Prosím o kontrolu logu.

Zpráva

variant · #1 Příspěvek od **variant** » 28 lis 2013 15:19

Prosím o kontrolu logu. Zpomalené PC. Seká se IE.

Díky

Radek

Logfile of random's system information tool 1.09 (written by random/random)
Run by Eva Svozilová at 2013-11-28 15:11:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 391 GB (82%) free of 477 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:12:14, on 28.11.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB2836941-v2-x86.exe
c:\4286d64e708223fe2f99fd\HotFixInstaller.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Eva Svozilová\Plocha\RSIT.exe
C:\Program Files\trend micro\Eva Svozilová.exe
c:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [KB2492386] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0148007468
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0148241875
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FD3A71E-205D-4D5B-8636-E0198A050C44}: NameServer = 192.168.1.100,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 6462 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{007B885B-2CB9-4F6C-91D3-8D120575C44D}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Eva Svozilová\Data aplikací\Mozilla\Firefox\Profiles\u857i6o5.default

prefs.js - "extensions.enabledItems" - "xmlfiller@software602.cz:3.16.2, {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, avg@igeared:6.010.006.004, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8"
prefs.js - "browser.startup.homepage" -

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
xmlfiller@software602.cz
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Eva Svozilová\Data aplikací\Mozilla\Firefox\Profiles\u857i6o5.default\extensions\
2020Player_IKEA@2020Technologies.com
savingsslider@mybrowserbar.com
staged-xpis
{58d2a791-6199-482f-a9aa-9b725ec61362}

C:\Documents and Settings\Eva Svozilová\Data aplikací\Mozilla\Firefox\Profiles\u857i6o5.default\searchplugins\
askcom.xml
askcomsearch.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin.xml
yahoo_ff.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-03-11 147456]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KB2492386"=apphelp.dll,ShimFlushCache []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gemstrmw]
c:\windows\system32\gemstrmw.exe [2004-08-09 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\vttimer.exe [2005-03-07 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\ssb\Sb_vnc\winvnc.exe"="C:\ssb\Sb_vnc\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\KONICA MINOLTA\Status Monitor\KMSM.exe"="C:\Program Files\KONICA MINOLTA\Status Monitor\KMSM.exe:*:Enabled:KONICA MINOLTA Status Monitor Application"
"C:\Program Files\KONICA MINOLTA\Status Monitor\KMSMUI.exe"="C:\Program Files\KONICA MINOLTA\Status Monitor\KMSMUI.exe:*:Enabled:KMSMUI"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-11-28 15:11:46 ----D---- C:\Program Files\trend micro
2013-11-28 15:11:40 ----D---- C:\rsit
2013-11-28 15:11:10 ----D---- C:\4286d64e708223fe2f99fd
2013-11-28 15:10:41 ----HD---- C:\WINDOWS\$hf_mig$
2013-11-28 15:10:39 ----D---- C:\WINDOWS\LastGood
2013-11-28 15:09:57 ----N---- C:\WINDOWS\system32\SET186.tmp
2013-11-28 11:06:49 ----D---- C:\Program Files\MSBuild
2013-11-27 22:17:08 ----D---- C:\Documents and Settings\Eva Svozilová\Data aplikací\Malwarebytes
2013-11-27 22:16:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-11-27 22:16:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-11-27 22:16:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-11-27 20:26:26 ----D---- C:\Program Files\TeamViewer
2013-11-27 20:06:28 ----SHD---- C:\RECYCLER
2013-11-27 20:03:32 ----A---- C:\ComboFix.txt
2013-11-27 19:31:34 ----A---- C:\Boot.bak
2013-11-27 19:31:29 ----RASHD---- C:\cmdcons
2013-11-27 19:28:46 ----A---- C:\WINDOWS\zip.exe
2013-11-27 19:28:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-11-27 19:28:46 ----A---- C:\WINDOWS\SWSC.exe
2013-11-27 19:28:46 ----A---- C:\WINDOWS\SWREG.exe
2013-11-27 19:28:46 ----A---- C:\WINDOWS\sed.exe
2013-11-27 19:28:46 ----A---- C:\WINDOWS\PEV.exe
2013-11-27 19:28:46 ----A---- C:\WINDOWS\NIRCMD.exe
2013-11-27 19:28:46 ----A---- C:\WINDOWS\MBR.exe
2013-11-27 19:28:46 ----A---- C:\WINDOWS\grep.exe
2013-11-27 19:28:38 ----D---- C:\ComboFix
2013-11-27 19:26:30 ----D---- C:\Qoobox
2013-11-27 19:11:46 ----D---- C:\Program Files\Unlocker
2013-11-27 19:09:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2013-11-27 18:59:12 ----D---- C:\WINDOWS\erdnt
2013-11-27 18:52:32 ----ASH---- C:\hiberfil.sys
2013-11-27 18:37:39 ----A---- C:\WINDOWS\ntbtlog.txt
2013-11-27 10:31:38 ----A---- C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2013-11-27 10:29:37 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2013-11-27 10:29:37 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2013-11-27 09:16:35 ----D---- C:\Documents and Settings\Eva Svozilová\Data aplikací\Slick Savings
2013-11-27 09:15:37 ----D---- C:\Program Files\Common Files\Spigot
2013-11-27 09:15:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\ProductData
2013-11-27 09:14:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-10-29 20:34:05 ----D---- C:\Documents and Settings\Eva Svozilová\Data aplikací\KB-ext
2013-10-29 20:29:14 ----D---- C:\Program Files\Common Files\Java
2013-10-29 20:29:06 ----A---- C:\WINDOWS\system32\javaws.exe
2013-10-29 20:28:49 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-29 20:28:49 ----A---- C:\WINDOWS\system32\javaw.exe
2013-10-29 20:28:49 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2013-11-28 15:11:46 ----D---- C:\Program Files
2013-11-28 15:11:17 ----SHD---- C:\WINDOWS\Installer
2013-11-28 15:11:07 ----HD---- C:\WINDOWS\inf
2013-11-28 15:11:07 ----D---- C:\WINDOWS\system32\CatRoot
2013-11-28 15:11:07 ----D---- C:\WINDOWS\system32
2013-11-28 15:11:07 ----D---- C:\WINDOWS
2013-11-28 15:10:50 ----D---- C:\WINDOWS\AppPatch
2013-11-28 15:10:37 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-28 14:58:50 ----D---- C:\WINDOWS\Microsoft.NET
2013-11-28 14:58:44 ----D---- C:\Config.Msi
2013-11-28 14:53:46 ----RSD---- C:\WINDOWS\assembly
2013-11-28 14:44:07 ----D---- C:\WINDOWS\system32\drivers
2013-11-28 12:06:03 ----D---- C:\WINDOWS\Prefetch
2013-11-28 11:33:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-28 11:27:30 ----D---- C:\WINDOWS\Temp
2013-11-28 11:07:18 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-28 11:06:49 ----D---- C:\WINDOWS\system32\XPSViewer
2013-11-28 11:06:48 ----RSD---- C:\WINDOWS\Fonts
2013-11-27 22:18:35 ----D---- C:\Documents and Settings\Eva Svozilová\Data aplikací\Skype
2013-11-27 22:08:36 ----D---- C:\WINDOWS\system32\cs-cz
2013-11-27 21:56:02 ----D---- C:\Program Files\Microsoft.NET
2013-11-27 21:56:01 ----D---- C:\WINDOWS\system32\en-us
2013-11-27 21:54:46 ----D---- C:\WINDOWS\WinSxS
2013-11-27 21:39:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-27 21:17:33 ----SHD---- C:\System Volume Information
2013-11-27 21:17:33 ----D---- C:\WINDOWS\system32\Restore
2013-11-27 20:58:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-11-27 20:53:01 ----D---- C:\WINDOWS\system32\drivers\AVG
2013-11-27 19:59:03 ----SD---- C:\WINDOWS\Tasks
2013-11-27 19:54:45 ----A---- C:\WINDOWS\system.ini
2013-11-27 19:53:44 ----D---- C:\WINDOWS\system32\drivers\etc
2013-11-27 19:41:35 ----D---- C:\Program Files\Common Files
2013-11-27 19:31:34 ----RASH---- C:\boot.ini
2013-11-27 19:27:05 ----A---- C:\WINDOWS\wincmd.ini
2013-11-27 18:32:09 ----A---- C:\WINDOWS\system32\PCPELog.txt
2013-11-27 18:14:08 ----D---- C:\Program Files\KONICA MINOLTA
2013-11-27 18:09:11 ----D---- C:\Program Files\Google
2013-11-27 16:51:53 ----D---- C:\WINDOWS\system32\config
2013-11-27 16:31:19 ----D---- C:\Documents and Settings\Eva Svozilová\Data aplikací\IObit
2013-11-27 16:24:27 ----HD---- C:\Program Files\InstallShield Installation Information
2013-11-27 16:20:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-11-27 16:13:40 ----D---- C:\Program Files\Hewlett-Packard
2013-11-27 15:45:57 ----D---- C:\Documents and Settings\Eva Svozilová\Data aplikací\U3
2013-11-27 14:06:36 ----D---- C:\Program Files\IObit
2013-11-27 13:35:07 ----D---- C:\Program Files\Adobe
2013-11-27 10:35:51 ----D---- C:\WINDOWS\SoftwareDistribution
2013-11-27 10:33:42 ----D---- C:\WINDOWS\Debug
2013-11-27 10:31:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-11-27 09:34:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2013-11-25 16:51:38 ----D---- C:\ssb
2013-11-25 09:18:11 ----D---- C:\Program Files\profibanka
2013-11-14 00:59:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-11-14 00:55:26 ----D---- C:\Program Files\Internet Explorer
2013-11-14 00:55:14 ----D---- C:\WINDOWS\ie8updates
2013-11-14 00:54:42 ----D---- C:\WINDOWS\system32\MRT
2013-11-14 00:50:59 ----A---- C:\WINDOWS\system32\MRT.exe
2013-10-29 20:28:49 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2013-11-27 27904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-12-29 4026112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2013-04-24 98816]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2013-11-27 130432]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\EVASVO~1\LOCALS~1\Temp\catchme.sys []
S3 cxbu0wdm;OMNIKEY 6121; C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2010-01-25 115712]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GTwinUSB;GTwinUSB; C:\WINDOWS\System32\Drivers\GTwinUSB.sys [2002-10-04 61776]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 PsSdk41;PsSdk41; \??\C:\WINDOWS\system32\Drivers\pssdk41.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-08-24 237312]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-08 182696]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2013-10-25 2151200]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-10-22 69632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe []
S4 APC Data Service;APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S4 APC UPS Service;APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
S4 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-08-22 220504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 28 lis 2013 18:13

Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze profesionálům? Chcete si nabořit systém, nebo některou aplikaci? Log RSIT je v podstatě k ničemu, neboť pokud byl PC zavirován, CF zničil všechny stopy. Dejte log ComboFix, najdete ho v c:\combofix.txt.

VIRY.CZ

Prosím o kontrolu logu.

Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.