Skúsil som spojazdniť Skype v Trilliane a niečo som si natiahol. Zbežne som to prečistil ADWCleaner-om a je to lepšie, len mi prepína farbu Panel rýchle spustenie z modrej na žltú a vyhadzuje chybz svchost.exe-Chyba aplikace-Instrukce na adrese 0x5963bdc3 odkazovala na adresu pamětí 0x00000000. S pamětí nelze provést operaci read. Toto vyhadzuje každú chvíľu. Prikladám log z RSIT a FRST
Prosím Vás pozriete mi to? Ďakujem.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivan at 2014-12-17 16:13:48
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 34 GB (74%) free of 45 GB
Total RAM: 1535 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:57, on 17. 12. 2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ivan\Dokumenty\Preberanie\FRST.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\RSIT.exe
C:\WINDOWS\system32\svchost.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\Ivan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - AppInit_DLLs:
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 2426 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\avast! Emergency Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
10
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-12 5227112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-07-12 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe [2010-09-22 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2007-07-11 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Remote Control.lnk]
C:\PROGRA~1\GIGABYTE\U7300U~1\CONRCtl.exe [2011-05-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\EasySetupAssistant\wr841n\EasySetupAssistant.exe"="F:\EasySetupAssistant\wr841n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe"="C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe"="C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe:*:Enabled:HP Networked Printer Installer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2014-12-17 16:13:02 ----D---- C:\FRST
2014-12-17 16:01:21 ----D---- C:\rsit
2014-12-17 15:55:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-12-17 15:13:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\23405448
2014-12-12 09:37:05 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-09 09:49:23 ----D---- C:\Program Files\Mozilla Firefox
2014-12-01 17:59:45 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-12-01 14:39:14 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Help
2014-11-28 10:05:42 ----A---- C:\WINDOWS\vzory.ini
2014-11-23 17:28:29 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Trillian
2014-11-23 17:28:00 ----D---- C:\Program Files\Trillian
======List of files/folders modified in the last 1 months======
2014-12-17 16:13:06 ----D---- C:\WINDOWS
2014-12-17 15:59:56 ----D---- C:\WINDOWS\Prefetch
2014-12-17 15:57:51 ----D---- C:\WINDOWS\Temp
2014-12-17 15:49:28 ----D---- C:\AdwCleaner
2014-12-17 15:33:54 ----D---- C:\WINDOWS\SoftwareDistribution
2014-12-17 15:32:24 ----RD---- C:\Program Files
2014-12-17 15:29:00 ----D---- C:\WINDOWS\system32
2014-12-12 11:37:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-12 09:37:25 ----SHD---- C:\WINDOWS\Installer
2014-12-12 09:37:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-12-10 10:22:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-12-06 18:21:09 ----A---- C:\WINDOWS\wincmd.ini
2014-12-06 14:19:02 ----A---- C:\WINDOWS\wcx_ftp.ini
2014-12-04 21:40:10 ----D---- C:\Documents and Settings\Ivan\Data aplikací\vlc
2014-12-04 13:06:32 ----D---- C:\Program Files\Messenger
2014-12-04 13:06:31 ----D---- C:\Program Files\HD Tune
2014-12-01 18:00:03 ----D---- C:\WINDOWS\system32\drivers
2014-12-01 17:59:53 ----SD---- C:\WINDOWS\Tasks
2014-12-01 15:15:25 ----A---- C:\WINDOWS\win.ini
2014-12-01 15:15:25 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-12-01 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-12-01 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-12-01 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-12-01 57928]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-12-01 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-12-01 70384]
R3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-08-21 11264]
R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-08-21 14336]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2011-05-03 143264]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2011-05-03 32800]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-01 50344]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2014 01
Ran by Ivan at 2014-12-17 16:15:47
Running from C:\Documents and Settings\Ivan\Dokumenty\Preberanie
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACDSee (HKLM\...\ACDSee) (Version: - )
ACDSee 3.1 PowerPack SR-1sk (HKLM\...\ACDSee 3.1 PP SR-1) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Slovak (HKLM\...\{AC76BA86-7AD7-1051-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Balík Compatibility Pack pre systém Office 2007 (HKLM\...\{90120000-0020-041B-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Data Lifeguard Diagnostic for Windows 1.27 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
Elcomm (HKLM\...\Elcomm) (Version: - )
GIGABYTE Remote Utilities (HKLM\...\{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}) (Version: 3.0.0.0 - GIGABYTE)
HD Tune 2.52 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP LaserJet M1522 MFP Series 1.0 (HKLM\...\HP LaserJet M1522) (Version: 1.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
hppFaxDrvM1522 (Version: 000.008.00023 - Hewlett-Packard) Hidden
hppFaxUtility (Version: 000.105.00107 - Hewlett-Packard) Hidden
hppFonts (Version: 001.001.00056 - Hewlett-Packard) Hidden
hppIOFiles (Version: 002.000.00034 - Hewlett-Packard) Hidden
hppLJM1522 (Version: 000.008.00066 - Hewlett-Packard) Hidden
hppManualsM1522 (Version: 000.008.00067 - Hewlett-Packard) Hidden
hppscanM1522 (Version: 000.008.00073 - Hewlett-Packard) Hidden
hppScanTo (Version: 000.008.00060 - Hewlett-Packard) Hidden
hppSendFax (Version: 000.105.00089 - Hewlett-Packard) Hidden
hppTLBXFXM1522 (Version: 001.002.00013 - Hewlett-Packard) Hidden
hppusgM1522 (Version: 000.000.00003 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
hpzTLBXFX (Version: 003.004.00276 - Hewlett-Packard) Hidden
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY (HKLM\...\{A2C9CD1B-2551-3AED-B244-6698FB929FA6}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY (HKLM\...\{546C143E-68DC-314D-97BC-1E454E3BA429}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 sk) (HKLM\...\Mozilla Firefox 34.0.5 (x86 sk)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
OMEGA 17.60.00 (HKLM\...\{79DCE48C-3B7F-4071-AF33-7D35EC5EB312}) (Version: 17.60.00 - Kros a.s.)
Pink 3.11 (HKLM\...\Pink_is1) (Version: - Radoslav Manzela)
Product_Min_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Scan (Version: 9.0.2.0 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Trillian (HKLM\...\Trillian) (Version: - Cerulean Studios, LLC)
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
vivoTV (HKLM\...\vivoTV_is1) (Version: - )
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
WinRAR archivátor (HKLM\...\WinRAR archiver) (Version: - )
XAMPP (HKLM\...\xampp) (Version: 1.8.2-5 - Bitnami)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-436374069-1708537768-682003330-1003_Classes\CLSID\{B7125B4E-CA73-47f1-AEAA-6B3EFA553F5A}\InprocServer32 -> C:\Program Files\Trillian\events.dll (Cerulean Studios)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-10-25 14:00 - 2001-10-25 14:00 - 00000737 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-12-17 10:05 - 2014-12-17 10:05 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121700\algo.dll
2014-08-06 11:04 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2006-09-07 18:19 - 2006-09-07 18:19 - 00008704 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-08-07 12:56 - 2014-12-01 17:59 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-09 09:49 - 2014-12-09 09:49 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Remote Control.lnk => C:\WINDOWS\pss\Remote Control.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: FlashPlayerUpdate => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe -update plugin
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPUsageTracking => "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
MSCONFIG\startupreg: TiVme Agent => C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe srec
MSCONFIG\startupreg: ToolBoxFX => "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-436374069-1708537768-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-436374069-1708537768-682003330-1005 - Limited - Enabled)
Guest (S-1-5-21-436374069-1708537768-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-436374069-1708537768-682003330-1000 - Limited - Disabled)
Ivan (S-1-5-21-436374069-1708537768-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ivan
SUPPORT_388945a0 (S-1-5-21-436374069-1708537768-682003330-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: Myš Microsoft pro port PS/2
Description: Myš Microsoft pro port PS/2
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/17/2014 03:27:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace svchost.exe, verze 5.1.2600.2180, chybující modul qmgr.dll, verze 6.6.2600.2180, adresa chyby 0x0002bdc3.
Zpracování události, specifické pro médium ([svchost.exe!ws!])
Error: (12/17/2014 03:14:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace svchost.exe, verze 5.1.2600.2180, chybující modul qmgr.dll, verze 6.6.2600.2180, adresa chyby 0x0002bdc3.
Zpracování události, specifické pro médium ([svchost.exe!ws!])
Error: (12/15/2014 11:11:39 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 1000) (User: )
Description: Faulting application tvpanel.exe, version 1.4.2.28, stamp 4d354bc6, faulting module clvsd.ax, version 8.4.0.730, stamp 4a714eb2, debug? 0, fault address 0x00084178.
Error: (12/05/2014 09:29:57 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 1000) (User: )
Description: Faulting application tvpanel.exe, version 1.4.2.28, stamp 4d354bc6, faulting module clvsd.ax, version 8.4.0.730, stamp 4a714eb2, debug? 0, fault address 0x00084178.
Error: (12/01/2014 05:33:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace plugin-container.exe, verze 33.1.1.5430, chybující modul mozalloc.dll, verze 33.1.1.5430, adresa chyby 0x00001425.
Zpracování události, specifické pro médium ([plugin-container.exe!ws!])
Error: (12/01/2014 04:24:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace coolpro2.exe, verze 2.1.3097.0, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error: (12/01/2014 04:17:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace coolpro2.exe, verze 2.1.3097.0, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error: (11/23/2014 01:01:47 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 1000) (User: )
Description: Faulting application tvpanel.exe, version 1.4.2.28, stamp 4d354bc6, faulting module clvsd.ax, version 8.4.0.730, stamp 4a714eb2, debug? 0, fault address 0x00084178.
Error: (11/19/2014 06:09:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace notepad++.exe, verze 6.6.8.0, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error: (11/09/2014 06:59:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikace explorer.exe, verze 6.0.2900.2180, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
System errors:
=============
Error: (12/17/2014 04:14:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Služba WMI, ale tato akce selhala kvůli následující chybě:
%%1056
Error: (12/17/2014 04:13:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Systém událostí modelu COM+ byla neočekávaně ukončena. Tento stav nastal již 13krát.
Error: (12/17/2014 04:13:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba inteligentního přenosu na pozadí byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error: (12/17/2014 04:11:36 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Služba WMI, ale tato akce selhala kvůli následující chybě:
%%1056
Error: (12/17/2014 04:10:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Systém událostí modelu COM+ byla neočekávaně ukončena. Tento stav nastal již 12krát.
Error: (12/17/2014 04:10:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba inteligentního přenosu na pozadí byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error: (12/17/2014 04:10:33 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Služba WMI, ale tato akce selhala kvůli následující chybě:
%%1056
Error: (12/17/2014 04:10:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Systém událostí modelu COM+ byla neočekávaně ukončena. Tento stav nastal již 9krát.
Error: (12/17/2014 04:10:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba inteligentního přenosu na pozadí byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error: (12/17/2014 04:06:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Služba WMI, ale tato akce selhala kvůli následující chybě:
%%1056
Microsoft Office Sessions:
=========================
Error: (12/17/2014 03:27:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.2180qmgr.dll6.6.2600.21800002bdc3
Error: (12/17/2014 03:14:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.2180qmgr.dll6.6.2600.21800002bdc3
Error: (12/15/2014 11:11:39 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 1000) (User: )
Description: tvpanel.exe1.4.2.284d354bc6clvsd.ax8.4.0.7304a714eb2000084178
Error: (12/05/2014 09:29:57 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 1000) (User: )
Description: tvpanel.exe1.4.2.284d354bc6clvsd.ax8.4.0.7304a714eb2000084178
Error: (12/01/2014 05:33:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.1.5430mozalloc.dll33.1.1.543000001425
Error: (12/01/2014 04:24:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: coolpro2.exe2.1.3097.0hungapp0.0.0.000000000
Error: (12/01/2014 04:17:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: coolpro2.exe2.1.3097.0hungapp0.0.0.000000000
Error: (11/23/2014 01:01:47 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 1000) (User: )
Description: tvpanel.exe1.4.2.284d354bc6clvsd.ax8.4.0.7304a714eb2000084178
Error: (11/19/2014 06:09:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad++.exe6.6.8.0hungapp0.0.0.000000000
Error: (11/09/2014 06:59:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.0.2900.2180hungapp0.0.0.000000000
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz
Percentage of memory in use: 34%
Total physical RAM: 1535.3 MB
Available physical RAM: 1001.26 MB
Total Pagefile: 3434.74 MB
Available Pagefile: 3051.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.16 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:43.95 GB) (Free:32.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:105.09 GB) (Free:4.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: DDD4DDD4)
Partition 1: (Active) - (Size=43.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118238
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
# AdwCleaner v4.105 - Report created 17/12/2014 at 18:39:37
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Ivan - INTEL
# Running from : C:\Documents and Settings\Ivan\Dokumenty\Preberanie\adwcleaner_4.105.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.2180
-\\ Mozilla Firefox v34.0.5 (x86 sk)
*************************
AdwCleaner[R0].txt - [877 octets] - [15/08/2014 08:48:55]
AdwCleaner[R1].txt - [956 octets] - [15/08/2014 09:00:04]
AdwCleaner[R2].txt - [1015 octets] - [15/08/2014 09:22:26]
AdwCleaner[R3].txt - [5850 octets] - [17/08/2014 13:47:46]
AdwCleaner[R4].txt - [1241 octets] - [30/08/2014 16:38:13]
AdwCleaner[R5].txt - [3330 octets] - [21/09/2014 09:14:54]
AdwCleaner[R6].txt - [5198 octets] - [18/11/2014 12:41:43]
AdwCleaner[R7].txt - [2124 octets] - [01/12/2014 17:50:19]
AdwCleaner[R8].txt - [3045 octets] - [17/12/2014 15:40:15]
AdwCleaner[R9].txt - [1932 octets] - [17/12/2014 18:32:48]
AdwCleaner[S0].txt - [939 octets] - [15/08/2014 08:51:38]
AdwCleaner[S1].txt - [5938 octets] - [17/08/2014 13:52:32]
AdwCleaner[S2].txt - [1305 octets] - [30/08/2014 16:40:37]
AdwCleaner[S3].txt - [2813 octets] - [21/09/2014 09:41:40]
AdwCleaner[S4].txt - [5558 octets] - [18/11/2014 12:47:56]
AdwCleaner[S5].txt - [2459 octets] - [01/12/2014 17:57:39]
AdwCleaner[S6].txt - [2932 octets] - [17/12/2014 15:49:26]
AdwCleaner[S7].txt - [1857 octets] - [17/12/2014 18:39:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1917 octets] ##########
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Ivan - INTEL
# Running from : C:\Documents and Settings\Ivan\Dokumenty\Preberanie\adwcleaner_4.105.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.2180
-\\ Mozilla Firefox v34.0.5 (x86 sk)
*************************
AdwCleaner[R0].txt - [877 octets] - [15/08/2014 08:48:55]
AdwCleaner[R1].txt - [956 octets] - [15/08/2014 09:00:04]
AdwCleaner[R2].txt - [1015 octets] - [15/08/2014 09:22:26]
AdwCleaner[R3].txt - [5850 octets] - [17/08/2014 13:47:46]
AdwCleaner[R4].txt - [1241 octets] - [30/08/2014 16:38:13]
AdwCleaner[R5].txt - [3330 octets] - [21/09/2014 09:14:54]
AdwCleaner[R6].txt - [5198 octets] - [18/11/2014 12:41:43]
AdwCleaner[R7].txt - [2124 octets] - [01/12/2014 17:50:19]
AdwCleaner[R8].txt - [3045 octets] - [17/12/2014 15:40:15]
AdwCleaner[R9].txt - [1932 octets] - [17/12/2014 18:32:48]
AdwCleaner[S0].txt - [939 octets] - [15/08/2014 08:51:38]
AdwCleaner[S1].txt - [5938 octets] - [17/08/2014 13:52:32]
AdwCleaner[S2].txt - [1305 octets] - [30/08/2014 16:40:37]
AdwCleaner[S3].txt - [2813 octets] - [21/09/2014 09:41:40]
AdwCleaner[S4].txt - [5558 octets] - [18/11/2014 12:47:56]
AdwCleaner[S5].txt - [2459 octets] - [01/12/2014 17:57:39]
AdwCleaner[S6].txt - [2932 octets] - [17/12/2014 15:49:26]
AdwCleaner[S7].txt - [1857 octets] - [17/12/2014 18:39:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1917 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 118238
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
Ďakujem za odpoveď, musel som ísť do práce večer, teraz som prišiel. Ďakujem, že sa tomu venujete. Zmenila sa mi aj farba Panel rýchle spustenie na svetlo hnedú, to isté Word a vybieha tá hláška svchost.ece. S pametí nelze provest read. Prikaldám log z RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivan at 2014-12-18 08:55:19
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (74%) free of 45 GB
Total RAM: 1535 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:28, on 18. 12. 2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\RSIT.exe
C:\WINDOWS\system32\svchost.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\Ivan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 2751 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 12fa6a88-2a20-44f4-b571-65b9ea00b1d9.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a5cbd65e-a685-4cef-becd-ff873046c1ba.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
10
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-12 5227112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-12-18 6699800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-07-12 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe [2010-09-22 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2007-07-11 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Remote Control.lnk]
C:\PROGRA~1\GIGABYTE\U7300U~1\CONRCtl.exe [2011-05-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\EasySetupAssistant\wr841n\EasySetupAssistant.exe"="F:\EasySetupAssistant\wr841n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe"="C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe"="C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe:*:Enabled:HP Networked Printer Installer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2014-12-17 18:01:12 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Malwarebytes
2014-12-17 18:00:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-12-17 17:57:54 ----D---- C:\!KillBox
2014-12-17 16:41:00 ----D---- C:\Documents and Settings\Ivan\Data aplikací\SUPERAntiSpyware.com
2014-12-17 16:40:12 ----D---- C:\Program Files\SUPERAntiSpyware
2014-12-17 16:40:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-12-17 16:27:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-12-17 16:13:02 ----D---- C:\FRST
2014-12-17 16:01:21 ----D---- C:\rsit
2014-12-17 15:55:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-12-12 09:37:05 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-09 09:49:23 ----D---- C:\Program Files\Mozilla Firefox
2014-12-01 17:59:45 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-12-01 14:39:14 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Help
2014-11-28 10:05:42 ----A---- C:\WINDOWS\vzory.ini
2014-11-23 17:28:29 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Trillian
2014-11-23 17:28:00 ----D---- C:\Program Files\Trillian
======List of files/folders modified in the last 1 months======
2014-12-18 08:54:12 ----D---- C:\WINDOWS\system32\CatRoot2
2014-12-17 19:18:57 ----ASH---- C:\boot.ini
2014-12-17 19:12:05 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-17 18:57:43 ----D---- C:\WINDOWS\Prefetch
2014-12-17 18:56:51 ----D---- C:\WINDOWS\Temp
2014-12-17 18:54:21 ----D---- C:\WINDOWS\SoftwareDistribution
2014-12-17 18:39:38 ----D---- C:\AdwCleaner
2014-12-17 18:18:45 ----D---- C:\WINDOWS\system32\drivers
2014-12-17 18:04:29 ----RD---- C:\Program Files
2014-12-17 17:53:58 ----A---- C:\WINDOWS\wincmd.ini
2014-12-17 17:30:58 ----SHD---- C:\WINDOWS\Installer
2014-12-17 17:24:14 ----RSD---- C:\WINDOWS\assembly
2014-12-17 17:22:23 ----D---- C:\WINDOWS\WinSxS
2014-12-17 17:21:54 ----D---- C:\WINDOWS\system32
2014-12-17 17:21:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-17 17:21:23 ----D---- C:\WINDOWS\system32\en-US
2014-12-17 16:41:06 ----SD---- C:\WINDOWS\Tasks
2014-12-17 16:15:47 ----D---- C:\WINDOWS
2014-12-12 11:37:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-12 09:37:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-12-10 10:22:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-12-06 14:19:02 ----A---- C:\WINDOWS\wcx_ftp.ini
2014-12-04 21:40:10 ----D---- C:\Documents and Settings\Ivan\Data aplikací\vlc
2014-12-04 13:06:32 ----D---- C:\Program Files\Messenger
2014-12-04 13:06:31 ----D---- C:\Program Files\HD Tune
2014-12-01 15:15:25 ----A---- C:\WINDOWS\win.ini
2014-12-01 15:15:25 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-12-01 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-12-01 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-12-01 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-12-01 57928]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-12-01 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-12-01 70384]
R3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-08-21 11264]
R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-08-21 14336]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2011-05-03 143264]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2011-05-03 32800]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-07-23 142648]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-01 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivan at 2014-12-18 08:55:19
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (74%) free of 45 GB
Total RAM: 1535 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:28, on 18. 12. 2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\RSIT.exe
C:\WINDOWS\system32\svchost.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\Ivan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 2751 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 12fa6a88-2a20-44f4-b571-65b9ea00b1d9.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a5cbd65e-a685-4cef-becd-ff873046c1ba.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
10
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-12 5227112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-12-18 6699800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-07-12 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe [2010-09-22 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2007-07-11 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Remote Control.lnk]
C:\PROGRA~1\GIGABYTE\U7300U~1\CONRCtl.exe [2011-05-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\EasySetupAssistant\wr841n\EasySetupAssistant.exe"="F:\EasySetupAssistant\wr841n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe"="C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe"="C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe:*:Enabled:HP Networked Printer Installer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2014-12-17 18:01:12 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Malwarebytes
2014-12-17 18:00:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-12-17 17:57:54 ----D---- C:\!KillBox
2014-12-17 16:41:00 ----D---- C:\Documents and Settings\Ivan\Data aplikací\SUPERAntiSpyware.com
2014-12-17 16:40:12 ----D---- C:\Program Files\SUPERAntiSpyware
2014-12-17 16:40:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-12-17 16:27:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-12-17 16:13:02 ----D---- C:\FRST
2014-12-17 16:01:21 ----D---- C:\rsit
2014-12-17 15:55:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-12-12 09:37:05 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-09 09:49:23 ----D---- C:\Program Files\Mozilla Firefox
2014-12-01 17:59:45 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-12-01 14:39:14 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Help
2014-11-28 10:05:42 ----A---- C:\WINDOWS\vzory.ini
2014-11-23 17:28:29 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Trillian
2014-11-23 17:28:00 ----D---- C:\Program Files\Trillian
======List of files/folders modified in the last 1 months======
2014-12-18 08:54:12 ----D---- C:\WINDOWS\system32\CatRoot2
2014-12-17 19:18:57 ----ASH---- C:\boot.ini
2014-12-17 19:12:05 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-17 18:57:43 ----D---- C:\WINDOWS\Prefetch
2014-12-17 18:56:51 ----D---- C:\WINDOWS\Temp
2014-12-17 18:54:21 ----D---- C:\WINDOWS\SoftwareDistribution
2014-12-17 18:39:38 ----D---- C:\AdwCleaner
2014-12-17 18:18:45 ----D---- C:\WINDOWS\system32\drivers
2014-12-17 18:04:29 ----RD---- C:\Program Files
2014-12-17 17:53:58 ----A---- C:\WINDOWS\wincmd.ini
2014-12-17 17:30:58 ----SHD---- C:\WINDOWS\Installer
2014-12-17 17:24:14 ----RSD---- C:\WINDOWS\assembly
2014-12-17 17:22:23 ----D---- C:\WINDOWS\WinSxS
2014-12-17 17:21:54 ----D---- C:\WINDOWS\system32
2014-12-17 17:21:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-17 17:21:23 ----D---- C:\WINDOWS\system32\en-US
2014-12-17 16:41:06 ----SD---- C:\WINDOWS\Tasks
2014-12-17 16:15:47 ----D---- C:\WINDOWS
2014-12-12 11:37:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-12 09:37:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-12-10 10:22:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-12-06 14:19:02 ----A---- C:\WINDOWS\wcx_ftp.ini
2014-12-04 21:40:10 ----D---- C:\Documents and Settings\Ivan\Data aplikací\vlc
2014-12-04 13:06:32 ----D---- C:\Program Files\Messenger
2014-12-04 13:06:31 ----D---- C:\Program Files\HD Tune
2014-12-01 15:15:25 ----A---- C:\WINDOWS\win.ini
2014-12-01 15:15:25 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-12-01 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-12-01 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-12-01 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-12-01 57928]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-12-01 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-12-01 70384]
R3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-08-21 11264]
R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-08-21 14336]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2011-05-03 143264]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2011-05-03 32800]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-07-23 142648]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-01 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Re: Kontrola logu
Trochu som to prečistil MBA, SuperAntispyware, CCleaner, trochu ručne opatrne registre, prebehol som to Combofixom a prikladám log, lebo sa mi tam niečo nevidí, ale nie som si istý.
Ďakujem za ochotu.
ComboFix 14-12-14.01 - Ivan . 12. 2014 11:42:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.1535.1173 [GMT 1:00]
Running from: c:\documents and settings\Ivan\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivan\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2014-11-18 to 2014-12-18 )))))))))))))))))))))))))))))))
.
.
2014-12-18 10:30 . 2014-12-18 10:37 -------- d-----w- c:\program files\a2 Free
2014-12-18 10:16 . 2014-12-18 10:16 -------- d-----w- c:\documents and settings\Ivan\Doctor Web
2014-12-17 17:55 . 2014-12-17 17:55 189 ----a-w- c:\documents and settings\All Users\Data aplikací\1418838929.2408.bin
2014-12-17 17:55 . 2014-12-17 17:55 2058 ----a-w- c:\documents and settings\All Users\Data aplikací\1418838929.2380.bin
2014-12-17 17:55 . 2014-12-17 17:55 40094 ----a-w- c:\documents and settings\All Users\Data aplikací\1418838929.2072.bin
2014-12-17 17:29 . 2014-12-17 17:29 44727 ----a-w- c:\documents and settings\All Users\Data aplikací\1418837301.bdinstall.bin
2014-12-17 17:05 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-17 17:01 . 2014-12-17 17:01 -------- d-----w- c:\documents and settings\Ivan\Data aplikací\Malwarebytes
2014-12-17 17:00 . 2014-12-17 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-12-17 16:57 . 2014-12-17 16:57 -------- d-----w- C:\!KillBox
2014-12-17 15:41 . 2014-12-17 15:41 -------- d-----w- c:\documents and settings\Ivan\Data aplikací\SUPERAntiSpyware.com
2014-12-17 15:40 . 2014-12-18 09:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-12-17 15:40 . 2014-12-17 15:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-12-17 15:27 . 2014-12-17 17:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-12-17 15:13 . 2014-12-17 15:18 -------- d-----w- C:\FRST
2014-12-17 15:01 . 2014-12-17 15:01 -------- d-----w- C:\rsit
2014-12-12 08:37 . 2014-12-12 08:37 -------- d-----w- c:\program files\Microsoft Silverlight
2014-12-01 16:59 . 2014-12-01 16:59 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-01 16:59 . 2014-12-01 16:59 43152 ----a-w- c:\windows\avastSS.scr
2014-12-01 13:39 . 2014-12-01 13:39 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Data aplikací\Help
2014-11-23 16:28 . 2014-11-24 05:18 -------- d-----w- c:\documents and settings\Ivan\Data aplikací\Trillian
2014-11-23 16:28 . 2014-12-18 09:56 -------- d-----w- c:\program files\Trillian
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-12 10:37 . 2014-08-07 07:46 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 10:37 . 2014-08-07 07:46 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-01 17:00 . 2014-08-07 11:57 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-01 16:59 . 2014-08-07 11:57 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-01 16:59 . 2014-08-07 11:57 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-12-01 16:59 . 2014-08-07 11:57 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-01 16:59 . 2014-08-07 11:57 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-01 16:59 . 2014-08-07 11:57 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-01 16:59 . 2014-08-07 11:57 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-12-01 16:59 . 2014-08-07 11:57 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-01 16:59 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autoche\0autoche
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Remote Control.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-07-12 08:11 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-12-18 07:53 6699800 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
2010-09-22 12:08 124928 ----a-w- c:\program files\GIGABYTE\vivoTV\ScheduleAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2007-07-11 09:34 53248 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 17:19 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\hp laserjet m1522\\Fax Config utility1.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\HP\\hp laserjet m1522\\hppfaxnc1.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7. 8. 2014 12:57 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7. 8. 2014 12:57 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [7. 8. 2014 12:57 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7. 8. 2014 12:57 423784]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22. 7. 2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12. 7. 2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23. 7. 2014 0:47 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [7. 8. 2014 12:57 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7. 8. 2014 12:57 70384]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [6. 8. 2014 12:10 14336]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [9. 8. 2014 23:22 143264]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [8. 8. 2014 14:56 32800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-01 16:59]
.
2014-12-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 12fa6a88-2a20-44f4-b571-65b9ea00b1d9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-12-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a5cbd65e-a685-4cef-becd-ff873046c1ba.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ivan\Data aplikací\Mozilla\Firefox\Profiles\6p59zt6l.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-18 11:51
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-436374069-1708537768-682003330-1003\Software\Andreas Haak\a*Ű]
"Language"="English"
.
Completion time: 2014-12-18 11:54:10
ComboFix-quarantined-files.txt 2014-12-18 10:54
.
Pre-Run: Volných bajtů: 34 690 220 032
Post-Run: Volných bajtů: 34 798 006 272
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F1906915997A054E2D12B84EADCFDBDB
413FC2A0C716421B3158746D63736515
Ďakujem za ochotu.
ComboFix 14-12-14.01 - Ivan . 12. 2014 11:42:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.1535.1173 [GMT 1:00]
Running from: c:\documents and settings\Ivan\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivan\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2014-11-18 to 2014-12-18 )))))))))))))))))))))))))))))))
.
.
2014-12-18 10:30 . 2014-12-18 10:37 -------- d-----w- c:\program files\a2 Free
2014-12-18 10:16 . 2014-12-18 10:16 -------- d-----w- c:\documents and settings\Ivan\Doctor Web
2014-12-17 17:55 . 2014-12-17 17:55 189 ----a-w- c:\documents and settings\All Users\Data aplikací\1418838929.2408.bin
2014-12-17 17:55 . 2014-12-17 17:55 2058 ----a-w- c:\documents and settings\All Users\Data aplikací\1418838929.2380.bin
2014-12-17 17:55 . 2014-12-17 17:55 40094 ----a-w- c:\documents and settings\All Users\Data aplikací\1418838929.2072.bin
2014-12-17 17:29 . 2014-12-17 17:29 44727 ----a-w- c:\documents and settings\All Users\Data aplikací\1418837301.bdinstall.bin
2014-12-17 17:05 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-17 17:01 . 2014-12-17 17:01 -------- d-----w- c:\documents and settings\Ivan\Data aplikací\Malwarebytes
2014-12-17 17:00 . 2014-12-17 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-12-17 16:57 . 2014-12-17 16:57 -------- d-----w- C:\!KillBox
2014-12-17 15:41 . 2014-12-17 15:41 -------- d-----w- c:\documents and settings\Ivan\Data aplikací\SUPERAntiSpyware.com
2014-12-17 15:40 . 2014-12-18 09:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-12-17 15:40 . 2014-12-17 15:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-12-17 15:27 . 2014-12-17 17:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-12-17 15:13 . 2014-12-17 15:18 -------- d-----w- C:\FRST
2014-12-17 15:01 . 2014-12-17 15:01 -------- d-----w- C:\rsit
2014-12-12 08:37 . 2014-12-12 08:37 -------- d-----w- c:\program files\Microsoft Silverlight
2014-12-01 16:59 . 2014-12-01 16:59 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-01 16:59 . 2014-12-01 16:59 43152 ----a-w- c:\windows\avastSS.scr
2014-12-01 13:39 . 2014-12-01 13:39 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Data aplikací\Help
2014-11-23 16:28 . 2014-11-24 05:18 -------- d-----w- c:\documents and settings\Ivan\Data aplikací\Trillian
2014-11-23 16:28 . 2014-12-18 09:56 -------- d-----w- c:\program files\Trillian
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-12 10:37 . 2014-08-07 07:46 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 10:37 . 2014-08-07 07:46 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-01 17:00 . 2014-08-07 11:57 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-01 16:59 . 2014-08-07 11:57 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-01 16:59 . 2014-08-07 11:57 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-12-01 16:59 . 2014-08-07 11:57 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-01 16:59 . 2014-08-07 11:57 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-01 16:59 . 2014-08-07 11:57 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-01 16:59 . 2014-08-07 11:57 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-12-01 16:59 . 2014-08-07 11:57 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-01 16:59 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autoche\0autoche
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Remote Control.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-07-12 08:11 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-12-18 07:53 6699800 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
2010-09-22 12:08 124928 ----a-w- c:\program files\GIGABYTE\vivoTV\ScheduleAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2007-07-11 09:34 53248 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 17:19 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\hp laserjet m1522\\Fax Config utility1.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\HP\\hp laserjet m1522\\hppfaxnc1.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7. 8. 2014 12:57 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7. 8. 2014 12:57 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [7. 8. 2014 12:57 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [7. 8. 2014 12:57 423784]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22. 7. 2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12. 7. 2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23. 7. 2014 0:47 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [7. 8. 2014 12:57 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7. 8. 2014 12:57 70384]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [6. 8. 2014 12:10 14336]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [9. 8. 2014 23:22 143264]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [8. 8. 2014 14:56 32800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-01 16:59]
.
2014-12-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 12fa6a88-2a20-44f4-b571-65b9ea00b1d9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-12-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a5cbd65e-a685-4cef-becd-ff873046c1ba.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ivan\Data aplikací\Mozilla\Firefox\Profiles\6p59zt6l.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-18 11:51
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-436374069-1708537768-682003330-1003\Software\Andreas Haak\a*Ű]
"Language"="English"
.
Completion time: 2014-12-18 11:54:10
ComboFix-quarantined-files.txt 2014-12-18 10:54
.
Pre-Run: Volných bajtů: 34 690 220 032
Post-Run: Volných bajtů: 34 798 006 272
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F1906915997A054E2D12B84EADCFDBDB
413FC2A0C716421B3158746D63736515
Re: Kontrola logu
Odinštaloval som ComboFix a prikladám ešte log z RSIT. Pozrel som tie súbory, ak je niečo zlé, sám si netrúfam urobiť script pre ComboFix.
Pozriete mi to prosím? Ďakujem pekne.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivan at 2014-12-18 13:18:08
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (74%) free of 45 GB
Total RAM: 1535 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:12, on 18. 12. 2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Trillian\trillian.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\RSIT.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\Ivan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 2410 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 12fa6a88-2a20-44f4-b571-65b9ea00b1d9.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a5cbd65e-a685-4cef-becd-ff873046c1ba.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-12 5227112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-07-12 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-12-18 6699800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe [2010-09-22 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2007-07-11 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Remote Control.lnk]
C:\PROGRA~1\GIGABYTE\U7300U~1\CONRCtl.exe [2011-05-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe"="C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe"="C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe:*:Enabled:HP Networked Printer Installer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2014-12-18 11:54:11 ----A---- C:\ComboFix.txt
2014-12-18 11:40:14 ----A---- C:\Boot.bak
2014-12-18 11:40:10 ----RASHD---- C:\cmdcons
2014-12-18 11:38:06 ----D---- C:\WINDOWS\erdnt
2014-12-18 10:29:47 ----N---- C:\WINDOWS\SchedLgU.Txt
2014-12-17 18:01:12 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Malwarebytes
2014-12-17 18:00:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-12-17 17:57:54 ----D---- C:\!KillBox
2014-12-17 16:41:00 ----D---- C:\Documents and Settings\Ivan\Data aplikací\SUPERAntiSpyware.com
2014-12-17 16:40:12 ----D---- C:\Program Files\SUPERAntiSpyware
2014-12-17 16:40:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-12-17 16:27:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-12-17 16:13:02 ----D---- C:\FRST
2014-12-17 16:01:21 ----D---- C:\rsit
2014-12-12 09:37:05 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-09 09:49:23 ----D---- C:\Program Files\Mozilla Firefox
2014-12-01 17:59:45 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-12-01 14:39:14 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Help
2014-11-28 10:05:42 ----A---- C:\WINDOWS\vzory.ini
2014-11-23 17:28:29 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Trillian
2014-11-23 17:28:00 ----D---- C:\Program Files\Trillian
======List of files/folders modified in the last 1 months======
2014-12-18 13:17:08 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-18 13:13:22 ----D---- C:\WINDOWS\Prefetch
2014-12-18 13:00:32 ----D---- C:\WINDOWS
2014-12-18 13:00:18 ----SHD---- C:\System Volume Information
2014-12-18 13:00:18 ----D---- C:\WINDOWS\system32\Restore
2014-12-18 12:59:36 ----D---- C:\WINDOWS\system32\drivers
2014-12-18 12:04:10 ----RD---- C:\Program Files
2014-12-18 12:03:51 ----D---- C:\WINDOWS\Temp
2014-12-18 11:55:30 ----D---- C:\WINDOWS\system32\CatRoot2
2014-12-18 11:51:58 ----A---- C:\WINDOWS\system.ini
2014-12-18 11:48:01 ----D---- C:\WINDOWS\system32
2014-12-18 11:48:00 ----D---- C:\WINDOWS\AppPatch
2014-12-18 11:47:53 ----D---- C:\Program Files\Common Files
2014-12-18 11:40:14 ----ASH---- C:\boot.ini
2014-12-18 11:23:25 ----D---- C:\WINDOWS\system32\config
2014-12-18 10:30:02 ----D---- C:\WINDOWS\SoftwareDistribution
2014-12-18 09:37:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-12-17 18:39:38 ----D---- C:\AdwCleaner
2014-12-17 17:53:58 ----A---- C:\WINDOWS\wincmd.ini
2014-12-17 17:30:58 ----SHD---- C:\WINDOWS\Installer
2014-12-17 17:24:14 ----RSD---- C:\WINDOWS\assembly
2014-12-17 17:22:23 ----D---- C:\WINDOWS\WinSxS
2014-12-17 17:21:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-17 17:21:23 ----D---- C:\WINDOWS\system32\en-US
2014-12-17 16:41:06 ----SD---- C:\WINDOWS\Tasks
2014-12-12 11:37:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-12 09:37:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-12-10 10:22:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-12-06 14:19:02 ----A---- C:\WINDOWS\wcx_ftp.ini
2014-12-04 21:40:10 ----D---- C:\Documents and Settings\Ivan\Data aplikací\vlc
2014-12-04 13:06:32 ----D---- C:\Program Files\Messenger
2014-12-04 13:06:31 ----D---- C:\Program Files\HD Tune
2014-12-01 15:15:25 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-12-01 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-12-01 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-12-01 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-12-01 57928]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-12-01 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-12-01 70384]
R3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-08-21 11264]
R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-08-21 14336]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2011-05-03 143264]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2011-05-03 32800]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\DOCUME~1\Ivan\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-07-23 142648]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-01 50344]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Pozriete mi to prosím? Ďakujem pekne.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivan at 2014-12-18 13:18:08
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (74%) free of 45 GB
Total RAM: 1535 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:12, on 18. 12. 2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Trillian\trillian.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\RSIT.exe
D:\Ivan\Záloha PC\Programy\Antivír\HiJackthis\Ivan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 2410 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 12fa6a88-2a20-44f4-b571-65b9ea00b1d9.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a5cbd65e-a685-4cef-becd-ff873046c1ba.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-12 5227112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-07-12 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-12-18 6699800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe [2010-09-22 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2007-07-11 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Remote Control.lnk]
C:\PROGRA~1\GIGABYTE\U7300U~1\CONRCtl.exe [2011-05-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe"="C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe"="C:\Program Files\HP\hp laserjet m1522\hppfaxnc1.exe:*:Enabled:HP Networked Printer Installer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2014-12-18 11:54:11 ----A---- C:\ComboFix.txt
2014-12-18 11:40:14 ----A---- C:\Boot.bak
2014-12-18 11:40:10 ----RASHD---- C:\cmdcons
2014-12-18 11:38:06 ----D---- C:\WINDOWS\erdnt
2014-12-18 10:29:47 ----N---- C:\WINDOWS\SchedLgU.Txt
2014-12-17 18:01:12 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Malwarebytes
2014-12-17 18:00:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-12-17 17:57:54 ----D---- C:\!KillBox
2014-12-17 16:41:00 ----D---- C:\Documents and Settings\Ivan\Data aplikací\SUPERAntiSpyware.com
2014-12-17 16:40:12 ----D---- C:\Program Files\SUPERAntiSpyware
2014-12-17 16:40:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-12-17 16:27:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-12-17 16:13:02 ----D---- C:\FRST
2014-12-17 16:01:21 ----D---- C:\rsit
2014-12-12 09:37:05 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-09 09:49:23 ----D---- C:\Program Files\Mozilla Firefox
2014-12-01 17:59:45 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-12-01 14:39:14 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Help
2014-11-28 10:05:42 ----A---- C:\WINDOWS\vzory.ini
2014-11-23 17:28:29 ----D---- C:\Documents and Settings\Ivan\Data aplikací\Trillian
2014-11-23 17:28:00 ----D---- C:\Program Files\Trillian
======List of files/folders modified in the last 1 months======
2014-12-18 13:17:08 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-18 13:13:22 ----D---- C:\WINDOWS\Prefetch
2014-12-18 13:00:32 ----D---- C:\WINDOWS
2014-12-18 13:00:18 ----SHD---- C:\System Volume Information
2014-12-18 13:00:18 ----D---- C:\WINDOWS\system32\Restore
2014-12-18 12:59:36 ----D---- C:\WINDOWS\system32\drivers
2014-12-18 12:04:10 ----RD---- C:\Program Files
2014-12-18 12:03:51 ----D---- C:\WINDOWS\Temp
2014-12-18 11:55:30 ----D---- C:\WINDOWS\system32\CatRoot2
2014-12-18 11:51:58 ----A---- C:\WINDOWS\system.ini
2014-12-18 11:48:01 ----D---- C:\WINDOWS\system32
2014-12-18 11:48:00 ----D---- C:\WINDOWS\AppPatch
2014-12-18 11:47:53 ----D---- C:\Program Files\Common Files
2014-12-18 11:40:14 ----ASH---- C:\boot.ini
2014-12-18 11:23:25 ----D---- C:\WINDOWS\system32\config
2014-12-18 10:30:02 ----D---- C:\WINDOWS\SoftwareDistribution
2014-12-18 09:37:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-12-17 18:39:38 ----D---- C:\AdwCleaner
2014-12-17 17:53:58 ----A---- C:\WINDOWS\wincmd.ini
2014-12-17 17:30:58 ----SHD---- C:\WINDOWS\Installer
2014-12-17 17:24:14 ----RSD---- C:\WINDOWS\assembly
2014-12-17 17:22:23 ----D---- C:\WINDOWS\WinSxS
2014-12-17 17:21:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-17 17:21:23 ----D---- C:\WINDOWS\system32\en-US
2014-12-17 16:41:06 ----SD---- C:\WINDOWS\Tasks
2014-12-12 11:37:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-12 09:37:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2014-12-10 10:22:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-12-06 14:19:02 ----A---- C:\WINDOWS\wcx_ftp.ini
2014-12-04 21:40:10 ----D---- C:\Documents and Settings\Ivan\Data aplikací\vlc
2014-12-04 13:06:32 ----D---- C:\Program Files\Messenger
2014-12-04 13:06:31 ----D---- C:\Program Files\HD Tune
2014-12-01 15:15:25 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-12-01 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-12-01 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-12-01 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-12-01 57928]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-12-01 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-12-01 70384]
R3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-08-21 11264]
R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-08-21 14336]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2011-05-03 143264]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2011-05-03 32800]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\DOCUME~1\Ivan\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-07-23 142648]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-01 50344]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 118238
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Já jsem vám doporučil spustit Combofix? Mám chuť se vám na to vykašlat, neboť CF je profesionální utilita, kterou si laik snadno může poškodit systém, navíc smaž určité stopy, které v systému zanechá havěť a pak je není v RSIT vidět. Navíc vám v systému chybí důležitá záplata, zvaná SP3, bez níž je systém zcela otevřen malwaru. Pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=5601 (bod 3)jste asi nečetl, že?
Log RSIT je již čistý.
Log RSIT je již čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
Pozeral som RSIT aj pred CF, preto som spustil CF, nerobil som to prvý raz, ale ospravedlňujem sa.
svchost už nenabieha, panely nástrojov ako predtým, vyzerá, že je to v poriadku.
Ďakujem.
svchost už nenabieha, panely nástrojov ako predtým, vyzerá, že je to v poriadku.
Ďakujem.
Přispějete na provoz fóra?