Prosim vas o kontrolu hijackthis

Quadman · Příspěvekod **Quadman** » 13 kvě 2009 16:58

Je to asi mensia cast co mi vyhodilo, ale stale mam pocit ze mi nieco bezi na pozadi a spomaluje PC, neviem cim to je, preto by som poprosil o kontrolu, dakujem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:34, on 13. 5. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
D:\Aplikácie\Visual Basic 6 Portable.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX2\autorun.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\Administrator\Plocha\Autoruns\autoruns.exe
D:\Programy\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1202896218
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4806 bytes

Reklama

Příspěvekod **jaro3** » 13 kvě 2009 17:09

tak nejprve toto:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Quadman · Příspěvekod **Quadman** » 13 kvě 2009 18:22

Takze log z Malwarebytes:

Malwarebytes' Anti-Malware 1.36
Verze databáze: 2124
Windows 5.1.2600 Service Pack 3

13. 5. 2009 18:16:01
mbam-log-2009-05-13 (18-16-01).txt

Typ skenu: Rychlý sken
Objektu skenováno: 71811
Uplynulý cas: 2 minute(s), 41 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Moj problem bude asi niekde inde, proste sa mi zrazu nieco stalo a odvtedy mam problem s kazou novsou hrou, vsetko sa mi pomaly nacitava, ide to ako slimak, niekedy sa mi hra tak na 5 min sekne. Uz som skusal 3x preinstalovat PC, defaultoval som BIOS aj som preskenoval pc combofixom, HJT, esetom... Neviem ci je problem v hardwaroch alebo niekde inde, neviem :/

Příspěvekod **jaro3** » 13 kvě 2009 18:52

Napřed zkusíme ještě toto a pak to může být i v HW.
Vypni rez. ochrany a firewall u ESS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Quadman · Příspěvekod **Quadman** » 13 kvě 2009 19:38

Tak tu je log z ComboFixu, je to dlhe, niesom si isty ci to nemam dat do code, alebo necham tak, ked ano tak ma upozornite

ComboFix 09-05-12.06 - Administrator . 05. 2009 19:31.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3263.2727 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET personal firewall *enabled*
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 16:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 16:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 10:07 . 2001-04-07 15:07 1056768 ----a-w c:\windows\system32\Roboex32.dll
2009-05-11 17:52 . 2003-06-18 22:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-05-11 17:51 . 2009-05-11 17:51 -------- d-----w c:\program files\Microsoft.NET
2009-05-11 17:48 . 2009-05-11 17:51 -------- d-----w c:\windows\SHELLNEW
2009-05-10 16:24 . 2009-05-10 16:24 -------- d-----w c:\documents and settings\Administrator\temp
2009-05-08 14:42 . 2008-04-13 18:45 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-07 16:46 . 2009-05-07 16:46 -------- d-----w c:\program files\Bonjour
2009-05-07 16:30 . 2009-05-07 16:30 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-07 16:04 . 2009-05-07 16:46 -------- d-----w c:\program files\Common Files\Adobe
2009-05-06 19:25 . 2009-05-06 19:25 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-06 19:23 . 2009-05-06 19:23 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-06 19:19 . 2009-05-06 19:19 -------- d-----w c:\windows\ie8updates
2009-05-06 19:19 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-06 19:18 . 2009-05-06 19:18 -------- dc-h--w c:\windows\ie8
2009-05-05 18:58 . 2009-05-06 19:22 -------- d-----w c:\windows\system32\cs-cz
2009-05-05 18:58 . 2009-05-05 18:58 -------- d-----w c:\windows\l2schemas
2009-05-05 18:58 . 2009-05-05 18:58 -------- d-----w c:\windows\system32\cs
2009-05-05 18:58 . 2009-05-05 18:58 -------- d-----w c:\windows\system32\bits
2009-05-05 18:56 . 2009-05-05 18:56 -------- d-----w c:\windows\ServicePackFiles
2009-05-05 11:27 . 2009-05-05 15:30 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-05 11:24 . 2009-05-05 11:25 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-03 18:59 . 2008-04-14 03:22 28672 ------w c:\windows\system32\verclsid.exe
2009-05-03 18:58 . 2008-04-14 03:22 176640 ------w c:\windows\system32\napstat.exe
2009-05-02 18:53 . 2009-05-02 18:53 -------- d-----w c:\windows\cache-93423-17382-59373-28323
2009-05-02 18:38 . 2009-05-02 18:38 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-01 22:11 . 2009-05-13 14:20 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-01 22:11 . 2009-05-13 14:15 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-01 22:11 . 2009-05-02 16:21 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-05-01 22:11 . 2009-05-05 11:24 -------- d-----w c:\windows\system32\LogFiles
2009-05-01 21:34 . 2009-03-10 20:18 454024 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-05-01 21:34 . 2009-03-10 20:26 1435008 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-01 21:34 . 2009-05-01 21:34 -------- d-----w c:\windows\system32\KB905474
2009-05-01 19:13 . 2009-05-01 19:13 -------- d-sh--w c:\windows\ftpcache
2009-05-01 19:08 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-01 19:07 . 2008-04-14 02:14 58496 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-01 19:06 . 2008-04-14 03:22 75264 ----a-w c:\windows\system32\usbui.dll
2009-05-01 19:03 . 2009-05-06 19:17 -------- d-----w c:\windows\system32\CatRoot
2009-05-01 19:03 . 2009-05-13 17:31 -------- d-----w c:\windows\system32\CatRoot2
2009-05-01 19:03 . 2009-05-01 19:05 -------- d--h--r c:\documents and settings\Default User\Data aplikací
2009-05-01 19:03 . 2009-05-13 16:06 -------- d--h--r c:\documents and settings\All Users\Data aplikací
2009-05-01 19:02 . 2009-05-01 17:16 -------- d-----w c:\documents and settings\All Users
2009-05-01 19:02 . 2009-05-13 15:11 -------- d--h--w c:\documents and settings\Default User
2009-05-01 19:02 . 2009-05-01 17:25 -------- d-----w C:\Documents and Settings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 14:13 . 2009-05-01 17:47 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 10:07 . 2009-05-01 17:46 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-08 17:02 . 2006-03-02 12:00 46156 ----a-w c:\windows\system32\perfc005.dat
2009-05-08 17:02 . 2006-03-02 12:00 309832 ----a-w c:\windows\system32\perfh005.dat
2009-05-05 19:00 . 2009-05-01 17:16 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-01 18:52 . 2009-05-01 18:52 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-01 18:51 . 2009-05-01 18:51 -------- d-----r c:\program files\Skype
2009-05-01 18:51 . 2009-05-01 18:51 -------- d-----w c:\program files\Common Files\Skype
2009-05-01 18:32 . 2009-05-01 18:32 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-01 18:30 . 2009-05-01 18:30 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-01 18:29 . 2009-05-01 18:29 0 ----a-w c:\windows\nsreg.dat
2009-05-01 18:27 . 2009-05-01 18:27 -------- d-----w c:\program files\ESET
2009-05-01 17:50 . 2009-05-01 17:47 -------- d-----w c:\program files\Realtek
2009-05-01 17:47 . 2009-05-01 17:47 315392 ----a-w c:\windows\HideWin.exe
2009-05-01 17:43 . 2009-05-01 17:43 -------- d-----w c:\program files\Intel
2009-05-01 17:17 . 2009-05-01 17:17 -------- d-----w c:\program files\microsoft frontpage
2009-05-01 17:16 . 2006-03-02 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-01 17:13 . 2009-05-01 17:13 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-16 12:18 . 2009-05-01 18:16 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-05-01 18:16 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-05-01 18:16 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-05-01 18:16 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-05-01 18:16 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-05-01 18:16 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-05-01 18:16 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-08 02:34 . 2006-03-02 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2006-03-02 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2006-03-02 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2006-03-02 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2006-03-02 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2006-03-02 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2006-03-02 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2006-03-02 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2006-03-02 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2006-03-02 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:23 . 2006-03-02 12:00 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-05-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Call of Duty 4\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Programy\\uTorrent\\uTorrent.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [13. 3. 2008 16:49 472320]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2. 3. 2006 14:00 69120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-01 20:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\rdky530r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/

---- FIREFOX POLICIES ----
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 19:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1637723038-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,9b,cc,7a,9d,50,49,45,a2,53,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,9b,cc,7a,9d,50,49,45,a2,53,03,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3436)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-13 19:33
ComboFix-quarantined-files.txt 2009-05-13 17:33

Pre-Run: Volných bajtů: 31 199 219 712
Post-Run: Volných bajtů: 31 190 487 040

177 --- E O F --- 2009-05-13 07:13

Příspěvekod **jaro3** » 13 kvě 2009 20:19

Log je čistý , zajímá mě ještě obsah jedné složky, takže:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Stáhni si zde reglooks.exe

na plochu, poklepej na něj a když skončí sken , objeví se výsledný log, který sem zkopíruj.

Quadman · Příspěvekod **Quadman** » 13 kvě 2009 20:36

Ospravedlnujem sa ak je toho vela:

COMBOFIX

ComboFix 09-05-13.01 - Administrator . 05. 2009 20:23.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3263.2735 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 16:06 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 16:06 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 10:07 . 2001-04-07 15:07 1056768 ----a-w c:\windows\system32\Roboex32.dll
2009-05-11 17:52 . 2003-06-18 22:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-05-11 17:51 . 2009-05-11 17:51 -------- d-----w c:\program files\Microsoft.NET
2009-05-11 17:48 . 2009-05-11 17:51 -------- d-----w c:\windows\SHELLNEW
2009-05-10 16:24 . 2009-05-10 16:24 -------- d-----w c:\documents and settings\Administrator\temp
2009-05-08 14:42 . 2008-04-13 18:45 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-07 16:46 . 2009-05-07 16:46 -------- d-----w c:\program files\Bonjour
2009-05-07 16:30 . 2009-05-07 16:30 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-07 16:04 . 2009-05-07 16:46 -------- d-----w c:\program files\Common Files\Adobe
2009-05-06 19:25 . 2009-05-06 19:25 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-06 19:23 . 2009-05-06 19:23 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-06 19:19 . 2009-05-06 19:19 -------- d-----w c:\windows\ie8updates
2009-05-06 19:19 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-06 19:18 . 2009-05-06 19:18 -------- dc-h--w c:\windows\ie8
2009-05-05 18:58 . 2009-05-06 19:22 -------- d-----w c:\windows\system32\cs-cz
2009-05-05 18:58 . 2009-05-05 18:58 -------- d-----w c:\windows\l2schemas
2009-05-05 18:58 . 2009-05-05 18:58 -------- d-----w c:\windows\system32\cs
2009-05-05 18:58 . 2009-05-05 18:58 -------- d-----w c:\windows\system32\bits
2009-05-05 18:56 . 2009-05-05 18:56 -------- d-----w c:\windows\ServicePackFiles
2009-05-05 11:27 . 2009-05-05 15:30 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-05 11:24 . 2009-05-05 11:25 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-03 18:59 . 2008-04-14 03:22 28672 ------w c:\windows\system32\verclsid.exe
2009-05-03 18:58 . 2008-04-14 03:22 176640 ------w c:\windows\system32\napstat.exe
2009-05-02 18:53 . 2009-05-02 18:53 -------- d-----w c:\windows\cache-93423-17382-59373-28323
2009-05-02 18:38 . 2009-05-02 18:38 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-01 22:11 . 2009-05-13 14:20 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-01 22:11 . 2009-05-13 14:15 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-01 22:11 . 2009-05-02 16:21 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-05-01 22:11 . 2009-05-05 11:24 -------- d-----w c:\windows\system32\LogFiles
2009-05-01 21:34 . 2009-03-10 20:18 454024 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-05-01 21:34 . 2009-03-10 20:26 1435008 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-01 21:34 . 2009-05-01 21:34 -------- d-----w c:\windows\system32\KB905474
2009-05-01 19:13 . 2009-05-01 19:13 -------- d-sh--w c:\windows\ftpcache
2009-05-01 19:08 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-01 19:07 . 2008-04-14 02:14 58496 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-01 19:06 . 2008-04-14 03:22 75264 ----a-w c:\windows\system32\usbui.dll
2009-05-01 19:03 . 2009-05-06 19:17 -------- d-----w c:\windows\system32\CatRoot
2009-05-01 19:03 . 2009-05-13 18:22 -------- d-----w c:\windows\system32\CatRoot2
2009-05-01 19:03 . 2009-05-01 19:05 -------- d--h--r c:\documents and settings\Default User\Data aplikací
2009-05-01 19:03 . 2009-05-13 16:06 -------- d--h--r c:\documents and settings\All Users\Data aplikací
2009-05-01 19:02 . 2009-05-01 17:16 -------- d-----w c:\documents and settings\All Users
2009-05-01 19:02 . 2009-05-13 15:11 -------- d--h--w c:\documents and settings\Default User
2009-05-01 19:02 . 2009-05-01 17:25 -------- d-----w C:\Documents and Settings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 14:13 . 2009-05-01 17:47 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 10:07 . 2009-05-01 17:46 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-08 17:02 . 2006-03-02 12:00 46156 ----a-w c:\windows\system32\perfc005.dat
2009-05-08 17:02 . 2006-03-02 12:00 309832 ----a-w c:\windows\system32\perfh005.dat
2009-05-05 19:00 . 2009-05-01 17:16 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-01 18:52 . 2009-05-01 18:52 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-01 18:51 . 2009-05-01 18:51 -------- d-----r c:\program files\Skype
2009-05-01 18:51 . 2009-05-01 18:51 -------- d-----w c:\program files\Common Files\Skype
2009-05-01 18:32 . 2009-05-01 18:32 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-01 18:30 . 2009-05-01 18:30 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-01 18:29 . 2009-05-01 18:29 0 ----a-w c:\windows\nsreg.dat
2009-05-01 18:27 . 2009-05-01 18:27 -------- d-----w c:\program files\ESET
2009-05-01 17:50 . 2009-05-01 17:47 -------- d-----w c:\program files\Realtek
2009-05-01 17:47 . 2009-05-01 17:47 315392 ----a-w c:\windows\HideWin.exe
2009-05-01 17:43 . 2009-05-01 17:43 -------- d-----w c:\program files\Intel
2009-05-01 17:17 . 2009-05-01 17:17 -------- d-----w c:\program files\microsoft frontpage
2009-05-01 17:16 . 2006-03-02 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-01 17:13 . 2009-05-01 17:13 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-16 12:18 . 2009-05-01 18:16 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-05-01 18:16 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-05-01 18:16 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-05-01 18:16 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-05-01 18:16 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-05-01 18:16 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-05-01 18:16 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-08 02:34 . 2006-03-02 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2006-03-02 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2006-03-02 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2006-03-02 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2006-03-02 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2006-03-02 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2006-03-02 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2006-03-02 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2006-03-02 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2006-03-02 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:23 . 2006-03-02 12:00 284160 ----a-w c:\windows\system32\pdh.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\ADMINI~1\LOCALS~1\Temp ----

2009-05-13 17:50 . 2009-05-13 17:57 691 ----a-w c:\docume~1\ADMINI~1\LOCALS~1\Temp\alm.log
2009-05-13 17:44 . 2009-05-13 17:44 693 ----a-w c:\docume~1\ADMINI~1\LOCALS~1\Temp\TWAIN.LOG
2009-05-13 17:44 . 2009-05-13 17:44 2 ----a-w c:\docume~1\ADMINI~1\LOCALS~1\Temp\Twain001.Mtx
2009-05-13 17:44 . 2009-05-13 17:44 156 ----a-w c:\docume~1\ADMINI~1\LOCALS~1\Temp\Twunk001.MTX
2009-05-13 17:44 . 2009-05-13 17:44 0 ----a-w c:\docume~1\ADMINI~1\LOCALS~1\Temp\Twunk002.MTX
2009-05-13 17:44 . 2009-05-13 17:57 2301 ----a-w c:\docume~1\ADMINI~1\LOCALS~1\Temp\amt.log

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-05-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Call of Duty 4\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [13. 3. 2008 16:49 472320]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2. 3. 2006 14:00 69120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-01 20:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\rdky530r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/

---- FIREFOX POLICIES ----
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 20:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1637723038-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,9b,cc,7a,9d,50,49,45,a2,53,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,9b,cc,7a,9d,50,49,45,a2,53,03,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2800)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-13 20:25
ComboFix-quarantined-files.txt 2009-05-13 18:25
ComboFix2.txt 2009-05-13 17:33

Pre-Run: Volných bajtů: 31 223 746 560
Post-Run: Volných bajtů: 31 211 876 352

188 --- E O F --- 2009-05-13 07:13

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:16, on 13. 5. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1202896218
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4223 bytes

REGLOOKS

REGLOOKS logfile - version 0.981
Scan started: st 13. 05. 2009 20:29:00,56

--- INFORMATION ---

Operating System: Systém Microsoft Windows XP Professional - version 5.1.2600 - Service Pack 3
Bootmode: Normal boot
User: Administrator (Administrator account)
Total RAM: 3263 MB (free 2717 MB - 83%)
Internet Explorer Version: 8.0.6001.18702
Antivirus Program: ESET Smart Security 3.0 3.0 [Enabled - Updated]
Firewall: ESET personal firewall 3.0.650.0 [Enabled]

--- SIGCHECK ---

C:\WINDOWS\explorer.exe -- sigcheck OK

C:\WINDOWS\system32\ctfmon.exe -- sigcheck OK

C:\WINDOWS\system32\lsass.exe -- sigcheck OK

C:\WINDOWS\system32\ntkrnlpa.exe -- sigcheck OK

C:\WINDOWS\system32\ntoskrnl.exe -- sigcheck OK

C:\WINDOWS\system32\services.exe -- sigcheck OK

C:\WINDOWS\system32\sfcfiles.dll -- sigcheck OK

C:\WINDOWS\system32\spoolsv.exe -- sigcheck OK

C:\WINDOWS\system32\svchost.exe -- sigcheck OK

C:\WINDOWS\system32\termsrv.dll -- sigcheck OK

C:\WINDOWS\system32\user32.dll -- sigcheck OK

C:\WINDOWS\system32\userinit.exe -- sigcheck OK

C:\WINDOWS\system32\wininet.dll -- sigcheck OK

C:\WINDOWS\system32\winlogon.exe -- sigcheck OK

C:\WINDOWS\system32\ws2_32.dll -- sigcheck OK

C:\WINDOWS\system32\wuauclt.exe -- sigcheck OK

C:\WINDOWS\system32\drivers\ip6fw.sys -- sigcheck OK

C:\WINDOWS\system32\drivers\ndis.sys -- sigcheck OK

C:\WINDOWS\system32\drivers\tcpip.sys -- sigcheck OK

--- SSODL regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: C:\WINDOWS\system32\webcheck.dll -- [236544] -- [08. 03. 2009 04:34]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -- File: C:\WINDOWS\system32\WPDShServiceObj.dll -- [133632] -- [18. 10. 2006 21:47]

--- STS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" -- File: %SystemRoot%\system32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Proces mezipaměti kategorií součástí" -- File: %SystemRoot%\system32\browseui.dll -- [?]

--- USERINIT regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File: C:\WINDOWS\system32\userinit.exe -- [26112] -- [14. 04. 2008 05:22]

--- SHELL regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1034240] -- [14. 04. 2008 05:22]

--- SYSTEM regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

--- APPINIT_DLLS regkey ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no AppInit_DLLs regkey found

--- NOTIFY regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [602112] -- [14. 04. 2008 05:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [14. 04. 2008 05:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [102400] -- [14. 04. 2008 05:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
-- File: %SystemRoot%\System32\dimsntfy.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [14. 04. 2008 05:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [14. 04. 2008 05:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [22016] -- [14. 04. 2008 05:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [92672] -- [14. 04. 2008 05:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [14. 04. 2008 05:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [14. 04. 2008 05:22]

--- RUN / LOAD regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no run / load keys found

--- SHELLEXECUTEHOOKS regkey ---

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]

--- HKLM AUTORUN regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found

--- HKCU AUTORUN regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found

--- HKLM\RUN regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL" -- File: RTHDCPL.EXE -- [?]
"NvCplDaemon" -- File: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup -- [?]
"nwiz" -- File: nwiz.exe /install -- [?]
"NvMediaCenter" -- File: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit -- [?]
"egui" -- File: "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice -- [?]
hidden keys:
"RAMBooster.Net"="D:\\Programy\\RAMBooster.Net\\RAMBooster.exe -m"

--- HKLM\RUNONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found

--- HKLM\RUNONCEEX regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found

--- HKLM\RUNSERVICES regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found

--- HKLM\RUNSERVICESONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found

--- HKCU\RUN regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype" -- File: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [?]
"Google Update" -- File: "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [?]
hidden keys:
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

--- HKCU\RUNONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found

--- HKCU\RUNONCEEX regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
key not found

--- HKCU\RUNSERVICES regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found

--- HKCU\RUNSERVICESONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found

--- HKU\.DEFAULT\Run regkeys - Default user ---

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [14. 04. 2008 05:22]

--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [14. 04. 2008 05:22]

--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found

--- HKU\S-1-5-20\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found

--- HKLM\Explorer\Run regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found

--- HKCU\Explorer\Run regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found

--- Image File Execution regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found

--- BROWSER HELPER OBJECTS regkeys ---

ECHO [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

--- TOOLBAR regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
no toolbars found

--- HKLM\URLSEARCHHOOKS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found

--- HKCU\URLSEARCHHOOKS regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11063808] -- [08. 03. 2009 04:39]

--- SRCEENSAVER regkey ---

[HKEY_CURRENT_USER\Control Panel\Desktop]
scrnsave.exe value not found

--- ALTERNATESHELL regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [390144] -- [14. 04. 2008 05:22]

--- SECURITYPROVIDERS regkey ---

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [14. 04. 2008 05:21]
File: C:\WINDOWS\system32\schannel.dll -- [144896] -- [05. 12. 2008 08:57]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [14. 04. 2008 05:21]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [14. 04. 2008 05:21]

--- Active Setup\Installed Components regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [08. 03. 2009 04:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
-- File: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]

--- Services regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epfw]
-- File: system32\DRIVERS\epfw.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epfwtdi]
-- File: system32\DRIVERS\epfwtdi.sys -- [?]

--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
{533C5B84-EC70-11D2-9505-00C04F79DEAF}

--- SAFEBOOT Network SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache

--- BOOTEXECUTE regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0

--- PENDINGFILERENAMEOPERATIONS regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"= \??\C:\test0123\0!\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir\0\??\C:\test0123\0!\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir\0\??\C:\test0123\0!\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir\0\0

--- WOW-CMDLINE regkeys ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

--- NETSVCS regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0Schedule
0WmdmPmSN

--- DNS SERVER regkeys ---

no "NameServer" values found

--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)

--- STARTUP FOLDERS ---

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství\Ostatní\Po spuštění\desktop.ini -- [84] -- [01. 05. 2009 19:16]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\desktop.ini -- [84] -- [01. 05. 2009 19:16]
C:\WINDOWS\system32\config\systemprofile\Nabídka Start\Programy\Po spuštění\desktop.ini -- [84] -- [01. 05. 2009 19:16]
C:\WINDOWS\system32\config\systemprofile\Nabídka Start\Programy\Po spuštění\desktop.ini -- [84] -- [01. 05. 2009 19:16]

--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1637723038-725345543-500.job -- [1066] -- [13. 05. 2009 20:16]
C:\WINDOWS\tasks\WGASetup.job -- [260] -- [13. 05. 2009 09:07]

Scan completed: st 13. 05. 2009 20:29:12,07
FINISHED

Příspěvekod **jaro3** » 13 kvě 2009 20:52

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Nainstaluj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe

Pokud problémy trvají , zkontroluj napětí a teploty komponentů, případně otestuj HDD utilitou od výrobce, a RAM Memtestem ( nejméně 2h). Případně doporučuji zadat téma do sekce problémy s HW.

Quadman · Příspěvekod **Quadman** » 13 kvě 2009 21:17

Dakujem za cas aj pomoc, hoci mi to problemi robi stale, zajtra otestujem pamät, uvidime ako to dopadne. V kazdom pripade dakujem :smile:

Příspěvekod **jaro3** » 13 kvě 2009 21:20

Není zač, zkus to v té sekci.

Prosim vas o kontrolu hijackthis

Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Re: Prosim vas o kontrolu hijackthis

Kdo je online