Dobrý den, počítač který byl zanedbaný (zastaralý antivir,bezpečnostní záplaty stahované naposledy někdy před rokem a půl )mě známý donesl ve stavu kdy údajně odstranil nějaké viry,ale nebylo možné spouštět exe soubory ,to jsem opravil,ale po každém spuštění pc se po najetí do windows objeví hláška "chyba při načítání onyc.ffo a dále píše chybovou hlášku při snaze o dohrání service packu 3 něco jako "ukončete používání ndis.sys (windows xp home nebyl aktulizován i přesto že se samozřejmě jedná o originál) a nakonec extrémně pomalý internet(otvírání stránek),nahrál jsem a aktualizoval avast,jelikož se jedná o cizí pc nevím co z toho může být problém nějakých programů a zásahů do systému a co způsobuje nějaký vir,proto zasílám log a prosím o kontrolu.Jedná se o notebook. Děkuji Karmaz
Logfile of random's system information tool 1.06 (written by random/random)
Run by uživatel at 2010-02-24 20:14:25
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 14 GB (28%) free of 50 GB
Total RAM: 1271 MB (60% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-16 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-19 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-16 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{CFBC2741-0C1F-11D6-9224-004F490BED09} - :-)mojelogo SMS ToolBar - C:\Program Files\Mojelogo\SMS ToolBar\smsbar.dll [2007-11-06 801608]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-16 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-11-29 55824]
"KONICA MINOLTA PagePro 1350WStatusDisplay"=C:\WINDOWS\system32\MSTMON_Q.EXE [2004-11-26 167936]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-02 131072]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-24 251240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-16 39408]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe [2006-12-26 313864]
"SMSToolBar"=C:\Program Files\Mojelogo\SMS ToolBar\smstbar.exe [2007-11-06 1076560]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-01-09 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-18 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Program Files\Bosal\Bosal_cd_2005\Apache\Apache.exe"="C:\Program Files\Bosal\Bosal_cd_2005\Apache\Apache.exe:*:Enabled:Apache"
"C:\Program Files\Bosal\Bosal_cd_2005\mysql\bin\mysqld.exe"="C:\Program Files\Bosal\Bosal_cd_2005\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0347395e-bc39-11db-9190-0014a5bce1d9}]
shell\AutoRun\command - F:\opdux.exe
shell\open\command - F:\opdux.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4db2b65e-1f21-11df-9586-001560cbcdd7}]
shell\AutoRun\command - tgt.exe
shell\open\command - tgt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7f304d-4b5d-11de-94bc-001560cbcdd7}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2010-02-24 20:14:25 ----D---- C:\rsit
2010-02-24 20:14:25 ----D---- C:\Program Files\trend micro
2010-02-24 19:00:48 ----A---- C:\WINDOWS\system32\pwd.dll
2010-02-24 06:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-24 06:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-24 06:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-24 04:49:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-02-24 04:49:30 ----D---- C:\Documents and Settings\uživatel\Data aplikací\SUPERAntiSpyware.com
2010-02-23 23:27:29 ----D---- C:\Documents and Settings\uživatel\Data aplikací\VSRevoGroup
2010-02-23 22:15:28 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-23 22:13:52 ----D---- C:\Program Files\Windows Defender
2010-02-23 21:48:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-23 21:48:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-23 21:32:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-23 21:32:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-23 20:49:44 ----D---- C:\Program Files\VS Revo Group
2010-02-23 19:50:18 ----D---- C:\Documents and Settings\uživatel\Data aplikací\QuickScan
2010-02-23 18:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-23 18:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-23 18:30:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-23 18:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-23 18:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-23 18:30:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-23 18:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-23 18:30:00 ----A---- C:\WINDOWS\system32\MRT.INI
2010-02-23 18:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-23 18:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-23 18:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-23 18:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-23 18:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-23 18:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-23 18:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-23 18:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-23 18:26:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-23 18:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-23 18:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-23 18:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-23 18:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-23 18:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-23 18:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-23 18:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-23 18:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-23 18:24:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-23 18:24:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-23 18:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-23 18:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-23 18:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-23 18:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-23 18:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-23 18:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-23 18:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-23 18:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-23 18:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-23 18:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-23 18:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-23 18:20:25 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-23 18:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-23 18:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-23 18:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-23 18:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-23 18:19:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-23 18:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-23 18:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-23 11:24:30 ----D---- C:\WINDOWS\LastGood
2010-02-23 11:16:39 ----D---- C:\WINDOWS\LastGood.Tmp
2010-01-27 16:28:09 ----D---- C:\WINDOWS\ie8updates
2010-01-27 16:27:21 ----D---- C:\WINDOWS\WBEM
2010-01-27 16:26:43 ----HDC---- C:\WINDOWS\ie8
2010-01-27 16:26:43 ----D---- C:\WINDOWS\system32\cs-CZ
======List of files/folders modified in the last 1 months======
2010-02-24 20:14:25 ----RD---- C:\Program Files
2010-02-24 20:04:05 ----D---- C:\Program Files\Mozilla Firefox
2010-02-24 19:48:14 ----D---- C:\WINDOWS\Prefetch
2010-02-24 19:48:07 ----D---- C:\WINDOWS\Temp
2010-02-24 19:48:05 ----HD---- C:\WINDOWS\inf
2010-02-24 19:48:05 ----D---- C:\WINDOWS
2010-02-24 19:07:19 ----SHD---- C:\System Volume Information
2010-02-24 19:07:19 ----D---- C:\WINDOWS\system32\Restore
2010-02-24 19:03:12 ----SD---- C:\WINDOWS\Tasks
2010-02-24 19:01:34 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Hamachi
2010-02-24 19:00:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-24 19:00:48 ----D---- C:\WINDOWS\system32
2010-02-24 18:58:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-24 18:47:36 ----D---- C:\Program Files\Messenger
2010-02-24 18:44:25 ----D---- C:\WINDOWS\Minidump
2010-02-24 18:22:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-24 18:18:09 ----D---- C:\WINDOWS\system32\drivers
2010-02-24 06:25:53 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-24 06:25:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-24 06:20:24 ----SHD---- C:\Config.Msi
2010-02-24 06:19:09 ----SHD---- C:\WINDOWS\Installer
2010-02-24 06:18:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-24 05:16:12 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-02-24 05:16:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-23 23:53:14 ----D---- C:\WINDOWS\Debug
2010-02-23 22:13:56 ----D---- C:\WINDOWS\WinSxS
2010-02-23 22:13:52 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-02-23 21:48:29 ----D---- C:\Program Files\Alwil Software
2010-02-23 21:41:02 ----D---- C:\UCTO2006
2010-02-23 21:39:41 ----D---- C:\D2000WIN
2010-02-23 21:31:47 ----D---- C:\Program Files\CCleaner
2010-02-23 21:23:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-02-23 21:12:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-02-23 18:34:31 ----D---- C:\WINDOWS\system32\wbem
2010-02-23 18:34:31 ----D---- C:\WINDOWS\AppPatch
2010-02-23 18:23:30 ----D---- C:\Program Files\Outlook Express
2010-02-23 17:37:27 ----D---- C:\DOPRAVA-
2010-02-03 17:16:43 ----A---- C:\WINDOWS\hpdj3500.ini
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-27 16:30:48 ----D---- C:\Program Files\Internet Explorer
2010-01-27 16:30:47 ----D---- C:\WINDOWS\Help
2010-01-27 16:27:14 ----D---- C:\WINDOWS\Media
2010-01-26 13:37:43 ----A---- C:\WINDOWS\CCATALOG.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.SYS []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-02-06 45312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-09 25280]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-10 191936]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
R4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-18 73344]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-16 57096]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\bin\fbguard.exe [2004-12-13 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-01-12 98304]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-01-20 73728]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-24 92008]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\bin\fbserver.exe [2004-12-13 1527893]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-16 137200]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-01-09 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pomalý internet + onyc.ffo
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
- Rudy
- Site Admin
- Příspěvky: 119409
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalý internet + onyc.ffo
Dejte log z Combofix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:

e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalý internet + onyc.ffo
posílám log z ComboFix ,internet funkční normálně
ComboFix 10-02-24.01 - uživatel 24.02.2010 20:38:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1271.755 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\u§ivatel\Dokumenty\cc_20100223_205620.reg
c:\recycler\S-1-5-21-1202660629-2052111302-725345543-1003
c:\recycler\S-1-5-21-167636404-2559096050-1574728485-1003
E:\Autorun.inf
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$NtUninstallKB912436$\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-24 do 2010-02-24 )))))))))))))))))))))))))))))))
.
2010-02-24 19:14 . 2010-02-24 19:14 -------- d-----w- C:\rsit
2010-02-24 19:14 . 2010-02-24 19:14 -------- d-----w- c:\program files\trend micro
2010-02-23 21:15 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 21:13 . 2010-02-23 21:13 -------- d-----w- c:\program files\Windows Defender
2010-02-23 20:48 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-23 20:48 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-23 20:48 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-23 20:48 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-23 20:48 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-23 20:48 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-23 20:48 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 20:48 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-23 20:48 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-23 20:32 . 2010-02-23 20:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-23 19:49 . 2010-02-23 19:49 -------- d-----w- c:\program files\VS Revo Group
2010-02-23 17:20 . 2010-02-23 17:20 -------- d-----w- c:\windows\ServicePackFiles
2010-02-23 17:13 . 2009-11-21 16:46 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-23 17:12 . 2009-10-15 17:22 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-23 17:11 . 2005-07-26 04:42 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2010-02-23 17:11 . 2009-03-06 14:47 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2010-02-23 17:11 . 2009-02-09 10:22 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-02-23 17:11 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-23 17:11 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-02-23 17:11 . 2009-02-09 10:22 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-02-23 17:11 . 2009-02-09 10:22 683520 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-02-23 17:11 . 2009-02-09 10:11 111104 ------w- c:\windows\system32\dllcache\services.exe
2010-02-23 17:11 . 2009-02-09 10:22 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-23 17:11 . 2009-02-09 10:22 709632 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-02-23 17:10 . 2009-06-21 22:07 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-23 17:07 . 2009-07-10 13:42 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-23 17:05 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-02-23 17:05 . 2008-04-21 21:28 216576 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-02-23 10:34 . 2008-03-03 13:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-02-23 10:24 . 2010-02-23 10:30 -------- d-----w- c:\windows\LastGood
2010-01-27 16:03 . 2010-01-27 16:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-27 15:28 . 2010-02-24 05:25 -------- d-----w- c:\windows\ie8updates
2010-01-27 15:26 . 2010-01-27 15:27 -------- d-----w- c:\windows\system32\cs-CZ
2010-01-27 15:26 . 2010-01-27 15:26 -------- dc-h--w- c:\windows\ie8
2010-01-27 15:21 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-27 15:21 . 2009-12-21 19:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-27 15:21 . 2009-12-21 19:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-27 15:21 . 2009-12-21 19:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-27 15:21 . 2009-12-21 19:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-27 15:21 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-27 15:20 . 2009-12-21 19:08 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 17:22 . 2004-09-08 10:22 63526 ----a-w- c:\windows\system32\perfc005.dat
2010-02-24 17:22 . 2004-09-08 10:22 383060 ----a-w- c:\windows\system32\perfh005.dat
2010-02-24 05:18 . 2008-10-09 17:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-23 20:48 . 2006-12-08 09:36 -------- d-----w- c:\program files\Alwil Software
2010-02-23 20:31 . 2008-12-08 08:50 -------- d-----w- c:\program files\CCleaner
2010-02-03 16:22 . 2004-09-08 10:11 18812 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-03 16:22 . 2004-09-08 10:11 81983 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 16:14 . 2004-08-18 08:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 08:00 . 2004-08-18 08:00 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-18 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 14:41 . 2004-08-18 08:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-18 08:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:35 . 2004-08-18 08:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:40 . 2004-08-18 08:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:40 . 2004-08-18 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2004-08-18 08:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2004-08-18 08:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2004-08-18 08:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2007-11-08 11:45 . 2007-11-08 11:45 11896832 ----a-w- c:\program files\install_atlas_icq6.exe
2002-01-05 02:40 . 2002-01-05 02:40 487424 ----a-w- c:\program files\Common Files\msvcp70.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-26 313864]
"SMSToolBar"="c:\program files\Mojelogo\SMS ToolBar\smstbar.exe" [2007-11-06 1076560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-10-7 625952]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-2 789008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 10:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
"swg"=c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Recguard"=c:\windows\Sminst\Recguard.exe
"Scheduler"=c:\windows\SMINST\Scheduler.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
"Reminder"=c:\windows\Creator\Remind_XP.exe
"hpWirelessAssistant"=c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"AGRSMMSG"=AGRSMMSG.exe
"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"CognizanceTS"=rundll32.exe c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"DeviceDiscovery"=c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Bosal\\Bosal_cd_2005\\Apache\\Apache.exe"=
"c:\\Program Files\\Bosal\\Bosal_cd_2005\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.10.2009 17:38 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.2.2010 21:48 162512]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 9:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.2.2010 21:48 19024]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 8:44 18848]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.4.2009 12:57 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-02-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-02-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\bxzl6w68.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\bxzl6w68.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\bxzl6w68.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\bxzl6w68.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-Lavasoft Ad-Aware Service
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 20:45
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
- - - - - - - > 'explorer.exe'(3516)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\DllHost.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\Firebird\bin\fbguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Firebird\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-24 20:50:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-24 19:50
Před spuštěním: Volných bajtů: 14 393 757 696
Po spuštění: Volných bajtů: 14 286 725 120
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 33F764C5C822CFD9F2E60DFDA675D32E
ComboFix 10-02-24.01 - uživatel 24.02.2010 20:38:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1271.755 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\u§ivatel\Dokumenty\cc_20100223_205620.reg
c:\recycler\S-1-5-21-1202660629-2052111302-725345543-1003
c:\recycler\S-1-5-21-167636404-2559096050-1574728485-1003
E:\Autorun.inf
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$NtUninstallKB912436$\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-24 do 2010-02-24 )))))))))))))))))))))))))))))))
.
2010-02-24 19:14 . 2010-02-24 19:14 -------- d-----w- C:\rsit
2010-02-24 19:14 . 2010-02-24 19:14 -------- d-----w- c:\program files\trend micro
2010-02-23 21:15 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 21:13 . 2010-02-23 21:13 -------- d-----w- c:\program files\Windows Defender
2010-02-23 20:48 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-23 20:48 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-23 20:48 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-23 20:48 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-23 20:48 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-23 20:48 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-23 20:48 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 20:48 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-23 20:48 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-23 20:32 . 2010-02-23 20:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-23 19:49 . 2010-02-23 19:49 -------- d-----w- c:\program files\VS Revo Group
2010-02-23 17:20 . 2010-02-23 17:20 -------- d-----w- c:\windows\ServicePackFiles
2010-02-23 17:13 . 2009-11-21 16:46 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-23 17:12 . 2009-10-15 17:22 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-23 17:11 . 2005-07-26 04:42 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2010-02-23 17:11 . 2009-03-06 14:47 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2010-02-23 17:11 . 2009-02-09 10:22 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-02-23 17:11 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-23 17:11 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-02-23 17:11 . 2009-02-09 10:22 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-02-23 17:11 . 2009-02-09 10:22 683520 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-02-23 17:11 . 2009-02-09 10:11 111104 ------w- c:\windows\system32\dllcache\services.exe
2010-02-23 17:11 . 2009-02-09 10:22 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-23 17:11 . 2009-02-09 10:22 709632 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-02-23 17:10 . 2009-06-21 22:07 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-23 17:07 . 2009-07-10 13:42 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-23 17:05 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-02-23 17:05 . 2008-04-21 21:28 216576 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-02-23 10:34 . 2008-03-03 13:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-02-23 10:24 . 2010-02-23 10:30 -------- d-----w- c:\windows\LastGood
2010-01-27 16:03 . 2010-01-27 16:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-27 15:28 . 2010-02-24 05:25 -------- d-----w- c:\windows\ie8updates
2010-01-27 15:26 . 2010-01-27 15:27 -------- d-----w- c:\windows\system32\cs-CZ
2010-01-27 15:26 . 2010-01-27 15:26 -------- dc-h--w- c:\windows\ie8
2010-01-27 15:21 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-27 15:21 . 2009-12-21 19:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-27 15:21 . 2009-12-21 19:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-27 15:21 . 2009-12-21 19:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-27 15:21 . 2009-12-21 19:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-27 15:21 . 2009-12-21 19:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-27 15:20 . 2009-12-21 19:08 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 17:22 . 2004-09-08 10:22 63526 ----a-w- c:\windows\system32\perfc005.dat
2010-02-24 17:22 . 2004-09-08 10:22 383060 ----a-w- c:\windows\system32\perfh005.dat
2010-02-24 05:18 . 2008-10-09 17:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-23 20:48 . 2006-12-08 09:36 -------- d-----w- c:\program files\Alwil Software
2010-02-23 20:31 . 2008-12-08 08:50 -------- d-----w- c:\program files\CCleaner
2010-02-03 16:22 . 2004-09-08 10:11 18812 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-03 16:22 . 2004-09-08 10:11 81983 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 16:14 . 2004-08-18 08:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 08:00 . 2004-08-18 08:00 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-18 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 14:41 . 2004-08-18 08:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:35 . 2004-08-18 08:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:35 . 2004-08-18 08:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:40 . 2004-08-18 08:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:40 . 2004-08-18 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:40 . 2004-08-18 08:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:40 . 2004-08-18 08:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:40 . 2004-08-18 08:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2007-11-08 11:45 . 2007-11-08 11:45 11896832 ----a-w- c:\program files\install_atlas_icq6.exe
2002-01-05 02:40 . 2002-01-05 02:40 487424 ----a-w- c:\program files\Common Files\msvcp70.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-26 313864]
"SMSToolBar"="c:\program files\Mojelogo\SMS ToolBar\smstbar.exe" [2007-11-06 1076560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\u§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-10-7 625952]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-2 789008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 10:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
"swg"=c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Recguard"=c:\windows\Sminst\Recguard.exe
"Scheduler"=c:\windows\SMINST\Scheduler.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
"Reminder"=c:\windows\Creator\Remind_XP.exe
"hpWirelessAssistant"=c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"AGRSMMSG"=AGRSMMSG.exe
"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"CognizanceTS"=rundll32.exe c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"DeviceDiscovery"=c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Bosal\\Bosal_cd_2005\\Apache\\Apache.exe"=
"c:\\Program Files\\Bosal\\Bosal_cd_2005\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.10.2009 17:38 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.2.2010 21:48 162512]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 9:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.2.2010 21:48 19024]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 8:44 18848]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.4.2009 12:57 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-02-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-02-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\bxzl6w68.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\bxzl6w68.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\bxzl6w68.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\bxzl6w68.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-Lavasoft Ad-Aware Service
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 20:45
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
- - - - - - - > 'explorer.exe'(3516)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\DllHost.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\Firebird\bin\fbguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Firebird\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-24 20:50:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-24 19:50
Před spuštěním: Volných bajtů: 14 393 757 696
Po spuštění: Volných bajtů: 14 286 725 120
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 33F764C5C822CFD9F2E60DFDA675D32E
- Rudy
- Site Admin
- Příspěvky: 119409
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalý internet + onyc.ffo
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:

e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalý internet + onyc.ffo
všechny mnou popsané problémy jsou pryč,takže vypadá vše v pořádku.Děkuji mnohokrát Karmaz
- Rudy
- Site Admin
- Příspěvky: 119409
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalý internet + onyc.ffo
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:

e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.