Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosim vas o kontrolu logu... nepripaja sa na internet

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
vincenzo1404
Návštěvník
Návštěvník
Příspěvky: 47
Registrován: 25 lis 2009 19:31

prosim vas o kontrolu logu... nepripaja sa na internet

#1 Příspěvek od vincenzo1404 »

Dobry den...prosim vas neskontrolovali bz ste mi log nakolko ma pocitat problem s pripojenim na wifi...napise ze je obmedzene lebo ziadne pripojenie a mam vela schvost procesov ktore bezia... Dakujem za skoru odpoved



Logfile of random's system information tool 1.06 (written by random/random)
Run by Žilka Filip at 2010-01-01 10:29:27
Microsoft Windows XP Professional Service Pack 3, v.3244
System drive C: has 33 GB (61%) free of 55 GB
Total RAM: 1022 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:37, on 1. 1. 2010
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Java\jre6\bin\jqsnotify.exe
D:\Preberanie\RSIT.exe
D:\Preberanie\Žilka Filip.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 3562 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UniKey"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-22 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"NoFolderOptions"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Warcraft\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft\Warcraft III\War3.exe"="C:\Program Files\Warcraft\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Colin McRae Rally 4 v1.1\cmr4.exe"="C:\Program Files\Colin McRae Rally 4 v1.1\cmr4.exe:*:Enabled:Colin McRae Rally 04 Application"
"C:\Documents and Settings\Žilka Filip\Local Settings\temp\java_ee_sdk-5_08-jdk-6u17-windows.exe2\package\jre\bin\javaw.exe"="C:\Documents and Settings\Žilka Filip\Local Settings\temp\java_ee_sdk-5_08-jdk-6u17-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-01-01 10:29:27 ----D---- C:\rsit
2010-01-01 09:35:43 ----SHD---- C:\Config.Msi
2010-01-01 03:06:50 ----D---- C:\WINDOWS\CSC
2009-12-31 22:37:20 ----N---- C:\WINDOWS\system32\agrsmdel.exe
2009-12-28 17:43:00 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-12-28 17:42:57 ----A---- C:\WINDOWS\system32\guard32.dll
2009-12-28 15:53:51 ----HD---- C:\$AVG
2009-12-28 15:53:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-28 15:53:03 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-12-28 15:52:24 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-12-28 09:45:28 ----D---- C:\Program Files\WinClamAVShield
2009-12-27 13:06:58 ----D---- C:\PSecret
2009-12-24 09:59:47 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-12-24 09:59:46 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-12-23 17:13:50 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\FUJIFILM
2009-12-23 17:12:36 ----D---- C:\Program Files\FinePixViewer
2009-12-23 17:12:36 ----A---- C:\WINDOWS\system32\FFTIFF16.dll
2009-12-23 17:12:36 ----A---- C:\WINDOWS\system32\FFRafShellEx.dll
2009-12-23 17:12:36 ----A---- C:\WINDOWS\system32\FFRAFLIB.DLL
2009-12-04 22:09:38 ----D---- C:\Program Files\BearShare
2009-11-29 11:49:17 ----D---- C:\Program Files\Full Tilt Poker
2009-11-27 12:37:04 ----A---- C:\WINDOWS\system32\cssdll32.dll
2009-11-27 12:37:00 ----D---- C:\Program Files\AskBarDis
2009-11-27 12:34:53 ----D---- C:\Program Files\COMODO
2009-11-27 12:17:31 ----D---- C:\Sun
2009-11-27 11:56:58 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Spyware Terminator
2009-11-27 11:56:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-11-27 11:56:49 ----D---- C:\Program Files\Spyware Terminator
2009-11-27 11:13:35 ----D---- C:\Program Files\VS Revo Group
2009-11-27 11:10:35 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-27 10:23:49 ----D---- C:\Program Files\CCleaner
2009-11-26 08:16:51 ----D---- C:\Program Files\Colin McRae Rally 4 v1.1
2009-11-25 16:51:51 ----D---- C:\WINDOWS\system32\NtmsData
2009-11-25 14:32:47 ----D---- C:\WINDOWS\temp
2009-11-25 13:39:41 ----A---- C:\Boot.bak
2009-11-25 13:39:19 ----RSHD---- C:\cmdcons
2009-11-22 15:26:04 ----D---- C:\Program Files\Orban
2009-11-21 15:02:21 ----A---- C:\WINDOWS\War3Unin.exe
2009-11-21 14:59:58 ----D---- C:\Program Files\Warcraft
2009-11-15 19:51:33 ----D---- C:\BrowserPlusPlugins
2009-11-15 19:51:04 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-11-15 19:51:03 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Yahoo!
2009-11-15 19:50:36 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-11-15 19:42:38 ----D---- C:\Program Files\Yahoo!
2009-11-14 18:03:22 ----D---- C:\WINDOWS\SxsCaPendDel
2009-11-14 13:02:12 ----D---- C:\WINDOWS\system32\VIRepair
2009-11-13 18:05:53 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-11-13 18:05:50 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Azureus
2009-11-13 18:05:32 ----D---- C:\Program Files\Vuze
2009-11-13 17:27:11 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\uTorrent
2009-11-08 08:58:29 ----D---- C:\Program Files\Píšeme všetkými desiatimi
2009-11-08 08:36:39 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-08 08:36:39 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-08 08:36:39 ----A---- C:\WINDOWS\system32\java.exe
2009-11-08 08:33:00 ----D---- C:\Program Files\Common Files\Java
2009-11-08 08:32:10 ----D---- C:\Program Files\Suga
2009-10-30 20:04:43 ----D---- C:\Program Files\AVG
2009-10-23 19:13:11 ----D---- C:\Program Files\Thoosje Vista Sidebar
2009-10-21 20:34:22 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\ViStart
2009-10-21 20:32:19 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Styler
2009-10-21 20:32:12 ----D---- C:\Program Files\TrueTransparency
2009-10-21 20:32:11 ----D---- C:\Program Files\WinFlip
2009-10-21 20:32:09 ----D---- C:\Program Files\Styler
2009-10-21 20:28:59 ----D---- C:\WINDOWS\system32\VITrans
2009-10-21 20:28:57 ----D---- C:\VTPFiles
2009-10-21 20:28:56 ----A---- C:\WINDOWS\system32\Uharc.exe
2009-10-21 20:28:56 ----A---- C:\WINDOWS\system32\reico.exe
2009-10-21 20:28:56 ----A---- C:\WINDOWS\system32\moveex.exe
2009-10-21 20:28:56 ----A---- C:\WINDOWS\system32\modifype.exe
2009-10-19 20:14:11 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Malwarebytes
2009-10-19 20:14:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-19 20:14:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-19 18:06:29 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Panda Security
2009-10-19 18:05:50 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2009-10-19 17:25:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-19 17:17:58 ----D---- C:\Program Files\Trend Micro
2009-10-19 15:24:32 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-10-18 18:44:31 ----D---- C:\Program Files\Crawler
2009-10-18 18:37:01 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-10-18 18:28:33 ----D---- C:\WINDOWS\Minidump
2009-10-18 16:35:25 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\InstallShield
2009-10-18 16:25:03 ----A---- C:\WINDOWS\system32\AscSQLite.dll
2009-10-18 16:25:03 ----A---- C:\WINDOWS\system32\ascbalon.dll
2009-10-18 16:25:01 ----A---- C:\WINDOWS\system32\AscConTest.dll
2009-10-03 17:18:52 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

======List of files/folders modified in the last 3 months======

2010-01-01 10:29:37 ----D---- C:\WINDOWS\Prefetch
2010-01-01 10:28:53 ----D---- C:\Program Files\Mozilla Firefox
2010-01-01 10:19:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-01 10:07:10 ----D---- C:\WINDOWS
2010-01-01 09:50:06 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Skype
2010-01-01 09:48:52 ----D---- C:\WINDOWS\system32\config
2010-01-01 09:48:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-01 09:39:30 ----SHD---- C:\WINDOWS\Installer
2010-01-01 09:38:59 ----RD---- C:\Program Files
2010-01-01 09:38:47 ----D---- C:\WINDOWS\system32\drivers
2010-01-01 09:38:41 ----D---- C:\WINDOWS\system32
2010-01-01 03:25:42 ----SHD---- C:\System Volume Information
2010-01-01 03:25:42 ----D---- C:\WINDOWS\system32\Restore
2010-01-01 02:48:26 ----D---- C:\WINDOWS\Debug
2010-01-01 00:04:44 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\skypePM
2009-12-31 22:37:21 ----D---- C:\WINDOWS\Driver Cache
2009-12-31 22:37:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-31 18:28:19 ----A---- C:\WINDOWS\system32\results.txt
2009-12-31 18:28:11 ----HD---- C:\WINDOWS\inf
2009-12-31 18:27:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-28 15:50:45 ----SD---- C:\Documents and Settings\Žilka Filip\Application Data\Microsoft
2009-12-27 17:11:43 ----D---- C:\WINDOWS\WinSxS
2009-12-27 13:07:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-27 13:06:29 ----D---- C:\Program Files\SMSC
2009-12-23 17:14:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-21 21:11:19 ----D---- C:\Program Files\Google
2009-11-27 11:20:11 ----D---- C:\Program Files\Mafiamaps
2009-11-27 11:01:01 ----D---- C:\Program Files\Java
2009-11-25 16:56:09 ----D---- C:\WINDOWS\repair
2009-11-25 16:55:49 ----D---- C:\WINDOWS\Registration
2009-11-25 16:51:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-25 14:36:29 ----A---- C:\WINDOWS\system.ini
2009-11-25 14:32:33 ----SD---- C:\WINDOWS\Tasks
2009-11-25 14:31:31 ----D---- C:\WINDOWS\AppPatch
2009-11-25 14:31:28 ----D---- C:\Program Files\Common Files
2009-11-25 13:53:29 ----D---- C:\Program Files\NetMeeting
2009-11-25 13:39:41 ----RASH---- C:\boot.ini
2009-11-22 09:47:58 ----A---- C:\WINDOWS\WDICT32.INI
2009-11-14 13:03:49 ----D---- C:\Program Files\Windows Media Player
2009-11-14 13:03:48 ----D---- C:\Program Files\Outlook Express
2009-11-14 13:03:48 ----D---- C:\Program Files\Internet Explorer
2009-11-14 13:01:42 ----D---- C:\WINDOWS\Cursors
2009-11-14 13:01:41 ----D---- C:\WINDOWS\Media
2009-11-14 12:40:31 ----D---- C:\Program Files\Microsoft Games
2009-10-30 19:33:09 ----D---- C:\WINDOWS\system
2009-10-25 13:58:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-23 17:44:01 ----D---- C:\WINDOWS\system32\wbem
2009-10-23 17:44:01 ----D---- C:\WINDOWS\Network Diagnostic
2009-10-23 17:44:00 ----D---- C:\WINDOWS\system32\usmt
2009-10-23 17:44:00 ----D---- C:\WINDOWS\system32\oobe
2009-10-23 17:44:00 ----D---- C:\Program Files\Windows NT
2009-10-23 17:43:59 ----D---- C:\WINDOWS\system32\Setup
2009-10-23 17:43:59 ----D---- C:\WINDOWS\srchasst
2009-10-23 17:43:59 ----D---- C:\WINDOWS\msagent
2009-10-23 17:43:59 ----D---- C:\WINDOWS\ime
2009-10-23 17:43:59 ----D---- C:\Program Files\Common Files\System
2009-10-23 17:43:57 ----D---- C:\WINDOWS\system32\1033
2009-10-23 17:17:48 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-10-19 16:40:44 ----D---- C:\WINDOWS\system32\Lang
2009-10-19 15:49:52 ----A---- C:\WINDOWS\win.ini
2009-10-15 16:16:08 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-28 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-29 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-29 360584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-12-28 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-12-28 24096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-10-30 36352]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2007-10-30 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-12-31 21275]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 ipasintf;ipasintf; \??\C:\WINDOWS\System32\drivers\pas2k.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2007-10-30 88192]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-06-25 44384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-10-14 1121472]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-10-30 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-22 1505792]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-12-02 854826]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2007-10-30 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-12-02 179200]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-17 4069888]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\System32\Drivers\lv321av.sys [2005-11-30 1088896]
R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2005-11-30 39424]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-10-30 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2007-10-30 28672]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-07 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-10-30 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-10-30 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-10-30 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-26 1427968]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-12-02 328141]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-12-02 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-12-02 148488]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-12-02 65016]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-10-30 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-10-30 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-10-30 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-10-30 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-10-30 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-10-13 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-10-13 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-10-13 124928]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2005-10-13 12800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-10-30 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-10-30 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-10-30 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-10-30 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-10-30 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-03-06 427288]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-22 405504]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-28 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-29 285392]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-12-02 266295]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-12-28 692496]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2007-10-30 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-25 152984]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-11-30 81920]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-27 488960]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-03-06 495936]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.06 2010-01-01 10:29:39

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
18 Wheels of Steel: American Long Haul -->C:\Program Files\18 Wheels of Steel American Long Haul\uninst.exe
5 IN 1 Card Reader-->MsiExec.exe /I{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}
Acronis True Image Home-->MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{FF698806-06EA-4C79-A944-329BF041B614}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Celestia 1.5.0-->"C:\Program Files\Celestia\unins000.exe"
Colin McRae Rally 4 v1.1-->"C:\Program Files\Colin McRae Rally 4 v1.1\unins000.exe"
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.5-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Full Tilt Poker-->C:\Program Files\Full Tilt Poker\uninstall.exe
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java Platform, Enterprise Edition 5 SDK-->"C:\Sun\SDK\uninstall.exe" -javahome "C:\Sun\SDK\jdk"
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
K-Lite Codec Pack 4.7.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Mafia Game-->C:\WINDOWS\system32\MafiaSetup.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Suga 15.0-->"C:\Program Files\Suga\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Flight Simulator 2004 A Century of Flight-->"C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Motocross Madness 2-->"C:\Program Files\Microsoft Games\Motocross Madness 2\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 9.0.9.4c Micro (Revision 5)-->"C:\Program Files\Nero 9 Micro\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B7757137-0A71-4A9F-8A82-1AE4A1B73420}
Nokia PC Suite-->MsiExec.exe /I{FF059F2A-62A7-4E6A-B305-559591D2769E}
O2Micro Smartcard Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9D56AFAF-F1AE-4157-9813-C46112DAC4EC} /l1033
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
Píšeme všetkými desiatimi-->C:\Program Files\Píšeme všetkými desiatimi\Uninstal.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Thoosje Vista Sidebar-->C:\Program Files\Thoosje Vista Sidebar\Uninstal.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Vivitar Experience Image Manager-->C:\Program Files\Vivitar Experience Image Manager\uninstaller.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless [2010-01-01]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com [2010-01-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2010-01-01]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-01-01]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com [2010-01-01]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com [2010-01-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2010-01-01]
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-01-01]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-01-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2010-01-01]
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-01]
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2010-01-01]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-01]
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2010-01-01]
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-01-01]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-01-01]
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2010-01-01]
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-01]
O8 - Extra context menu item: Crawler Search - tbr:iemenu [2010-01-01]
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-01]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2010-01-01]
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe [2010-01-01]
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-01-01]
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [2010-01-01]
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [2010-01-01]
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2010-01-01]
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [2010-01-01]
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-01-01]
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe [2010-01-01]
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2010-01-01]
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2010-01-01]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2010-01-01]
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-01]
O4 - Startup: SDK Tray Menu.lnk = ? [2010-01-01]
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [2010-01-01]
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-01]
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe [2010-01-01]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2010-01-01]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [2010-01-01]
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-01]
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-01]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-01]
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2010-01-01]
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2010-01-01]
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe [2010-01-01]
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-01-01]
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-01]
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2010-01-01]
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2010-01-01]
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2010-01-01]
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-01]
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-01]
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe [2010-01-01]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll [2010-01-01]
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-01]
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2010-01-01]
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2010-01-01]
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2010-01-01]
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2010-01-01]

Securitycenter WMI appears to be broken

======System event log======

Computer Name: PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6361
Source Name: Tcpip
Time Written: 20091221195007.000000-360
Event Type: warning
User:

Computer Name: PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6341
Source Name: Tcpip
Time Written: 20091220205340.000000-360
Event Type: warning
User:

Computer Name: PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6328
Source Name: Tcpip
Time Written: 20091220173635.000000-360
Event Type: warning
User:

Computer Name: PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6323
Source Name: Tcpip
Time Written: 20091220163354.000000-360
Event Type: warning
User:

Computer Name: PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6322
Source Name: Tcpip
Time Written: 20091220153150.000000-360
Event Type: warning
User:

=====Application event log=====

Computer Name: PC
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 5868
Source Name: Userenv
Time Written: 20091220152831.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 5867
Source Name: Userenv
Time Written: 20091220152828.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 5864
Source Name: SecurityCenter
Time Written: 20091220152819.000000-360
Event Type: error
User:

Computer Name: PC
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 5858
Source Name: Userenv
Time Written: 20091220151351.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 5857
Source Name: Userenv
Time Written: 20091220144916.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Uživatelský avatar
determinátor
Nedůvěryhodný
Příspěvky: 25
Registrován: 15 pro 2009 17:58
Kontaktovat uživatele:

Re: prosim vas o kontrolu logu... nepripaja sa na internet

#2 Příspěvek od determinátor »

Skúste najprv vypnúť Comodo. Nakoľko je to dobrý Firewall môže sa sťať že bude blokovať čo nemá.
EDIT: Ak nepomôže hned zapnite.
Ten e-mail nieje môj. :-D

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23301
Registrován: 23 říj 2008 08:02
Bydliště: Haná

Re: prosim vas o kontrolu logu... nepripaja sa na internet

#3 Příspěvek od motji »

Dobrý večer :)
Nevím jestli to blokuje firewall, ale něco v logu vidím :turned:

:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

vincenzo1404
Návštěvník
Návštěvník
Příspěvky: 47
Registrován: 25 lis 2009 19:31

Re: prosim vas o kontrolu logu... nepripaja sa na internet

#4 Příspěvek od vincenzo1404 »

ComboFix 09-12-31.A1 - Administrator 01.01.2010 15:24:51.5.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.739 [GMT -6:00]
Running from: G:\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 16:29 . 2010-01-01 16:29 -------- d-----w- C:\rsit
2010-01-01 09:07 . 2010-01-01 09:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-01-01 04:37 . 2005-05-02 10:10 68096 ------w- c:\windows\system32\agrsmdel.exe
2009-12-30 01:02 . 2009-09-18 18:28 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-12-29 15:51 . 2009-12-28 21:53 356616 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-12-29 15:51 . 2009-12-28 21:53 161672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2009-12-29 15:51 . 2009-12-28 21:53 12464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsstx.dll
2009-12-28 21:53 . 2009-12-29 15:50 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-28 21:53 . 2009-12-29 15:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-28 21:53 . 2009-12-28 21:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-28 21:53 . 2009-12-29 15:51 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-28 21:53 . 2009-12-31 15:19 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-28 21:53 . 2009-12-30 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-28 21:52 . 2010-01-01 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-28 15:45 . 2009-12-31 03:58 -------- d-----w- c:\program files\WinClamAVShield
2009-12-27 19:06 . 2009-12-27 19:07 -------- d-----w- C:\PSecret
2009-12-24 15:59 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-24 15:59 . 2007-10-31 06:32 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-24 15:59 . 2007-10-31 01:00 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-24 15:59 . 2007-10-31 01:00 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-23 23:12 . 2009-12-27 03:26 -------- d-----w- c:\program files\FinePixViewer
2009-12-23 23:12 . 2006-07-12 20:39 208896 ----a-w- c:\windows\system32\FFRafShellEx.dll
2009-12-23 23:12 . 2004-07-25 03:28 155648 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2009-12-23 23:12 . 2003-09-03 22:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2009-12-05 04:09 . 2009-12-27 18:34 -------- d-----w- c:\program files\BearShare
2009-12-03 01:46 . 2009-11-10 20:39 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 15:58 . 2009-12-28 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-01-01 15:44 . 2009-11-27 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-01 15:43 . 2009-11-27 17:56 -------- d-----w- c:\program files\Spyware Terminator
2010-01-01 09:35 . 2009-10-20 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 00:28 . 2009-06-25 10:20 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-29 15:51 . 2009-12-28 21:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-28 23:42 . 2009-12-28 23:42 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-28 23:42 . 2009-12-28 23:42 168208 ----a-w- c:\windows\system32\guard32.dll
2009-12-28 23:42 . 2009-11-27 18:34 -------- d-----w- c:\program files\COMODO
2009-12-28 23:42 . 2009-12-28 23:42 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-28 23:42 . 2009-12-28 23:42 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-28 21:53 . 2009-12-29 15:51 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2009-12-28 21:52 . 2009-12-29 15:51 502040 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2009-12-28 21:52 . 2009-12-29 15:43 875288 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-28 21:52 . 2009-12-29 15:43 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-28 21:52 . 2009-12-29 15:43 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-12-28 21:52 . 2009-12-29 15:43 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-12-27 22:41 . 2009-11-14 00:05 -------- d-----w- c:\program files\Vuze
2009-12-27 19:06 . 2009-06-25 08:54 -------- d-----w- c:\program files\SMSC
2009-12-23 23:14 . 2009-06-25 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 03:11 . 2009-07-11 17:25 -------- d-----w- c:\program files\Google
2009-12-13 02:34 . 2009-11-26 14:16 -------- d-----w- c:\program files\Colin McRae Rally 4 v1.1
2009-12-03 01:46 . 2009-11-16 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-03 01:46 . 2009-11-16 01:42 -------- d-----w- c:\program files\Yahoo!
2009-12-01 04:21 . 2009-09-18 20:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-29 21:46 . 2009-11-29 17:49 -------- d-----w- c:\program files\Full Tilt Poker
2009-11-27 18:37 . 2009-11-27 18:37 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-11-27 18:37 . 2009-11-27 18:37 -------- d-----w- c:\program files\AskBarDis
2009-11-27 17:57 . 2009-10-19 00:44 -------- d-----w- c:\program files\Crawler
2009-11-27 17:56 . 2009-11-27 17:56 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-11-27 17:56 . 2009-11-27 17:56 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-11-27 17:56 . 2009-11-27 17:56 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-27 17:20 . 2009-07-21 19:14 -------- d-----w- c:\program files\Mafiamaps
2009-11-27 17:13 . 2009-11-27 17:13 -------- d-----w- c:\program files\VS Revo Group
2009-11-27 17:01 . 2009-09-26 04:35 -------- d-----w- c:\program files\Java
2009-11-27 16:23 . 2009-11-27 16:23 -------- d-----w- c:\program files\CCleaner
2009-11-25 17:46 . 2009-10-19 23:17 -------- d-----w- c:\program files\Trend Micro
2009-11-25 15:28 . 2009-11-25 15:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-11-25 15:08 . 2009-11-25 15:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-11-23 03:50 . 2009-11-16 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-22 21:26 . 2009-11-22 21:26 -------- d-----w- c:\program files\Orban
2009-11-21 21:14 . 2009-11-21 21:02 61779 ----a-w- c:\windows\War3Unin.dat
2009-11-21 21:10 . 2009-11-21 21:02 2829 ----a-w- c:\windows\War3Unin.pif
2009-11-21 21:10 . 2009-11-21 21:02 139264 ----a-w- c:\windows\War3Unin.exe
2009-11-21 21:00 . 2009-11-21 20:59 -------- d-----w- c:\program files\Warcraft
2009-11-15 00:04 . 2009-10-31 02:04 -------- d-----w- c:\program files\AVG
2009-11-14 19:01 . 2009-10-22 02:32 -------- d-----w- c:\program files\Styler
2009-11-14 18:40 . 2009-08-05 09:28 -------- d-----w- c:\program files\Microsoft Games
2009-11-14 00:05 . 2009-11-14 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-11-08 14:58 . 2009-11-08 14:58 -------- d-----w- c:\program files\Píšeme všetkými desiatimi
2009-11-08 14:33 . 2009-11-08 14:33 -------- d-----w- c:\program files\Common Files\Java
2009-11-08 14:32 . 2009-11-08 14:32 -------- d-----w- c:\program files\Suga
2009-10-29 03:45 . 2009-10-29 03:45 87 ----a-w- c:\windows\system32\EpfwUser.dat
2009-10-23 23:17 . 2007-10-30 22:32 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-10-19 11:50 . 2009-10-18 22:34 0 ----a-w- c:\windows\Adadipiso.bin
2009-10-19 11:50 . 2009-10-18 22:34 120 ----a-w- c:\windows\Akasoxi.dat
.

------- Sigcheck -------

[-] 2008-03-04 . 1F869897A765BE4C7694958BFCE38DBA . 1614336 . . [5.1.2600.3244] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-10-30 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniKey"="" [BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Warcraft\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Colin McRae Rally 4 v1.1\\cmr4.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.EXE"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28.12.2009 15:53 161800]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28.12.2009 15:53 333192]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28.12.2009 15:53 360584]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [28.12.2009 17:42 132640]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [28.12.2009 17:42 24096]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27.11.2009 11:56 142592]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [28.12.2009 15:52 906520]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.12.2009 9:50 285392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.8.2009 2:49 133104]
S2 ipasintf;ipasintf;c:\windows\system32\drivers\pas2k.sys [25.6.2009 1:45 78280]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 14:42 32272]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [25.6.2009 2:53 1088896]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [25.6.2009 2:58 92550]
.
Contents of the 'Scheduled Tasks' folder

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 08:49]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 08:49]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 15:31
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(360)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(424)
c:\windows\system32\relog_ap.dll
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(1100)
c:\windows\system32\msi.dll
.
Completion time: 2010-01-01 15:33:54
ComboFix-quarantined-files.txt 2010-01-01 21:33
ComboFix2.txt 2010-01-01 17:43

Pre-Run: 34 859 683 840 bytes free
Post-Run: 34 826 010 624 bytes free

- - End Of File - - AADBF961C6A8AC2A7AF4DAAC1D6408FC



ale uz sa pripoji na internet... :)

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23301
Registrován: 23 říj 2008 08:02
Bydliště: Haná

Re: prosim vas o kontrolu logu... nepripaja sa na internet

#5 Příspěvek od motji »

A vypnul jste to comodo nebo pomohl combofix?
Odinstalujte Bear share a poprosím o nový log ze Rsitu, ráno na něj mrknu :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

vincenzo1404
Návštěvník
Návštěvník
Příspěvky: 47
Registrován: 25 lis 2009 19:31

Re: prosim vas o kontrolu logu... nepripaja sa na internet

#6 Příspěvek od vincenzo1404 »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Žilka Filip at 2010-01-01 17:57:43
Microsoft Windows XP Professional Service Pack 3, v.3244
System drive C: has 33 GB (60%) free of 55 GB
Total RAM: 1022 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:01, on 1. 1. 2010
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
D:\Preberanie\RSIT.exe
D:\Preberanie\Žilka Filip.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 4053 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UniKey"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-22 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Warcraft\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft\Warcraft III\War3.exe"="C:\Program Files\Warcraft\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Colin McRae Rally 4 v1.1\cmr4.exe"="C:\Program Files\Colin McRae Rally 4 v1.1\cmr4.exe:*:Enabled:Colin McRae Rally 04 Application"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-01 15:33:56 ----D---- C:\WINDOWS\temp
2010-01-01 15:33:55 ----A---- C:\ComboFix.txt
2010-01-01 15:18:07 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-01 11:20:01 ----A---- C:\WINDOWS\zip.exe
2010-01-01 11:20:01 ----A---- C:\WINDOWS\SWREG.exe
2010-01-01 11:20:01 ----A---- C:\WINDOWS\sed.exe
2010-01-01 11:20:01 ----A---- C:\WINDOWS\PEV.exe
2010-01-01 11:20:01 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-01 11:20:01 ----A---- C:\WINDOWS\MBR.exe
2010-01-01 11:20:01 ----A---- C:\WINDOWS\grep.exe
2010-01-01 11:20:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-01 11:20:00 ----A---- C:\WINDOWS\SWSC.exe
2010-01-01 11:19:36 ----D---- C:\WINDOWS\ERDNT
2010-01-01 11:19:26 ----D---- C:\Qoobox
2010-01-01 10:29:27 ----D---- C:\rsit
2010-01-01 09:35:43 ----D---- C:\Config.Msi
2010-01-01 03:06:50 ----D---- C:\WINDOWS\CSC
2009-12-31 22:37:20 ----N---- C:\WINDOWS\system32\agrsmdel.exe
2009-12-28 17:43:00 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-12-28 17:42:57 ----A---- C:\WINDOWS\system32\guard32.dll
2009-12-28 15:53:51 ----D---- C:\$AVG
2009-12-28 15:53:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-28 15:53:03 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-12-28 15:52:24 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-12-28 09:45:28 ----D---- C:\Program Files\WinClamAVShield
2009-12-27 13:06:58 ----D---- C:\PSecret
2009-12-24 09:59:47 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-12-24 09:59:46 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-12-23 17:13:50 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\FUJIFILM
2009-12-23 17:12:36 ----D---- C:\Program Files\FinePixViewer
2009-12-23 17:12:36 ----A---- C:\WINDOWS\system32\FFTIFF16.dll
2009-12-23 17:12:36 ----A---- C:\WINDOWS\system32\FFRafShellEx.dll
2009-12-23 17:12:36 ----A---- C:\WINDOWS\system32\FFRAFLIB.DLL
2009-12-04 22:09:38 ----D---- C:\Program Files\BearShare

======List of files/folders modified in the last 1 months======

2010-01-01 17:57:51 ----D---- C:\WINDOWS\Prefetch
2010-01-01 17:56:17 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Skype
2010-01-01 17:54:58 ----D---- C:\Program Files\Mozilla Firefox
2010-01-01 17:54:04 ----RD---- C:\Program Files
2010-01-01 16:05:01 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\skypePM
2010-01-01 15:39:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-01 15:33:56 ----D---- C:\WINDOWS
2010-01-01 15:31:10 ----A---- C:\WINDOWS\system.ini
2010-01-01 15:29:52 ----D---- C:\WINDOWS\system32\drivers
2010-01-01 15:28:17 ----D---- C:\WINDOWS\system32
2010-01-01 15:28:17 ----D---- C:\WINDOWS\AppPatch
2010-01-01 15:28:10 ----D---- C:\Program Files\Common Files
2010-01-01 15:18:21 ----D---- C:\WINDOWS\Minidump
2010-01-01 11:20:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-01 09:48:52 ----D---- C:\WINDOWS\system32\config
2010-01-01 09:44:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-01-01 09:43:43 ----D---- C:\Program Files\Spyware Terminator
2010-01-01 09:39:30 ----SHD---- C:\WINDOWS\Installer
2010-01-01 03:45:40 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Spyware Terminator
2010-01-01 03:35:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-01 03:25:42 ----SHD---- C:\System Volume Information
2010-01-01 03:25:42 ----D---- C:\WINDOWS\system32\Restore
2010-01-01 02:48:26 ----D---- C:\WINDOWS\Debug
2009-12-31 22:37:21 ----D---- C:\WINDOWS\Driver Cache
2009-12-31 22:37:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-31 18:28:19 ----A---- C:\WINDOWS\system32\results.txt
2009-12-31 18:28:11 ----HD---- C:\WINDOWS\inf
2009-12-31 18:27:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-28 17:42:46 ----D---- C:\Program Files\COMODO
2009-12-28 15:52:58 ----D---- C:\Documents and Settings\Žilka Filip\Application Data\Azureus
2009-12-28 15:50:45 ----SD---- C:\Documents and Settings\Žilka Filip\Application Data\Microsoft
2009-12-27 17:11:43 ----D---- C:\WINDOWS\WinSxS
2009-12-27 16:41:51 ----D---- C:\Program Files\Vuze
2009-12-27 13:07:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-27 13:06:29 ----D---- C:\Program Files\SMSC
2009-12-23 17:14:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-21 21:11:19 ----D---- C:\Program Files\Google
2009-12-12 20:34:14 ----D---- C:\Program Files\Colin McRae Rally 4 v1.1
2009-12-02 19:46:48 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-12-02 19:46:30 ----D---- C:\Program Files\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-28 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-29 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-29 360584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-12-28 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-12-28 24096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-10-30 36352]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2007-10-30 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-12-31 21275]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 ipasintf;ipasintf; \??\C:\WINDOWS\System32\drivers\pas2k.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2007-10-30 88192]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-06-25 44384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-10-14 1121472]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-10-30 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-22 1505792]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-12-02 854826]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2007-10-30 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-12-02 179200]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-17 4069888]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\System32\Drivers\lv321av.sys [2005-11-30 1088896]
R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2005-11-30 39424]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-10-30 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2007-10-30 28672]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-07 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-10-30 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-10-30 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-10-30 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-26 1427968]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-12-02 328141]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-12-02 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-12-02 148488]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-12-02 65016]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-10-30 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-10-30 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-10-30 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-10-30 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-10-30 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-10-13 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-10-13 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-10-13 124928]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2005-10-13 12800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-10-30 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-10-30 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-10-30 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-10-30 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-10-30 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-03-06 427288]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-22 405504]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-28 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-29 285392]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-12-02 266295]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-12-28 692496]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2007-10-30 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-25 152984]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-11-30 81920]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-27 488960]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-03-06 495936]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

-----------------EOF-----------------


S comodom som nerobil nic... :) .... a bear share som odinstaloval uz davno a nemam ho ani v ADD OR REMOVE PROGRAM... Vdaka

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23301
Registrován: 23 říj 2008 08:02
Bydliště: Haná

Re: prosim vas o kontrolu logu... nepripaja sa na internet

#7 Příspěvek od motji »

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Folder::
C:\Program Files\BearShare
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UniKey"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Security Providers]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

vincenzo1404
Návštěvník
Návštěvník
Příspěvky: 47
Registrován: 25 lis 2009 19:31

Re: prosim vas o kontrolu logu... nepripaja sa na internet

#8 Příspěvek od vincenzo1404 »

ComboFix 09-12-31.A1 - Žilka Filip . 01. 2010 9:41.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.441 [GMT -6:00]
Running from: c:\documents and settings\Žilka Filip\Favorites\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Žilka Filip\Favorites\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BearShare
c:\program files\BearShare\BearShare.dat
c:\program files\BearShare\db\gwebcache.dat
c:\program files\BearShare\db\Hostiles-Chat.txt
c:\program files\BearShare\db\Hostiles.txt
c:\program files\BearShare\db\library.2.db
c:\program files\BearShare\db\library.2.db.lastgoodload.bak
c:\program files\BearShare\db\library.db
c:\program files\BearShare\db\library.db.lastgoodload.bak
c:\program files\BearShare\db\searches.ini
c:\program files\BearShare\FreePeers.ini
c:\program files\BearShare\Logs\hosts-state.txt
c:\program files\BearShare\Logs\memory.txt
c:\program files\BearShare\Logs\ordinal.txt
c:\program files\BearShare\Logs\streams.txt
c:\program files\BearShare\proinstall2.ini

.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-01 21:56 . 2009-12-29 15:50 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-01 16:29 . 2010-01-01 16:29 -------- d-----w- C:\rsit
2010-01-01 09:07 . 2010-01-01 09:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-01-01 04:37 . 2005-05-02 10:10 68096 ------w- c:\windows\system32\agrsmdel.exe
2009-12-30 01:02 . 2009-09-18 18:28 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-12-29 15:51 . 2009-12-28 21:53 356616 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-12-29 15:51 . 2009-12-28 21:53 161672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2009-12-29 15:51 . 2009-12-28 21:53 12464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsstx.dll
2009-12-28 21:53 . 2009-12-29 15:50 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-28 21:53 . 2009-12-29 15:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-28 21:53 . 2009-12-28 21:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-28 21:53 . 2009-12-29 15:51 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-28 21:53 . 2010-01-02 15:12 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-28 21:53 . 2009-12-30 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-28 21:52 . 2010-01-01 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-28 15:45 . 2009-12-31 03:58 -------- d-----w- c:\program files\WinClamAVShield
2009-12-27 19:06 . 2009-12-27 19:07 -------- d-----w- C:\PSecret
2009-12-24 15:59 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-24 15:59 . 2007-10-31 06:32 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-24 15:59 . 2007-10-31 01:00 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-24 15:59 . 2007-10-31 01:00 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-23 23:12 . 2009-12-27 03:26 -------- d-----w- c:\program files\FinePixViewer
2009-12-23 23:12 . 2006-07-12 20:39 208896 ----a-w- c:\windows\system32\FFRafShellEx.dll
2009-12-23 23:12 . 2004-07-25 03:28 155648 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2009-12-23 23:12 . 2003-09-03 22:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 02:49 . 2009-11-14 00:05 -------- d-----w- c:\program files\Vuze
2010-01-01 15:58 . 2009-12-28 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-01-01 15:44 . 2009-11-27 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-01 15:43 . 2009-11-27 17:56 -------- d-----w- c:\program files\Spyware Terminator
2010-01-01 09:35 . 2009-10-20 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 00:28 . 2009-06-25 10:20 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-29 15:51 . 2009-12-28 21:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-28 23:42 . 2009-12-28 23:42 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-28 23:42 . 2009-12-28 23:42 168208 ----a-w- c:\windows\system32\guard32.dll
2009-12-28 23:42 . 2009-11-27 18:34 -------- d-----w- c:\program files\COMODO
2009-12-28 23:42 . 2009-12-28 23:42 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-28 23:42 . 2009-12-28 23:42 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-28 21:53 . 2009-12-29 15:51 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2009-12-28 21:52 . 2009-12-29 15:51 502040 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2009-12-28 21:52 . 2009-12-29 15:43 875288 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-28 21:52 . 2009-12-29 15:43 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-28 21:52 . 2009-12-29 15:43 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-12-28 21:52 . 2009-12-29 15:43 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-12-27 19:06 . 2009-06-25 08:54 -------- d-----w- c:\program files\SMSC
2009-12-23 23:14 . 2009-06-25 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 03:11 . 2009-07-11 17:25 -------- d-----w- c:\program files\Google
2009-12-13 02:34 . 2009-11-26 14:16 -------- d-----w- c:\program files\Colin McRae Rally 4 v1.1
2009-12-03 01:46 . 2009-11-16 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-03 01:46 . 2009-11-16 01:42 -------- d-----w- c:\program files\Yahoo!
2009-12-01 04:21 . 2009-09-18 20:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-29 21:46 . 2009-11-29 17:49 -------- d-----w- c:\program files\Full Tilt Poker
2009-11-27 18:37 . 2009-11-27 18:37 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-11-27 17:57 . 2009-10-19 00:44 -------- d-----w- c:\program files\Crawler
2009-11-27 17:56 . 2009-11-27 17:56 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-11-27 17:56 . 2009-11-27 17:56 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-11-27 17:56 . 2009-11-27 17:56 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-27 17:20 . 2009-07-21 19:14 -------- d-----w- c:\program files\Mafiamaps
2009-11-27 17:13 . 2009-11-27 17:13 -------- d-----w- c:\program files\VS Revo Group
2009-11-27 17:01 . 2009-09-26 04:35 -------- d-----w- c:\program files\Java
2009-11-27 16:23 . 2009-11-27 16:23 -------- d-----w- c:\program files\CCleaner
2009-11-25 17:46 . 2009-10-19 23:17 -------- d-----w- c:\program files\Trend Micro
2009-11-25 15:28 . 2009-11-25 15:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-11-25 15:08 . 2009-11-25 15:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-11-23 03:50 . 2009-11-16 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-22 21:26 . 2009-11-22 21:26 -------- d-----w- c:\program files\Orban
2009-11-21 21:14 . 2009-11-21 21:02 61779 ----a-w- c:\windows\War3Unin.dat
2009-11-21 21:10 . 2009-11-21 21:02 2829 ----a-w- c:\windows\War3Unin.pif
2009-11-21 21:10 . 2009-11-21 21:02 139264 ----a-w- c:\windows\War3Unin.exe
2009-11-21 21:00 . 2009-11-21 20:59 -------- d-----w- c:\program files\Warcraft
2009-11-15 00:04 . 2009-10-31 02:04 -------- d-----w- c:\program files\AVG
2009-11-14 19:01 . 2009-10-22 02:32 -------- d-----w- c:\program files\Styler
2009-11-14 18:40 . 2009-08-05 09:28 -------- d-----w- c:\program files\Microsoft Games
2009-11-14 00:05 . 2009-11-14 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-11-10 20:39 . 2009-12-03 01:46 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-11-08 14:58 . 2009-11-08 14:58 -------- d-----w- c:\program files\Píšeme všetkými desiatimi
2009-11-08 14:33 . 2009-11-08 14:33 -------- d-----w- c:\program files\Common Files\Java
2009-11-08 14:32 . 2009-11-08 14:32 -------- d-----w- c:\program files\Suga
2009-10-29 03:45 . 2009-10-29 03:45 87 ----a-w- c:\windows\system32\EpfwUser.dat
2009-10-23 23:17 . 2007-10-30 22:32 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-10-19 11:50 . 2009-10-18 22:34 0 ----a-w- c:\windows\Adadipiso.bin
2009-10-19 11:50 . 2009-10-18 22:34 120 ----a-w- c:\windows\Akasoxi.dat
.

------- Sigcheck -------

[-] 2008-03-04 . 1F869897A765BE4C7694958BFCE38DBA . 1614336 . . [5.1.2600.3244] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-01_17.26.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 21:39 . 2010-01-01 21:39 16384 c:\windows\temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [BU]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Warcraft\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Colin McRae Rally 4 v1.1\\cmr4.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28. 12. 2009 15:53 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28. 12. 2009 15:53 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28. 12. 2009 15:53 360584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [28. 12. 2009 17:42 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [28. 12. 2009 17:42 24096]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27. 11. 2009 11:56 142592]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [28. 12. 2009 15:52 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29. 12. 2009 9:50 285392]
R2 ipasintf;ipasintf;c:\windows\system32\drivers\pas2k.sys [25. 6. 2009 1:45 78280]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14. 9. 2009 14:42 32272]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [25. 6. 2009 2:53 1088896]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [25. 6. 2009 2:58 92550]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11. 8. 2009 2:49 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 08:49]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 08:49]
.
.
------- Supplementary Scan -------
.
IE: Crawler Search - tbr:iemenu
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 09:47
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1440)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1496)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
c:\windows\system32\setupapi.dll
.
Completion time: 2010-01-02 09:49:31
ComboFix-quarantined-files.txt 2010-01-02 15:49
ComboFix2.txt 2010-01-01 21:33
ComboFix3.txt 2010-01-01 17:43

Pre-Run: 34 636 742 656 bytes free
Post-Run: 34 701 217 792 bytes free

- - End Of File - - 294A7F645494FF4AD22739475628DD32







--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3, v.3244 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, January 02, 2010 00:50:10
Records in database: 3396845
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 139861
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:08:11


File name / Threat / Threats count
C:\Documents and Settings\Žilka Filip\Local Settings\Application Data\{8DCB0C14-9498-41A5-9F42-BAA902B5636E}\chrome\content\overlay.xul Infected: Trojan.JS.Gord.a 1
C:\WINDOWS\system32\AscConTest.dll Infected: Trojan.Win32.BHO.acvs 1

Scanning stopped by the user.
zoskenoval som pc cez kaspersky online scanner a toto nasieil

Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23301
Registrován: 23 říj 2008 08:02
Bydliště: Haná

Re: prosim vas o kontrolu logu... nepripaja sa na internet

#9 Příspěvek od motji »

Ještě jeden skript, zkuste v nouzovém režimu (po restartu mačkejte f8)

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Security Providers]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.

Odpovědět