C:\Documents and Settings\All Users\Data aplikací\ns8hxne9b5
2013-09-22 05:14 - 2013-09-23 09:33 - 00000000 ____D C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\lUDIAQjc
2013-09-22 05:14 - 2013-09-22 05:14 - 00197632 _____ C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\hmUBS4Uy
2013-09-22 05:14 - 2013-09-22 05:14 - 00197632 _____ C:\Documents and Settings\Uživatel\Data aplikací\vO3sKNMdx
2013-09-22 05:14 - 2013-09-22 05:14 - 00197632 _____ C:\Documents and Settings\All Users\Data aplikací\ufpwkyrhH32
2013-09-23 09:33 - 2013-09-23 07:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Data aplikací\wGggloBiDGK
2013-09-23 09:33 - 2013-09-22 05:14 - 00000000 ____D C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\lUDIAQjc
2013-09-17 23:22 - 2013-03-07 16:46 - 60485632 _____ C:\WINDOWS\system32\config\software.iobit
2013-09-17 23:22 - 2013-03-07 16:46 - 00315392 _____ C:\WINDOWS\system32\config\default.iobit
2013-09-17 23:22 - 2013-03-07 16:46 - 00090112 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-09-17 23:22 - 2013-03-07 16:46 - 00028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-09-12 06:22 - 2013-02-11 15:21 - 00000000 ____D C:\Documents and Settings\Uživatel\Data aplikací\IObit
C:\Program Files\AVG Secure Search

Hosts:
CMD: shutdown /r /f /t 2
End

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pdfFactory Dispatcher v2 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_JAN2013_TB => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33F487B8-8AFD-4418-9D10-E39464A99FCA} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33F487B8-8AFD-4418-9D10-E39464A99FCA} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Value deleted successfully.
HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Key not found.
HKCR\PROTOCOLS\Handler\livecall => Key deleted successfully.
HKCR\PROTOCOLS\Handler\msnim => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\bingp.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-11.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-12.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-13.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-14.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-15.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-16.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-17.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-18.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\icqplugin-19.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\inbox-hledn.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\searchplugins\qipsearch.xml => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\wjqzpwax.default\Extensions\ascsurfingprotection@iobit.com => Moved successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
TrueSight => Service deleted successfully.
gupdate1ca38236c9b8de8 service was disabled
C:\Documents and Settings\All Users\Data aplikací\IObit => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F} => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\RKreport[0]_D_09232013_074418.txt => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\RKreport[0]_S_09232013_074305.txt => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\wGggloBiDGK => Moved successfully.
C:\Documents and Settings\Administrator\Plocha\RK_Quarantine => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\tovA3tyCm => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\X3oxuWh2q => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\ns8hxne9b5 => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\lUDIAQjc => Moved successfully.
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\hmUBS4Uy => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\vO3sKNMdx => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\ufpwkyrhH32 => Moved successfully.
"C:\Documents and Settings\Administrator\Local Settings\Data aplikací\wGggloBiDGK" => File/Directory not found.
"C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\lUDIAQjc" => File/Directory not found.
C:\WINDOWS\system32\config\software.iobit => Moved successfully.
C:\WINDOWS\system32\config\default.iobit => Moved successfully.
C:\WINDOWS\system32\config\SECURITY.iobit => Moved successfully.
C:\WINDOWS\system32\config\SAM.iobit => Moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\IObit => Moved successfully.
"C:\Program Files\AVG Secure Search" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezřelá prodleva při nabíhání XP

#11 Příspěvek od vyosek »

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: Doporucuji provest defragmentaci disku
  • Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
    • Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
    • prepnete se do zalozky Nastroje
    • Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
    • Toto provedte se vsemi disky
  • Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
    • Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
    • Kliknete na Analyzovat
    • Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
    • Postup provedte se vsemi disky
  • Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
    • Vyhodou programku je, ze se neinstaluje
    • Staci tedy jen stahnout dle verze vaseho OS a rozbalit
    • Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
    • Probehne analyza disku a nasledne i defragmentace
:arrow: Dete novy log z RSIT

:arrow: Jak velka je slozka C:\Documents and Settings\Uživatel\Plocha :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
balabanb
Návštěvník
Návštěvník
Příspěvky: 11
Registrován: 02 dub 2008 15:23

Re: Podezřelá prodleva při nabíhání XP

#12 Příspěvek od balabanb »

Všechny ty čistící úkony jsem udělal, dokonce jsem i zdefragmentoval, zkoušel jsem i odsunout z Plochy a Dokumentů filmy a instalačky, čímž se oba adresáře zmenšily na cca 1,5GB. Počítač funguje v pohodě, svižně ALE bohužel ta prodleva při startu tam zůstává. Vím, že budete asi nadávat, když už jste tomu věnoval tolik úsilí, ale majitel (něco jako kámoš) si už počítač vyzvedl s tím, že mu to stejně rychleji nenabíhalo, naopak, že to teď aspoň není lenošné při práci. A že pokud bude nějaká potíž, tak že už to nainstaluje načisto. Tímto moc děkuji za ochotu a pomoc, zase jsem o něco chytřejší.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezřelá prodleva při nabíhání XP

#13 Příspěvek od vyosek »

:arrow: Na plose by mely byt defakto jen zastupci a nemela by jit pres 50MB



Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat :lock:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“