samovolne spusteny prehliadac (na pozadi?)

[pecko77]

smaznete pres skript ? tak to som uz uplne mimo.. muzete delat co chcete len nech to zabere

mam tie logy:
1.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-08 21:58:29
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\evka\AppData\Local\Temp\pwlcapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


2.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-08 23:19:39
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\evka\AppData\Local\Temp\pwlcapow.sys


---- User code sections - GMER 1.0.15 ----

? C:\Windows\System32\svchost.exe[928] C:\Windows\system32\SHLWAPI.dll IMAGE_DOS_SIGNATURE not found;
? C:\Windows\System32\svchost.exe[928] C:\Windows\system32\psapi.dll IMAGE_DOS_SIGNATURE not found;
? C:\Windows\system32\SLsvc.exe[1220] C:\Windows\system32\SHLWAPI.dll IMAGE_DOS_SIGNATURE not found;
? C:\Windows\system32\SLsvc.exe[1220] C:\Windows\system32\USERENV.dll IMAGE_DOS_SIGNATURE not found;
? C:\Windows\System32\mobsync.exe[1692] C:\Windows\system32\SHLWAPI.dll IMAGE_DOS_SIGNATURE not found;
? C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1704] C:\Windows\system32\SHLWAPI.dll IMAGE_DOS_SIGNATURE not found;
? C:\Windows\system32\svchost.exe[2084] C:\Windows\system32\secur32.dll IMAGE_DOS_SIGNATURE not found;
? C:\Windows\system32\WUDFHost.exe[2524] C:\Windows\system32\SHLWAPI.dll IMAGE_DOS_SIGNATURE not found;
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] USER32.dll!DialogBoxParamW 770D10B0 5 Bytes JMP 6E8CBF9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] USER32.dll!DialogBoxIndirectParamW 770D2EF5 5 Bytes JMP 6EA0B45A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] USER32.dll!DialogBoxParamA 770E8152 5 Bytes JMP 6EA0B41F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] USER32.dll!DialogBoxIndirectParamA 770E847D 5 Bytes JMP 6EA0B495 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] USER32.dll!MessageBoxIndirectA 770FD4D9 5 Bytes JMP 6EA0B3DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] USER32.dll!MessageBoxIndirectW 770FD5D3 5 Bytes JMP 6EA0B397 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] USER32.dll!MessageBoxExA 770FD639 5 Bytes JMP 6EA0B35D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] USER32.dll!MessageBoxExW 770FD65D 5 Bytes JMP 6EA0B323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5340] ole32.dll!OleLoadFromStream 76161E12 5 Bytes JMP 6EA0B657 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001B0002
IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001B0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x5E 0xF5 0x94 0x56 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN=5063266 softver\PC Translator\xae 2007 SK-GB + jazyková sada\PC Translator 2007 SK - GB\SETUP.EXE 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN=1FBA546 softver\PC Translator\xae 2007 SK-GB + jazyková sada\Jazykova sada pre PC Translator 2007\Jazyková sada pre PC Translator 2007.exe 1

---- EOF - GMER 1.0.15 ----

a vy ma prosit nemusite...to ja vas! vy len rozkazujte

[pecko77]

ahoj motji...ja som si az do vcera myslel ze rádkině je vas nick...

vcera ako som tu striehol na vas dalsi pokyn tak som rozmyslal nad tym google.exe...ci by to nemohlo byt sposobene nejakou nespravnou odinstalaciou....pretoze naistalovane od googlu tu uz nie je nic..ani chrome,ani google toolbar (som zistil vcera ze z vyhladavacov je tu len Live search) Mozno je to hloupost,ale nepomohlo by preinstalovat IE alebo stiahnut google toolbar? Len taky napad... :

mozno dalsia hlupost,ale da sa IE odinstalovat? Nesmejte sa mi

[motji]

Dobré ranko
Ne, můj nick je Motji, a nejsem rádce, ale rádkyně

Smát se Vám rozhodně nebudu. Odinstalovat ne,ale přeinstalovat ano. Pomažeme pár blbostí a přeinstalujete IE a uvidíme.


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
C:\Users\evka\AppData\Roaming\google\google.exe
C:\Users\evka\Downloads\OFFICE 2007 enterprise keygen.exe
C:\Users\Public\Downloads\WinZumaSetup.exe
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{snifw2pn-xqjw-0rwx-dtp3-tuq0ev3710vy}] 

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


doporučuji odinstalovat
C:\Program Files\DNA\btdna.exe

Přeinstalujte IE
http://support.microsoft.com/kb/318378/cs

Poprosím o nový log ze Rsitu a vyzkoušejte, zda to stále dělá. V lozích jde vidět aktivní IE, i když ho nemáte zapnutý, podle toho, co jste psal.
A jinak smazala jsem Vám přes combofix ty dva keygeny, co je Avira označila. Keygeny jsou dost rizikové na viry

[pecko77]

JUPIIIIIII

Je to super, urobil som len ten ComboFix a aj ked to je pre mna zahadou, vsetko funguje ako ma..

Dakujem Vam za pomoc,ochotu a hlavne za cas Aj trpezlivost
Dufam ze sem sem-tam nahliadol moderator(-ka?).. Ak nie tak im napisem ze si titul Rádkině pravom a plne zasluzite!
Som Vam naozaj vdacny a neviem ci som nieco dlzny (neviem ako to tu chodi)...

chcel by som este poznat vas nazor na AV- asi bude lepsie nechat len jeden a kedze sa avast dost flakal tak podla mna tu aviru,hm?

tu je este ten posledny log z ComboFix-u

ComboFix 10-04-08.02 - evka . 04. 2010 18:46:07.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.892.356 [GMT 2:00]
Running from: c:\users\evka\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100224-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 100224-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 17:02 . 2010-04-09 17:02 -------- d-----w- c:\users\evka\AppData\Local\temp
2010-04-09 17:02 . 2010-04-09 17:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-09 17:02 . 2010-04-09 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-07 21:14 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 21:14 . 2010-04-07 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 21:14 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 13:20 . 2010-04-07 13:20 -------- d-----w- c:\users\evka\AppData\Roaming\Avira
2010-04-07 13:09 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-07 13:09 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 13:09 . 2009-05-11 09:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-07 13:09 . 2009-05-11 09:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-07 13:09 . 2010-04-07 13:09 -------- d-----w- c:\programdata\Avira
2010-04-07 13:09 . 2010-04-07 13:09 -------- d-----w- c:\program files\Avira
2010-04-07 09:41 . 2010-04-07 09:41 6687 ----a-w- C:\UsbFix_Upload_Me_evka1-PC.zip
2010-04-07 09:30 . 2010-04-07 09:41 -------- d-----w- C:\UsbFix
2010-04-06 15:55 . 2008-05-02 14:07 48128 ----a-w- c:\windows\system32\drivers\SiSGB6.sys
2010-04-06 15:33 . 2010-04-06 15:33 -------- d-----w- c:\program files\trend micro
2010-04-06 15:33 . 2010-04-06 15:34 -------- d-----w- C:\rsit
2010-04-05 07:15 . 2010-04-05 07:16 -------- d-----w- c:\windows\system32\ca-ES
2010-04-05 07:15 . 2010-04-05 07:16 -------- d-----w- c:\windows\system32\eu-ES
2010-04-05 07:15 . 2010-04-05 07:16 -------- d-----w- c:\windows\system32\vi-VN
2010-04-04 21:17 . 2010-04-04 21:17 -------- d-----w- c:\program files\Lavalys
2010-04-04 18:25 . 2010-04-04 18:25 -------- d-----w- c:\windows\system32\EventProviders
2010-03-31 11:05 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 11:04 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-30 13:31 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-30 13:31 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-30 13:31 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 16:55 . 2009-04-18 19:21 -------- d-----w- c:\users\evka\AppData\Roaming\DNA
2010-04-09 16:05 . 2009-04-18 19:21 -------- d-----w- c:\program files\DNA
2010-04-06 15:55 . 2007-12-11 07:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 12:39 . 2009-02-13 20:01 -------- d-----w- c:\program files\Google
2010-04-05 18:34 . 2009-05-22 13:03 -------- d-----w- c:\program files\CCleaner
2010-04-05 17:13 . 2009-02-07 20:10 86960 ----a-w- c:\users\evka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-05 07:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-05 07:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-02 14:54 . 2010-04-02 14:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-31 10:38 . 2010-03-31 10:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-30 13:36 . 2007-12-12 16:17 -------- d-----w- c:\programdata\Microsoft Help
2010-02-25 13:47 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-02-25 13:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-02-24 08:16 . 2009-10-24 19:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 15:19 . 2010-02-23 15:17 -------- d-----w- c:\program files\DivX
2010-02-23 15:18 . 2010-02-23 15:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-23 15:18 . 2010-02-23 15:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-12 10:48 . 2010-03-08 17:04 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00 . 2010-03-07 18:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-03-07 18:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-03-07 18:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-03-07 18:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-03-07 18:00 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-03-07 18:00 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-03-07 18:00 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-03-07 18:00 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-03-07 18:00 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-03-07 18:03 2048 ----a-w- c:\windows\system32\tzres.dll
2007-11-15 15:50 . 2007-03-07 12:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-04-06 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"OSD"="c:\program files\C&E\OSD\osd.exe" [2007-08-28 671801]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\d:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bb,51,39,f6,90,d4,ca,01

R2 gupdate1c98e15fd715f68;Google Update Service (gupdate1c98e15fd715f68);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-07-27 351232]
S1 aswSP;avast! Self Protection; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 452096]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]

.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 20:02]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 20:02]

2010-04-09 c:\windows\Tasks\User_Feed_Synchronization-{787AC205-0A23-473A-AD5A-F23279D01D7F}.job
- c:\windows\system32\msfeedssync.exe [2009-02-16 07:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 164.38.33.5:8080
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 19:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-09 19:06:38
ComboFix-quarantined-files.txt 2010-04-09 17:06
ComboFix2.txt 2010-04-09 15:53
ComboFix3.txt 2010-04-06 22:21

Pre-Run: 39 496 687 616 bytes free
Post-Run: 39 473 614 848 bytes free

- - End Of File - - C76B9BFE28C241ACD3DE02BCD66309D7

a RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by evka at 2010-04-09 19:47:07
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 38 GB (54%) free of 69 GB
Total RAM: 892 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:37, on 9. 4. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\evka\Desktop\brano\RSIT.exe
C:\Program Files\trend micro\evka.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.38.33.5:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c98e15fd715f68) (gupdate1c98e15fd715f68) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 5864 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{787AC205-0A23-473A-AD5A-F23279D01D7F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2009-05-24 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2009-05-24 503808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"OSD"=C:\Program Files\C&E\OSD\osd.exe [2007-08-28 671801]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2010-04-06 323392]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=255
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-09 19:06:41 ----D---- C:\Windows\temp
2010-04-09 19:06:39 ----A---- C:\ComboFix.txt
2010-04-09 19:06:08 ----SHD---- C:\$RECYCLE.BIN
2010-04-09 18:44:34 ----D---- C:\ComboFix
2010-04-09 18:43:13 ----A---- C:\Windows\SWXCACLS.exe
2010-04-08 20:00:27 ----A---- C:\Windows\NeroDigital.ini
2010-04-07 23:14:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-07 15:20:58 ----D---- C:\Users\evka\AppData\Roaming\Avira
2010-04-07 15:09:12 ----D---- C:\ProgramData\Avira
2010-04-07 15:09:12 ----D---- C:\Program Files\Avira
2010-04-07 11:41:57 ----RAD---- C:\autorun.inf
2010-04-07 11:36:28 ----A---- C:\UsbFix.txt
2010-04-07 11:30:52 ----D---- C:\UsbFix
2010-04-06 22:51:26 ----A---- C:\Windows\zip.exe
2010-04-06 22:51:26 ----A---- C:\Windows\SWSC.exe
2010-04-06 22:51:26 ----A---- C:\Windows\SWREG.exe
2010-04-06 22:51:26 ----A---- C:\Windows\sed.exe
2010-04-06 22:51:26 ----A---- C:\Windows\PEV.exe
2010-04-06 22:51:26 ----A---- C:\Windows\NIRCMD.exe
2010-04-06 22:51:26 ----A---- C:\Windows\MBR.exe
2010-04-06 22:51:26 ----A---- C:\Windows\grep.exe
2010-04-06 22:49:06 ----D---- C:\Windows\ERDNT
2010-04-06 20:22:52 ----D---- C:\Qoobox
2010-04-06 17:33:37 ----D---- C:\Program Files\trend micro
2010-04-06 17:33:35 ----D---- C:\rsit
2010-04-05 09:15:38 ----D---- C:\Windows\system32\eu-ES
2010-04-05 09:15:38 ----D---- C:\Windows\system32\ca-ES
2010-04-05 09:15:36 ----D---- C:\Windows\system32\vi-VN
2010-04-04 23:17:20 ----D---- C:\Program Files\Lavalys
2010-04-04 20:25:06 ----D---- C:\Windows\system32\EventProviders
2010-03-31 13:05:17 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 13:05:15 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 13:05:05 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 13:05:02 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 13:04:56 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-31 13:04:54 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-31 13:04:48 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 13:04:46 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 13:04:41 ----A---- C:\Windows\system32\ieencode.dll
2010-03-30 15:31:21 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-30 15:31:10 ----A---- C:\Windows\system32\httpapi.dll

======List of files/folders modified in the last 1 months======

2010-04-09 19:39:36 ----D---- C:\Users\evka\AppData\Roaming\DNA
2010-04-09 19:09:30 ----D---- C:\Program Files\DNA
2010-04-09 19:06:41 ----D---- C:\Windows
2010-04-09 19:02:38 ----A---- C:\Windows\system.ini
2010-04-09 18:58:04 ----D---- C:\Windows\system32\drivers
2010-04-09 18:58:04 ----D---- C:\Windows\System32
2010-04-09 18:58:04 ----D---- C:\Windows\AppPatch
2010-04-09 18:58:03 ----D---- C:\Program Files\Common Files
2010-04-09 17:43:41 ----RSHD---- C:\Users\evka\AppData\Roaming\google
2010-04-09 17:01:39 ----SHD---- C:\System Volume Information
2010-04-09 09:45:58 ----D---- C:\Windows\inf
2010-04-09 09:45:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-08 19:13:49 ----SD---- C:\Users\evka\AppData\Roaming\Microsoft
2010-04-07 23:14:25 ----RD---- C:\Program Files
2010-04-07 15:09:12 ----D---- C:\ProgramData
2010-04-07 14:43:53 ----D---- C:\Windows\Minidump
2010-04-06 20:30:11 ----D---- C:\Windows\Prefetch
2010-04-06 20:28:28 ----RD---- C:\Users
2010-04-06 20:28:10 ----HD---- C:\Windows\system32\GroupPolicyUsers
2010-04-06 18:55:51 ----HD---- C:\Windows\system32\GroupPolicy
2010-04-06 18:32:28 ----D---- C:\Windows\system32\catroot
2010-04-06 17:55:41 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 17:07:08 ----SHD---- C:\Windows\Installer
2010-04-06 17:07:07 ----D---- C:\Windows\winsxs
2010-04-06 14:35:30 ----D---- C:\Program Files\Google
2010-04-06 14:33:28 ----D---- C:\Windows\Tasks
2010-04-05 23:33:11 ----D---- C:\Windows\Debug
2010-04-05 20:42:37 ----D---- C:\Program Files\Mozilla Firefox
2010-04-05 20:34:19 ----D---- C:\Program Files\CCleaner
2010-04-05 18:52:57 ----D---- C:\Windows\rescache
2010-04-05 09:34:35 ----D---- C:\Windows\Microsoft.NET
2010-04-05 09:28:47 ----RSD---- C:\Windows\assembly
2010-04-05 09:24:23 ----D---- C:\Windows\system32\catroot2
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Sidebar
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Mail
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Calendar
2010-04-05 09:16:32 ----D---- C:\Program Files\Movie Maker
2010-04-05 09:16:32 ----D---- C:\Program Files\Internet Explorer
2010-04-05 09:16:31 ----D---- C:\Program Files\Windows Media Player
2010-04-05 09:16:31 ----D---- C:\Program Files\Windows Collaboration
2010-04-05 09:16:30 ----D---- C:\Program Files\Windows Journal
2010-04-05 09:16:29 ----D---- C:\Program Files\Windows Photo Gallery
2010-04-05 09:16:29 ----D---- C:\Program Files\Common Files\System
2010-04-05 09:16:28 ----D---- C:\Windows\servicing
2010-04-05 09:16:28 ----D---- C:\Program Files\Windows Defender
2010-04-05 09:16:27 ----D---- C:\Windows\ehome
2010-04-05 09:16:23 ----D---- C:\Windows\IME
2010-04-05 09:16:22 ----D---- C:\Windows\system32\XPSViewer
2010-04-05 09:16:22 ----D---- C:\Windows\system32\sk-SK
2010-04-05 09:16:22 ----D---- C:\Windows\system32\lv-LV
2010-04-05 09:16:22 ----D---- C:\Windows\system32\ko-KR
2010-04-05 09:16:22 ----D---- C:\Windows\system32\hr-HR
2010-04-05 09:16:22 ----D---- C:\Windows\system32\et-EE
2010-04-05 09:16:22 ----D---- C:\Windows\system32\da-DK
2010-04-05 09:16:21 ----D---- C:\Windows\system32\en-US
2010-04-05 09:16:19 ----D---- C:\Windows\system32\oobe
2010-04-05 09:16:19 ----D---- C:\Windows\system32\migration
2010-04-05 09:16:19 ----D---- C:\Windows\system32\it-IT
2010-04-05 09:16:19 ----D---- C:\Windows\system32\el-GR
2010-04-05 09:16:19 ----D---- C:\Windows\system32\de-DE
2010-04-05 09:16:18 ----D---- C:\Windows\system32\sv-SE
2010-04-05 09:16:18 ----D---- C:\Windows\system32\SLUI
2010-04-05 09:16:18 ----D---- C:\Windows\system32\setup
2010-04-05 09:16:18 ----D---- C:\Windows\system32\ru-RU
2010-04-05 09:16:18 ----D---- C:\Windows\system32\pt-PT
2010-04-05 09:16:18 ----D---- C:\Windows\system32\hu-HU
2010-04-05 09:16:18 ----D---- C:\Windows\system32\he-IL
2010-04-05 09:16:18 ----D---- C:\Windows\system32\fr-FR
2010-04-05 09:16:18 ----D---- C:\Windows\system32\fi-FI
2010-04-05 09:16:18 ----D---- C:\Windows\system32\cs-CZ
2010-04-05 09:16:18 ----D---- C:\Windows\system32\AdvancedInstallers
2010-04-05 09:16:17 ----D---- C:\Windows\system32\zh-TW
2010-04-05 09:16:17 ----D---- C:\Windows\system32\zh-CN
2010-04-05 09:16:17 ----D---- C:\Windows\system32\sr-Latn-CS
2010-04-05 09:16:17 ----D---- C:\Windows\system32\sl-SI
2010-04-05 09:16:17 ----D---- C:\Windows\system32\manifeststore
2010-04-05 09:16:17 ----D---- C:\Windows\system32\es-ES
2010-04-05 09:16:17 ----D---- C:\Windows\system32\en
2010-04-05 09:16:16 ----D---- C:\Windows\system32\uk-UA
2010-04-05 09:16:16 ----D---- C:\Windows\system32\tr-TR
2010-04-05 09:16:16 ----D---- C:\Windows\system32\th-TH
2010-04-05 09:16:16 ----D---- C:\Windows\system32\ro-RO
2010-04-05 09:16:16 ----D---- C:\Windows\system32\pl-PL
2010-04-05 09:16:16 ----D---- C:\Windows\system32\ja-JP
2010-04-05 09:16:16 ----D---- C:\Windows\system32\bg-BG
2010-04-05 09:16:15 ----D---- C:\Windows\system32\wbem
2010-04-05 09:16:14 ----D---- C:\Windows\system32\pt-BR
2010-04-05 09:16:14 ----D---- C:\Windows\system32\nl-NL
2010-04-05 09:16:14 ----D---- C:\Windows\system32\nb-NO
2010-04-05 09:16:14 ----D---- C:\Windows\system32\migwiz
2010-04-05 09:16:14 ----D---- C:\Windows\system32\lt-LT
2010-04-05 09:16:14 ----D---- C:\Windows\system32\ar-SA
2010-04-05 09:15:45 ----RSD---- C:\Windows\Fonts
2010-04-05 09:15:36 ----D---- C:\Windows\system32\Boot
2010-04-05 09:13:51 ----D---- C:\Windows\system32\RTCOM
2010-04-04 22:34:08 ----D---- C:\PerfLogs
2010-03-30 15:36:05 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-08-07 51712]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 452096]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGMp50.sys []
S3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGSp50.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 catchme;catchme; \??\C:\Users\evka\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-07-27 351232]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-15 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c98e15fd715f68;Google Update Service (gupdate1c98e15fd715f68); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Ospravedlnujem sa, ale mal som zapnuty prehliadac,tak nech vas to nepomyli...






to doporucenie z predchadzajucej spravy este stale plati? ta odinstalace...



Zvladla ste to super...este raz velmi pekne dakujem

[motji]

Sice nevidím, že by jste na combofix použil můj skript, ale log už vypadá líp .
Měl jste ted spuštěný IE, když jste dělal log ze Rsitu?

A neutíkejte mi, ještě uklidíme

[pecko77]

a mam to teda skusit este raz? ten script?

ono nejen ze to vypada lip ono to aj jede lip

sa mi stala taka vec,ze som ked som chcel pridat ten log z ComboFixu tak som nejakym nedopatrenim zapomnel kde ho mam hledat a omylom som spustil este raz ten ComboFix,mohlo sa to stat tym? a ono to tie logy prepsava takze ten po pridani toho vaseho scriptu byl prepsanej tim dalsim..omlouvam se ak som to zmrvil...

za to ze som mal spusteny IE pocas toho RSITu som sa vam ospravedlnil v predchadzajucej sprave


Ak myslite ze to zvladnem tak sa mozme na ten uklid vrhnut

[motji]

Tak pak už to chápu

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********


Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
 

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.





***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[pecko77]

pekne popoludnie...

podarilo sa mi vykonat vsetky tie ukony z poslednej spravy az na ten log z RSITu..asi sa mi pri tom uklidu stratil (nepamatam si ze by som ho mazal )tak si stiahnem este raz,ok? a spustim ho po restarte aby sa vam to tam vsetko dobre ukazalo

IE si preinstalujem z ponuky kt mi vyhodi IE po spusteni, je tam IE 8 aj pre vistu..

este k tym AV - avast tu bol stale spusteny a nenasiel nic a aviru ked som nainstaloval tak zacala hned skrecat, tak preto rozmyslam nad tym ktory..

stiahol som ten RSIT a tu mame ten log
Logfile of random's system information tool 1.06 (written by random/random)
Run by evka at 2010-04-10 15:20:42
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 34 GB (50%) free of 69 GB
Total RAM: 892 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:10, on 10. 4. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Users\evka\Desktop\brano\RSIT.exe
C:\Program Files\trend micro\evka.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.38.33.5:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c98e15fd715f68) (gupdate1c98e15fd715f68) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 5798 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{787AC205-0A23-473A-AD5A-F23279D01D7F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2009-05-24 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2009-05-24 503808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"OSD"=C:\Program Files\C&E\OSD\osd.exe [2007-08-28 671801]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2010-04-06 323392]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=255
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-10 15:20:42 ----D---- C:\rsit
2010-04-10 15:20:42 ----D---- C:\Program Files\trend micro
2010-04-09 19:06:41 ----D---- C:\Windows\temp
2010-04-09 19:06:08 ----SHD---- C:\$RECYCLE.BIN
2010-04-08 20:00:27 ----A---- C:\Windows\NeroDigital.ini
2010-04-07 23:14:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-07 15:20:58 ----D---- C:\Users\evka\AppData\Roaming\Avira
2010-04-07 15:09:12 ----D---- C:\ProgramData\Avira
2010-04-07 15:09:12 ----D---- C:\Program Files\Avira
2010-04-07 11:41:57 ----RAD---- C:\autorun.inf
2010-04-05 09:15:38 ----D---- C:\Windows\system32\eu-ES
2010-04-05 09:15:38 ----D---- C:\Windows\system32\ca-ES
2010-04-05 09:15:36 ----D---- C:\Windows\system32\vi-VN
2010-04-04 23:17:20 ----D---- C:\Program Files\Lavalys
2010-04-04 20:25:06 ----D---- C:\Windows\system32\EventProviders
2010-03-31 13:05:17 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 13:05:15 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 13:05:05 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 13:05:02 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 13:04:56 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-31 13:04:54 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-31 13:04:48 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 13:04:46 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 13:04:41 ----A---- C:\Windows\system32\ieencode.dll
2010-03-30 15:31:21 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-30 15:31:10 ----A---- C:\Windows\system32\httpapi.dll

======List of files/folders modified in the last 1 months======

2010-04-10 15:20:56 ----D---- C:\Windows\Prefetch
2010-04-10 15:20:42 ----RD---- C:\Program Files
2010-04-10 15:17:44 ----D---- C:\Users\evka\AppData\Roaming\DNA
2010-04-10 15:17:44 ----D---- C:\Program Files\DNA
2010-04-10 13:08:40 ----SHD---- C:\System Volume Information
2010-04-10 11:46:36 ----D---- C:\Windows\system32\catroot2
2010-04-10 11:44:43 ----D---- C:\Windows
2010-04-10 11:21:57 ----D---- C:\Windows\Minidump
2010-04-10 11:14:32 ----D---- C:\Windows\system32\drivers
2010-04-09 19:02:38 ----A---- C:\Windows\system.ini
2010-04-09 18:58:04 ----D---- C:\Windows\System32
2010-04-09 18:58:04 ----D---- C:\Windows\AppPatch
2010-04-09 18:58:03 ----D---- C:\Program Files\Common Files
2010-04-09 17:43:41 ----RSHD---- C:\Users\evka\AppData\Roaming\google
2010-04-09 09:45:58 ----D---- C:\Windows\inf
2010-04-09 09:45:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-08 19:13:49 ----SD---- C:\Users\evka\AppData\Roaming\Microsoft
2010-04-07 15:09:12 ----D---- C:\ProgramData
2010-04-06 20:28:28 ----RD---- C:\Users
2010-04-06 20:28:10 ----HD---- C:\Windows\system32\GroupPolicyUsers
2010-04-06 18:55:51 ----HD---- C:\Windows\system32\GroupPolicy
2010-04-06 18:32:28 ----D---- C:\Windows\system32\catroot
2010-04-06 17:55:41 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 17:07:08 ----SHD---- C:\Windows\Installer
2010-04-06 17:07:07 ----D---- C:\Windows\winsxs
2010-04-06 14:35:30 ----D---- C:\Program Files\Google
2010-04-06 14:33:28 ----D---- C:\Windows\Tasks
2010-04-05 23:33:11 ----D---- C:\Windows\Debug
2010-04-05 20:42:37 ----D---- C:\Program Files\Mozilla Firefox
2010-04-05 20:34:19 ----D---- C:\Program Files\CCleaner
2010-04-05 18:52:57 ----D---- C:\Windows\rescache
2010-04-05 09:34:35 ----D---- C:\Windows\Microsoft.NET
2010-04-05 09:28:47 ----RSD---- C:\Windows\assembly
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Sidebar
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Mail
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Calendar
2010-04-05 09:16:32 ----D---- C:\Program Files\Movie Maker
2010-04-05 09:16:32 ----D---- C:\Program Files\Internet Explorer
2010-04-05 09:16:31 ----D---- C:\Program Files\Windows Media Player
2010-04-05 09:16:31 ----D---- C:\Program Files\Windows Collaboration
2010-04-05 09:16:30 ----D---- C:\Program Files\Windows Journal
2010-04-05 09:16:29 ----D---- C:\Program Files\Windows Photo Gallery
2010-04-05 09:16:29 ----D---- C:\Program Files\Common Files\System
2010-04-05 09:16:28 ----D---- C:\Windows\servicing
2010-04-05 09:16:28 ----D---- C:\Program Files\Windows Defender
2010-04-05 09:16:27 ----D---- C:\Windows\ehome
2010-04-05 09:16:23 ----D---- C:\Windows\IME
2010-04-05 09:16:22 ----D---- C:\Windows\system32\XPSViewer
2010-04-05 09:16:22 ----D---- C:\Windows\system32\sk-SK
2010-04-05 09:16:22 ----D---- C:\Windows\system32\lv-LV
2010-04-05 09:16:22 ----D---- C:\Windows\system32\ko-KR
2010-04-05 09:16:22 ----D---- C:\Windows\system32\hr-HR
2010-04-05 09:16:22 ----D---- C:\Windows\system32\et-EE
2010-04-05 09:16:22 ----D---- C:\Windows\system32\da-DK
2010-04-05 09:16:21 ----D---- C:\Windows\system32\en-US
2010-04-05 09:16:19 ----D---- C:\Windows\system32\oobe
2010-04-05 09:16:19 ----D---- C:\Windows\system32\migration
2010-04-05 09:16:19 ----D---- C:\Windows\system32\it-IT
2010-04-05 09:16:19 ----D---- C:\Windows\system32\el-GR
2010-04-05 09:16:19 ----D---- C:\Windows\system32\de-DE
2010-04-05 09:16:18 ----D---- C:\Windows\system32\sv-SE
2010-04-05 09:16:18 ----D---- C:\Windows\system32\SLUI
2010-04-05 09:16:18 ----D---- C:\Windows\system32\setup
2010-04-05 09:16:18 ----D---- C:\Windows\system32\ru-RU
2010-04-05 09:16:18 ----D---- C:\Windows\system32\pt-PT
2010-04-05 09:16:18 ----D---- C:\Windows\system32\hu-HU
2010-04-05 09:16:18 ----D---- C:\Windows\system32\he-IL
2010-04-05 09:16:18 ----D---- C:\Windows\system32\fr-FR
2010-04-05 09:16:18 ----D---- C:\Windows\system32\fi-FI
2010-04-05 09:16:18 ----D---- C:\Windows\system32\cs-CZ
2010-04-05 09:16:18 ----D---- C:\Windows\system32\AdvancedInstallers
2010-04-05 09:16:17 ----D---- C:\Windows\system32\zh-TW
2010-04-05 09:16:17 ----D---- C:\Windows\system32\zh-CN
2010-04-05 09:16:17 ----D---- C:\Windows\system32\sr-Latn-CS
2010-04-05 09:16:17 ----D---- C:\Windows\system32\sl-SI
2010-04-05 09:16:17 ----D---- C:\Windows\system32\manifeststore
2010-04-05 09:16:17 ----D---- C:\Windows\system32\es-ES
2010-04-05 09:16:17 ----D---- C:\Windows\system32\en
2010-04-05 09:16:16 ----D---- C:\Windows\system32\uk-UA
2010-04-05 09:16:16 ----D---- C:\Windows\system32\tr-TR
2010-04-05 09:16:16 ----D---- C:\Windows\system32\th-TH
2010-04-05 09:16:16 ----D---- C:\Windows\system32\ro-RO
2010-04-05 09:16:16 ----D---- C:\Windows\system32\pl-PL
2010-04-05 09:16:16 ----D---- C:\Windows\system32\ja-JP
2010-04-05 09:16:16 ----D---- C:\Windows\system32\bg-BG
2010-04-05 09:16:15 ----D---- C:\Windows\system32\wbem
2010-04-05 09:16:14 ----D---- C:\Windows\system32\pt-BR
2010-04-05 09:16:14 ----D---- C:\Windows\system32\nl-NL
2010-04-05 09:16:14 ----D---- C:\Windows\system32\nb-NO
2010-04-05 09:16:14 ----D---- C:\Windows\system32\migwiz
2010-04-05 09:16:14 ----D---- C:\Windows\system32\lt-LT
2010-04-05 09:16:14 ----D---- C:\Windows\system32\ar-SA
2010-04-05 09:15:45 ----RSD---- C:\Windows\Fonts
2010-04-05 09:15:36 ----D---- C:\Windows\system32\Boot
2010-04-05 09:13:51 ----D---- C:\Windows\system32\RTCOM
2010-04-04 22:34:08 ----D---- C:\PerfLogs
2010-03-30 15:36:05 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-08-07 51712]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 452096]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGMp50.sys []
S3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGSp50.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-07-27 351232]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-15 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c98e15fd715f68;Google Update Service (gupdate1c98e15fd715f68); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


mam na vas este prosbicku : da sa nejakym sposobom (napr. nejakou aktualizaciou) zmenit jazykova lokacia predinstalovaneho OEM OS? Tu je UK a tym padom mi nechce dovolit IEcz..



je to vobec mozne? celkom by ma potesilo keby sa to dalo bud na SK alebo CZ

nieco sa mi podarilo vygooglit,len nechcem uz robit nieco poza vas chrbat : http://www.froggie.sk/sk/lp32sp2.html
CZ tam vypada byt full preklad a SK asi len ciastocny, CZ by bolo fajn..

asi bude este nieco v neporiadku ,ked otvorim pocitac a C:\ tak avira zaskreci a vyhodi taketo varovanie:

[motji]

doporučuji odinstalovat
C:\Program Files\DNA\btdna.exe

vyberte si, který antivir Vám vyhovuje, ten druhý odinstalujte. Záleží na Vás.

s tou změnou jazyka se přiznám že nevím, zkusím se poptat kolegů.

Log vypadá v pořádku, jsou ještě nějaké problémy s počítačem?

[pecko77]

Zdravim Vas

okrem toho co som vam poslal v tej predchadzajucej sprave tak je vsetko v najlepsom poriadku, a ked to hovorite este aj Vy nemam k tomu co dodat
keby som mal na hlave klobouk tak bez vahani smekam

idem este odstranit to DNA...myslite ze by som toho mohol skusit otvorit? neviem co to je za program... alebo to radsej rovno odinstalujem...?

[motji]

Patří to k BitTorrent . http://chosse.bloguje.cz/667669-btdna-e ... arosti.php
a máte to standartně spuštěné

[pecko77]

tak som to zrusil... len ma napadlo ze som na to mohol pouzit ten Ccleaner ved ja sa to raz naucim

este oprava k tomu problemu z pred-predchadzajucej spravy-to varovanie Aviry sa spusti ked otvorim Programfiles... ale inak je vsetko ok

[motji]

NO, já bych řekla, že Avira detekuje náš autorun.inf, co vytvořil USBfix. Ale jestli to chcete raději prověřit, tak napište

[pecko77]

no ja dam na vas wokna su beztak dost otravne tak jeden klik navyse ma nezabije

len som chcel vediet Vas nazor, nechcem Vas uz zbytocne zatazovat (SS)

tak este raz dik.. za vsetko....

[motji]

Víte co, prověříme to, stahněte znovu USBfix

Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

Na tu slovenskou lokalizaci Vám napíšu později, zatím jsme nic nezjistila.