FB vir

Zpráva

#16 Příspěvek od **cernohous13** » 12 zář 2011 14:24

Scan CF lze provést i v Nouzovém režimu.

Jinak můžeme použít AVPTool - odkaz na návod mám v podpisu

Doggy23 · #17 Příspěvek od **Doggy23** » 12 zář 2011 15:04

Ten combofix jsem spustil znova a uspesne dojel do konce. Log je zkopirovany a je poslany jako uprava minuleho prizpevku, takze na predchozi strance. Az ted jsem si vsiml tvojeho noveho prizpevku. Tak teda cekam na dalsi pokyny.

#18 Příspěvek od **cernohous13** » 12 zář 2011 15:21

Otevři Poznámkový blok (Notepad) a vlož zelený text ze scriptu.

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Soubor ulož jako -> oprava.reg - Uložit jako typ -> Všechny soubory
Zavři a dvojklikem na ikonu spusť - jen problikne a opraví registry - po akci jej smažeš.

ComboFix nevidí Aviru

přeinstaluj ji a dej mi RSIT

problémy s přepínáním a tapetou přetrvávají

Doggy23 · #19 Příspěvek od **Doggy23** » 12 zář 2011 16:21

Ano, problemy s prepinanim a tapetou pretrvavaji...
Tady ten RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by lukas at 2011-09-12 17:23:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 115 GB (75%) free of 153 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:23:19, on 12.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\lukas\Plocha\RSIT.exe
C:\Program Files\trend micro\lukas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file)
O3 - Toolbar: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 4644 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\SmartDefrag_Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-07 17421824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-07-06 1047656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-03-09 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-12 17:15:05 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-09-12 17:15:03 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-09-12 17:15:03 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-09-12 17:15:03 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-09-12 17:15:03 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-09-12 17:15:00 ----D---- C:\Program Files\Avira
2011-09-12 17:15:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Avira
2011-09-12 16:39:38 ----SHD---- C:\RECYCLER
2011-09-12 16:00:28 ----D---- C:\WINDOWS\temp
2011-09-12 16:00:27 ----A---- C:\ComboFix.txt
2011-09-12 14:28:25 ----A---- C:\Boot.bak
2011-09-12 14:28:21 ----RASHD---- C:\cmdcons
2011-09-12 14:23:53 ----A---- C:\WINDOWS\zip.exe
2011-09-12 14:23:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-09-12 14:23:53 ----A---- C:\WINDOWS\SWSC.exe
2011-09-12 14:23:53 ----A---- C:\WINDOWS\SWREG.exe
2011-09-12 14:23:53 ----A---- C:\WINDOWS\sed.exe
2011-09-12 14:23:53 ----A---- C:\WINDOWS\PEV.exe
2011-09-12 14:23:53 ----A---- C:\WINDOWS\NIRCMD.exe
2011-09-12 14:23:53 ----A---- C:\WINDOWS\MBR.exe
2011-09-12 14:23:53 ----A---- C:\WINDOWS\grep.exe
2011-09-12 14:23:47 ----D---- C:\WINDOWS\ERDNT
2011-09-12 14:23:35 ----D---- C:\Qoobox
2011-09-12 14:16:35 ----D---- C:\Documents and Settings\lukas\Data aplikací\Avira
2011-09-10 14:34:57 ----D---- C:\Documents and Settings\lukas\Data aplikací\Ahead
2011-09-09 21:54:30 ----D---- C:\Documents and Settings\lukas\Data aplikací\Malwarebytes
2011-09-09 20:23:08 ----D---- C:\_OTM
2011-09-09 17:33:53 ----D---- C:\Documents and Settings\lukas\Data aplikací\Search Settings
2011-09-09 11:48:27 ----D---- C:\Program Files\trend micro
2011-09-09 11:48:25 ----D---- C:\rsit
2011-09-08 09:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2607712$
2011-09-05 10:37:51 ----D---- C:\Documents and Settings\lukas\Data aplikací\WinRAR
2011-08-26 16:21:11 ----D---- C:\Program Files\Ventrilo
2011-08-26 16:18:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-08-26 15:53:13 ----D---- C:\Program Files\VentriloMIX
2011-08-26 14:59:35 ----D---- C:\Documents and Settings\lukas\Data aplikací\Ventrilo
2011-08-26 10:26:11 ----D---- C:\Documents and Settings\lukas\Data aplikací\ICQ
2011-08-25 09:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-23 21:16:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-22 12:50:01 ----A---- C:\WINDOWS\EEventManager.INI
2011-08-22 12:35:09 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
2011-08-22 12:35:06 ----A---- C:\WINDOWS\system32\E_FLBGGE.DLL
2011-08-22 12:35:06 ----A---- C:\WINDOWS\system32\E_FD4BGGE.DLL
2011-08-22 12:34:59 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-08-22 12:34:52 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-08-22 12:32:29 ----D---- C:\Documents and Settings\lukas\Data aplikací\InstallShield
2011-08-22 12:07:32 ----D---- C:\Program Files\CCleaner
2011-08-22 11:57:57 ----D---- C:\Documents and Settings\lukas\Data aplikací\Microsoft
2011-08-22 10:50:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-08-22 10:50:49 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-22 10:50:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-22 10:50:46 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-22 10:13:23 ----A---- C:\avira_antivir_personal_en.exe
2011-08-22 10:12:56 ----D---- C:\Documents and Settings\lukas\Data aplikací\Adobe
2011-08-22 10:08:21 ----D---- C:\Documents and Settings\lukas\Data aplikací\GHISLER
2011-08-21 15:07:18 ----D---- C:\Documents and Settings\lukas\Data aplikací\Macromedia
2011-08-21 15:05:23 ----D---- C:\Documents and Settings\lukas\Data aplikací\Opera
2011-08-21 10:55:32 ----D---- C:\WINDOWS\Profiles
2011-08-20 23:36:05 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-08-19 15:18:55 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2011-08-14 11:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$

======List of files/folders modified in the last 1 month======

2011-09-12 17:15:50 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-12 17:15:05 ----D---- C:\WINDOWS\system32\drivers
2011-09-12 17:15:00 ----RD---- C:\Program Files
2011-09-12 16:00:28 ----D---- C:\WINDOWS
2011-09-12 16:00:02 ----SD---- C:\WINDOWS\Tasks
2011-09-12 15:57:58 ----A---- C:\WINDOWS\system.ini
2011-09-12 15:55:12 ----D---- C:\WINDOWS\system32
2011-09-12 15:55:12 ----D---- C:\WINDOWS\AppPatch
2011-09-12 15:55:09 ----D---- C:\Program Files\Common Files
2011-09-12 14:42:16 ----D---- C:\WINDOWS\system32\config
2011-09-12 14:42:01 ----D---- C:\WINDOWS\system32\drivers\etc
2011-09-12 14:28:25 ----RASH---- C:\boot.ini
2011-09-12 14:18:20 ----D---- C:\WINDOWS\Prefetch
2011-09-10 16:23:03 ----A---- C:\WINDOWS\win.ini
2011-09-10 14:44:49 ----D---- C:\Program Files\Windows Media Player
2011-09-10 14:43:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-10 14:43:29 ----HD---- C:\WINDOWS\inf
2011-09-10 14:43:28 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-09-10 14:34:39 ----D---- C:\WINDOWS\Help
2011-09-10 14:34:39 ----D---- C:\Program Files\Windows Media Connect 2
2011-09-10 14:33:38 ----A---- C:\WINDOWS\NeroDigital.ini
2011-09-10 14:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-09-09 20:37:06 ----D---- C:\WINDOWS\system32\Com
2011-09-09 20:37:02 ----SHD---- C:\System Volume Information
2011-09-09 20:37:02 ----D---- C:\WINDOWS\system32\Restore
2011-09-07 10:13:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-05 14:40:09 ----D---- C:\WINDOWS\system32\NtmsData
2011-09-05 14:39:21 ----D---- C:\WINDOWS\Registration
2011-09-03 12:17:22 ----A---- C:\WINDOWS\system32\crypt32.dll
2011-08-29 12:16:17 ----SHD---- C:\WINDOWS\Installer
2011-08-29 12:16:16 ----D---- C:\Config.Msi
2011-08-26 14:29:27 ----D---- C:\Documents and Settings
2011-08-26 10:38:07 ----D---- C:\Program Files\IObit
2011-08-26 10:28:24 ----D---- C:\Program Files\epson
2011-08-26 10:24:49 ----D---- C:\WINDOWS\twain_32
2011-08-24 10:10:38 ----D---- C:\WINDOWS\WinSxS
2011-08-23 21:17:26 ----D---- C:\WINDOWS\SoftwareDistribution
2011-08-22 12:41:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON
2011-08-22 12:33:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\UDL
2011-08-22 12:31:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-22 12:30:11 ----D---- C:\Program Files\ABBYY FineReader 9.0 Sprint
2011-08-22 12:26:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ABBYY
2011-08-22 12:24:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-22 12:07:59 ----D---- C:\WINDOWS\Logs
2011-08-22 12:07:59 ----D---- C:\WINDOWS\Debug
2011-08-22 10:05:18 ----D---- C:\WINDOWS\system32\wbem
2011-08-21 15:01:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-07-20 137656]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-07-20 61960]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-03-09 6553088]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-11 4946944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1980-01-01 12160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2010-05-24 4003008]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 catchme;catchme; \??\C:\WINDOWS\TEMP\catchme.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-07-20 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-03-09 643072]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-03-28 4323256]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#20 Příspěvek od **cernohous13** » 12 zář 2011 18:03

smaž ještě:
C:\WINDOWS\winlog-dirs.txt
C:\Program Files\IObit

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Vypni Obnovení systému -> restartuj -> zapni Obnovení systému http://www.viry.cz/forum/viewtopic.php?t=47040

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

jak přepínáš klávesnici eng->cz ?

jak měníš tapetu ?

žádného škůdce už tam nemáš - je to zřejmě někde v nastavení

Doggy23 · #21 Příspěvek od **Doggy23** » 12 zář 2011 19:41

Tapetu prepinam pres ovladaci panely-vzhled a motivy-zmenit tapetu plochy

Klavesnici prepinam alt+shift ale oznaceni CS/EN nemam jako driv pred napadeni virem na hlavnim panelu

tak jsem zrovna zjistil ze tu ceskou klavesnici ani nemam

#22 Příspěvek od **cernohous13** » 13 zář 2011 06:52

Ovládací panely -> Místní a jazykové nastavení -> Jazyky -> Podrobnosti... -> Panel jazyků (Zobrazit na hlavním panelu) + Nastavení kláves

Pravým na ploše -> Vlastnosti -> Plocha

Doggy23 · #23 Příspěvek od **Doggy23** » 13 zář 2011 08:21

takhle jsem tu klavesnici zkousel uz i vcera a kdyz tam zadam ceskou dam pouzit tak ona tam nezustane,zmyzi a je tam jen anglicka

tapetu plochy i takhle jak jste radil tez nezmenim

Doggy23 · #24 Příspěvek od **Doggy23** » 13 zář 2011 19:18

zkousel jsem si zalozit novy ucet a tam to jede vse v pohode,takze uz to nemusime resit tenhle smazu

ale akorad se chci zeptat instaloval jsem skener s tiskarnou a skener to nainstalovalo dobre ale pri instalaci tiskarny mi vyskakuje okno ze RCP server neni povolen,tak se chci zeptat zda nevite co to je ten RCP server

#25 Příspěvek od **cernohous13** » 13 zář 2011 19:54

zkontroluj nastavení
Start -> Spustit... -> zadej services.msc -> OK
najdi Vzdálené volání procedur (RPC) -> pravým Vlastnosti ->

: RPC.jpg (28.25 KiB) Zobrazeno 811 x

: RPC1.jpg (26.15 KiB) Zobrazeno 811 x

Doggy23 · #26 Příspěvek od **Doggy23** » 13 zář 2011 21:07

tak tohle mam dobre nastavene,zrejme bude chyba nekde jinde

#27 Příspěvek od **cernohous13** » 14 zář 2011 11:46

Zkusíme v tom novém účtu radu kolegy stell

Start -> Spustit...
net start RPCSS
Enter -> Restart

Doggy23 · #28 Příspěvek od **Doggy23** » 24 zář 2011 10:20

Tak tiskarna a scener fungujou,dekuji za pomoc ale od te doby co jsem nainstalovat tiskarnu se mi pri spusteni uctu desne dlouho nacitaj ikony na plose.Tak se jeste chci zeptat zda nevis co by to mohlo bejt

#29 Příspěvek od **cernohous13** » 24 zář 2011 12:22

Udělej mi aktuální RSIT

Doggy23 · #30 Příspěvek od **Doggy23** » 24 zář 2011 12:36

Logfile of random's system information tool 1.09 (written by random/random)
Run by luky at 2011-09-24 13:40:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 106 GB (69%) free of 153 GB
Total RAM: 511 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:40:06, on 24.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\luky\Plocha\RSIT.exe
C:\Program Files\trend micro\luky.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\WINDOWS\TEMP\E_S1C.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 4852 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\SmartDefrag_Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-30 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-30 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-07 17421824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]
"EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2009-12-03 976320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"EPSON SX125 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [2009-09-14 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-07-06 1047656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-03-09 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-24 13:38:21 ----D---- C:\rsit
2011-09-24 10:59:45 ----D---- C:\Documents and Settings\luky\Data aplikací\Epson
2011-09-24 10:55:58 ----D---- C:\Program Files\Common Files\EPSON
2011-09-24 10:51:43 ----D---- C:\Documents and Settings\luky\Data aplikací\InstallShield
2011-09-24 10:47:54 ----A---- C:\WINDOWS\system32\eswiaud.dll
2011-09-24 10:47:54 ----A---- C:\WINDOWS\system32\esdevapp.exe
2011-09-24 10:47:54 ----A---- C:\WINDOWS\system32\escdev.dll
2011-09-21 23:35:04 ----D---- C:\Documents and Settings\luky\Data aplikací\Ventrilo
2011-09-17 11:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676$
2011-09-17 11:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-09-16 17:20:54 ----D---- C:\Documents and Settings\luky\Data aplikací\Avira
2011-09-15 16:00:07 ----A---- C:\WINDOWS\unvise32.exe
2011-09-15 14:57:07 ----D---- C:\Program Files\Postal2
2011-09-15 12:45:44 ----D---- C:\Documents and Settings\luky\Data aplikací\WinRAR
2011-09-13 22:35:49 ----A---- C:\WINDOWS\system32\setb0.tmp
2011-09-13 21:33:23 ----D---- C:\Documents and Settings\luky\Data aplikací\Macromedia
2011-09-13 21:33:23 ----D---- C:\Documents and Settings\luky\Data aplikací\Adobe
2011-09-13 21:31:35 ----D---- C:\Documents and Settings\luky\Data aplikací\Ahead
2011-09-13 13:27:24 ----D---- C:\Documents and Settings\luky\Data aplikací\Opera
2011-09-13 13:26:46 ----D---- C:\Documents and Settings\luky\Data aplikací\Identities
2011-09-13 13:26:32 ----ASH---- C:\Documents and Settings\luky\Data aplikací\desktop.ini
2011-09-13 13:26:31 ----SD---- C:\Documents and Settings\luky\Data aplikací\Microsoft
2011-09-12 20:41:54 ----D---- C:\Program Files\Defraggler
2011-09-12 20:41:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Google
2011-09-12 17:15:05 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-09-12 17:15:03 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-09-12 17:15:03 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-09-12 17:15:03 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-09-12 17:15:03 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-09-12 17:15:00 ----D---- C:\Program Files\Avira
2011-09-12 17:15:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Avira
2011-09-12 16:39:38 ----SHD---- C:\RECYCLER
2011-09-12 16:00:28 ----D---- C:\WINDOWS\temp
2011-09-12 14:28:25 ----A---- C:\Boot.bak
2011-09-12 14:28:21 ----RASHD---- C:\cmdcons
2011-09-09 11:48:27 ----D---- C:\Program Files\trend micro
2011-09-08 09:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2607712$
2011-08-26 16:21:11 ----D---- C:\Program Files\Ventrilo
2011-08-26 16:18:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-08-26 15:53:13 ----D---- C:\Program Files\VentriloMIX
2011-08-25 09:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$

======List of files/folders modified in the last 1 month======

2011-09-24 13:38:48 ----D---- C:\WINDOWS\Prefetch
2011-09-24 10:59:36 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-24 10:59:30 ----D---- C:\WINDOWS
2011-09-24 10:57:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-24 10:55:58 ----D---- C:\Program Files\Common Files
2011-09-24 10:55:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON
2011-09-24 10:55:36 ----HD---- C:\WINDOWS\inf
2011-09-24 10:53:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\UDL
2011-09-24 10:51:24 ----SHD---- C:\WINDOWS\Installer
2011-09-24 10:51:13 ----D---- C:\Config.Msi
2011-09-24 10:50:27 ----HD---- C:\Program Files\InstallShield Installation Information
2011-09-24 10:49:51 ----D---- C:\Program Files\ABBYY FineReader 9.0 Sprint
2011-09-24 10:47:54 ----D---- C:\WINDOWS\system32
2011-09-24 10:47:48 ----D---- C:\WINDOWS\twain_32
2011-09-24 10:47:48 ----D---- C:\Program Files\epson
2011-09-24 01:02:31 ----A---- C:\WINDOWS\NeroDigital.ini
2011-09-23 23:39:57 ----D---- C:\WINDOWS\Debug
2011-09-19 21:35:38 ----D---- C:\Program Files\Interlude
2011-09-17 11:07:56 ----D---- C:\WINDOWS\system32\CatRoot
2011-09-17 11:06:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-17 11:03:24 ----A---- C:\WINDOWS\system32\MRT.exe
2011-09-17 11:01:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-15 14:57:07 ----RD---- C:\Program Files
2011-09-13 22:35:52 ----D---- C:\WINDOWS\RegisteredPackages
2011-09-13 22:35:52 ----D---- C:\Program Files\Windows Media Player
2011-09-13 22:35:45 ----D---- C:\WINDOWS\Help
2011-09-13 13:26:31 ----D---- C:\Documents and Settings
2011-09-12 20:26:52 ----SHD---- C:\System Volume Information
2011-09-12 20:26:52 ----D---- C:\WINDOWS\system32\Restore
2011-09-12 19:14:24 ----D---- C:\WINDOWS\system32\drivers
2011-09-12 16:00:02 ----SD---- C:\WINDOWS\Tasks
2011-09-12 15:57:58 ----A---- C:\WINDOWS\system.ini
2011-09-12 15:55:12 ----D---- C:\WINDOWS\AppPatch
2011-09-12 14:42:16 ----D---- C:\WINDOWS\system32\config
2011-09-12 14:42:01 ----D---- C:\WINDOWS\system32\drivers\etc
2011-09-12 14:28:25 ----RASH---- C:\boot.ini
2011-09-10 16:23:03 ----A---- C:\WINDOWS\win.ini
2011-09-10 14:43:28 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-09-10 14:34:39 ----D---- C:\Program Files\Windows Media Connect 2
2011-09-10 14:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-09-09 20:37:06 ----D---- C:\WINDOWS\system32\Com
2011-09-09 11:12:04 ----A---- C:\WINDOWS\system32\crypt32.dll
2011-09-05 14:40:09 ----D---- C:\WINDOWS\system32\NtmsData
2011-09-05 14:39:21 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-09-13 138192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-13 66616]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-03-09 6553088]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-11 4946944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1980-01-01 12160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2010-05-24 4003008]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-13 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-03-09 643072]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-03-28 4323256]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

VIRY.CZ

FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir