Ahoj,
prosim o kontrolu logu, ked sa snazim pripojit na notebooku cez wifi, tak nie je mozne, pripojenie cez kabel funguje bez problemov:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Stanley at 2011-09-18 16:46:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive E: has 267 GB (87%) free of 305 GB
Total RAM: 3071 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:47:00, on 18.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\AVAST Software\Avast\AvastSvc.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
E:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
E:\Program Files\ASUS\ATK Hotkey\HControl.exe
E:\WINDOWS\ASScrPro.exe
E:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
E:\Program Files\AVAST Software\Avast\avastUI.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\T-Mobile Communication Center\TMCC.exe
E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
E:\Program Files\ASUS\ATK Hotkey\WDC.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\AVAST Software\Avast\setup\avast.setup
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Documents and Settings\Stanley\My Documents\Preberanie\RSIT(2).exe
E:\Program Files\trend micro\Stanley.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.gamingharbor.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - E:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - E:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MsgTranAgt] E:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
O4 - HKLM\..\Run: [HControlUser] E:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] E:\Program Files\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] E:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [EEventManager] E:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [avast] "E:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX110 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "E:\WINDOWS\TEMP\E_SB1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [TMCC] "E:\Program Files\T-Mobile Communication Center\TMCC.exe" -m
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9747023359
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - E:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - E:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - E:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - E:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 7730 bytes
======Scheduled tasks folder======
E:\WINDOWS\tasks\Epson Printer Software Downloader.job
=========Mozilla firefox=========
ProfilePath - E:\Documents and Settings\Stanley\Application Data\Mozilla\Firefox\Profiles\jaz32445.default
prefs.js - "browser.startup.homepage" - "http://www.azet.sk/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, personas@christopher.beard:1.5.3, wrc@avast.com:20110101, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22"
"{20a82645-c095-46ed-80e3-08825760534b}"=e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=E:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=E:\Program Files\DivX\DivX Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
E:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
E:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
E:\Program Files\Mozilla Firefox\plugins\
libdivx.dll
npdivx32.dll
npdivx32.xpt
npnul32.dll
nppdf32.dll
ssldivx.dll
E:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
E:\Documents and Settings\Stanley\Application Data\Mozilla\Firefox\Profiles\jaz32445.default\extensions\
personas@christopher.beard
{20a82645-c095-46ed-80e3-08825760534b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - E:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - E:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2008-06-20 16872448]
"MsgTranAgt"=E:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe [2007-11-04 106496]
"HControlUser"=E:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-01-11 98304]
"ATKHOTKEY"=E:\Program Files\ASUS\ATK Hotkey\HControl.exe [2008-06-26 217088]
"ASUS Screen Saver Protector"=E:\WINDOWS\ASScrPro.exe [2009-01-24 33136]
"UpdatePPShortCut"=E:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"EEventManager"=E:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2009-04-07 673616]
"avast"=E:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON SX110 Series"=E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]
"TMCC"=E:\Program Files\T-Mobile Communication Center\TMCC.exe [2010-07-29 774144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
E:\WINDOWS\ASScrProlog.exe [2009-01-24 37232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
E:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kvasoft]
E:\WINDOWS\system32\kva8wr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
E:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-02-22 62760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-04-02 87336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
E:\WINDOWS\sm56hlpr.exe [2006-03-21 544768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
E:\Program Files\Winamp\winampa.exe [2006-09-26 35328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^CCC.lnk]
E:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2007-07-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^RocketDock.lnk]
E:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^Ubisoft register.lnk]
E:\PROGRA~1\Ubisoft\Register\schedule.exe [2008-02-23 28672]
E:\Documents and Settings\Stanley\Start Menu\Programs\Startup
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2008-04-22 126976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="E:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"E:\Program Files\CyberLink\PowerDirector\PDR.exe"="E:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"E:\Documents and Settings\Stanley\Desktop\dune2000\dune2000.dat"="E:\Documents and Settings\Stanley\Desktop\dune2000\dune2000.dat:*:Disabled:Dune2000"
"E:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="E:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Epson Software\Event Manager\EEventManager.exe"="E:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=E:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=E:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=serwvdrv.dll
"VIDC.ACDV"=ACDV.dll
"vidc.DIVX"=divx.dll
"msacm.clmp3enc"=E:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
======List of files/folders created in the last 1 month======
2011-09-18 15:06:18 ----A---- E:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-09-18 15:06:17 ----A---- E:\WINDOWS\system32\drivers\aswSP.sys
2011-09-18 15:06:14 ----A---- E:\WINDOWS\system32\drivers\aswRdr.sys
2011-09-18 15:06:13 ----A---- E:\WINDOWS\system32\drivers\aswTdi.sys
2011-09-18 15:06:12 ----A---- E:\WINDOWS\system32\drivers\aswSnx.sys
2011-09-18 15:06:11 ----A---- E:\WINDOWS\system32\drivers\aswmon2.sys
2011-09-18 15:06:11 ----A---- E:\WINDOWS\system32\drivers\aswmon.sys
2011-09-18 15:06:10 ----A---- E:\WINDOWS\system32\drivers\aavmker4.sys
2011-09-18 15:05:53 ----A---- E:\WINDOWS\avastSS.scr
2011-09-18 15:05:52 ----A---- E:\WINDOWS\system32\aswBoot.exe
2011-09-18 15:05:43 ----D---- E:\Program Files\AVAST Software
2011-09-18 15:05:43 ----D---- E:\Documents and Settings\All Users\Application Data\AVAST Software
======List of files/folders modified in the last 1 month======
2011-09-18 16:46:55 ----D---- E:\WINDOWS\Prefetch
2011-09-18 16:46:54 ----D---- E:\Program Files\trend micro
2011-09-18 16:42:19 ----D---- E:\WINDOWS\temp
2011-09-18 16:38:51 ----D---- E:\WINDOWS\system32\CatRoot2
2011-09-18 15:30:22 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-09-18 15:28:41 ----A---- E:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2011-09-18 15:06:18 ----D---- E:\WINDOWS\system32\drivers
2011-09-18 15:06:06 ----SHD---- E:\WINDOWS\Installer
2011-09-18 15:06:06 ----SHD---- E:\Config.Msi
2011-09-18 15:06:03 ----D---- E:\WINDOWS\WinSxS
2011-09-18 15:05:53 ----D---- E:\WINDOWS
2011-09-18 15:05:52 ----D---- E:\WINDOWS\system32
2011-09-18 15:05:43 ----RD---- E:\Program Files
2011-09-18 15:04:11 ----HD---- E:\WINDOWS\inf
2011-09-18 14:20:43 ----D---- E:\Program Files\ESET
2011-09-09 01:19:32 ----A---- E:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2011-09-09 00:38:09 ----D---- E:\Program Files\Mozilla Firefox
2011-08-22 18:18:19 ----A---- E:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; E:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-10-18 36624]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); E:\WINDOWS\System32\drivers\sfdrv01.sys [2005-05-17 50176]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); E:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); E:\WINDOWS\System32\drivers\sfsync02.sys [2005-05-16 19968]
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]
R1 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 intelppm;Intel Processor Driver; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 Angelnt;Angelnt; E:\WINDOWS\System32\Drivers\ANGELNT.SYS [2011-03-15 51072]
R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMon2;aswMon2; E:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]
R3 AR5211;Atheros Wireless Network Adapter Service; E:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\E:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS []
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-22 2880000]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-20 4741120]
R3 kbfiltr;Keyboard Filter; E:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; E:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-17 7680]
R3 pfc;Padus ASPI Shell; E:\WINDOWS\system32\drivers\pfc.sys [2009-01-25 10368]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; E:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2008-03-03 43392]
R3 smserial;smserial; E:\WINDOWS\system32\DRIVERS\smserial.sys [2006-03-21 889472]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); E:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 usbstor;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 catchme;catchme; \??\E:\DOCUME~1\Stanley\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ewusbnet;HUAWEI USB-NDIS miniport; E:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2011-06-06 114432]
S3 HidUsb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; E:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2011-06-06 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; E:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2011-06-06 100736]
S3 massfilter;ZTE Mass Storage Filter Driver; E:\WINDOWS\system32\drivers\massfilter.sys []
S3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); E:\WINDOWS\system32\DRIVERS\sscdbus.sys [2011-03-15 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2011-03-15 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; E:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2011-03-15 106792]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); E:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; E:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; E:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; E:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; E:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2005-11-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2008-04-22 536576]
R2 avast! Antivirus;avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; E:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; E:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); E:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSCSPTISRV;MSCSPTISRV; E:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 NMIndexingService;NMIndexingService; E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; E:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 ServiceLayer;ServiceLayer; E:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 SPTISRV;Sony SPTI Service; E:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu - problem s bezdrotovym pripojenim
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Kontrola logu - problem s bezdrotovym pripojenim
Zdravím, tohle fixni v HJT :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.gamingharbor.com
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
HJT najdeš zde :
E:\Program Files\trend micro\Stanley.exe
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Nero BackItUp Scheduler 3
NMIndexingService - Nero AG
Cyberlink RichVideo Service
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Nejdříve se podíváme zda to nedělá nějaký ukrytý šmejd a pak se vrhneme na ovladače.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.gamingharbor.com
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdatePPShortCut] "E:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
HJT najdeš zde :
E:\Program Files\trend micro\Stanley.exe
Fix znamená že spustíš HJT
jako adminv okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Nero BackItUp Scheduler 3
NMIndexingService - Nero AG
Cyberlink RichVideo Service
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Nejdříve se podíváme zda to nedělá nějaký ukrytý šmejd a pak se vrhneme na ovladače.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Kontrola logu - problem s bezdrotovym pripojenim
Ahoj,
v HjT som uvedene veci fixol,sluzby som zastavil,vycistil som laptop ccleanerom a prikladam log z combofixu:
ComboFix 11-09-19.01 - Stanley 19.09.2011 13:07:43.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2460 [GMT 2:00]
Running from: e:\documents and settings\Stanley\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\windows\iun6002.exe
e:\windows\system32\comct332.ocx
e:\windows\system32\E_FD4BFBE.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-18 14:48 . 2011-06-24 14:10 139656 -c----w- e:\windows\system32\dllcache\rdpwd.sys
2011-09-18 14:47 . 2011-07-08 14:02 10496 -c----w- e:\windows\system32\dllcache\ndistapi.sys
2011-09-18 13:06 . 2011-09-06 20:36 20568 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2011-09-18 13:06 . 2011-09-06 20:37 320856 ----a-w- e:\windows\system32\drivers\aswSP.sys
2011-09-18 13:06 . 2011-09-06 20:36 34392 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2011-09-18 13:06 . 2011-09-06 20:36 52568 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2011-09-18 13:06 . 2011-09-06 20:38 442200 ----a-w- e:\windows\system32\drivers\aswSnx.sys
2011-09-18 13:06 . 2011-09-06 20:36 110552 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2011-09-18 13:06 . 2011-09-06 20:36 104536 ----a-w- e:\windows\system32\drivers\aswmon.sys
2011-09-18 13:06 . 2011-09-06 20:33 30808 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2011-09-18 13:05 . 2011-09-06 20:45 41184 ----a-w- e:\windows\avastSS.scr
2011-09-18 13:05 . 2011-09-06 20:45 199304 ----a-w- e:\windows\system32\aswBoot.exe
2011-09-18 13:05 . 2011-09-18 13:05 -------- d-----w- e:\program files\AVAST Software
2011-09-18 13:05 . 2011-09-18 13:05 -------- d-----w- e:\documents and settings\All Users\Application Data\AVAST Software
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- e:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-03 23:56 599040 ----a-w- e:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-03 22:15 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-11-18 07:54 10496 ----a-w- e:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-01-24 16:56 139656 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-03 23:56 667136 ----a-w- e:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-03 23:56 81920 ----a-w- e:\windows\system32\ieencode.dll
2011-06-21 18:18 . 2004-08-03 21:59 61952 ----a-w- e:\windows\system32\tdc.ocx
2011-06-21 12:58 . 2004-08-03 21:59 369664 ----a-w- e:\windows\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TMCC"="e:\program files\T-Mobile Communication Center\TMCC.exe" [2010-07-29 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-20 16872448]
"MsgTranAgt"="e:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"HControlUser"="e:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="e:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-06-26 217088]
"ASUS Screen Saver Protector"="e:\windows\ASScrPro.exe" [2009-01-24 33136]
"EEventManager"="e:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"avast"="e:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^CCC.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\CCC.lnk
backup=e:\windows\pss\CCC.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^RocketDock.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\RocketDock.lnk
backup=e:\windows\pss\RocketDock.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=e:\windows\pss\Ubisoft register.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-01-24 17:45 37232 ----a-w- e:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- e:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- e:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 10:19 62760 ----a-w- e:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 16:59 2289664 ----a-w- e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 08:59 570664 ----a-w- e:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 18:09 87336 ------w- e:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-03-21 14:54 544768 ----a-w- e:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-09-26 14:49 35328 ----a-w- e:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"e:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"e:\\Documents and Settings\\Stanley\\Desktop\\dune2000\\dune2000.dat"=
"e:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [18.9.2011 15:06 442200]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [18.9.2011 15:06 320856]
R2 Angelnt;Angelnt;e:\windows\system32\drivers\ANGELNT.SYS [15.3.2011 15:55 51072]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [18.9.2011 15:06 20568]
S3 ewusbnet;HUAWEI USB-NDIS miniport;e:\windows\system32\drivers\ewusbnet.sys [6.6.2011 11:00 114432]
S3 hwusbdev;Huawei DataCard USB PNP Device;e:\windows\system32\drivers\ewusbdev.sys [6.6.2011 11:00 100736]
S3 massfilter;ZTE Mass Storage Filter Driver;e:\windows\system32\drivers\massfilter.sys --> e:\windows\system32\drivers\massfilter.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 e:\windows\Tasks\Epson Printer Software Downloader.job
- e:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.254
FF - ProfilePath - e:\documents and settings\Stanley\Application Data\Mozilla\Firefox\Profiles\jaz32445.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - e:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AdobeUpdater - e:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-kvasoft - e:\windows\system32\kva8wr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 13:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(560)
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-09-19 13:19:57
ComboFix-quarantined-files.txt 2011-09-19 11:19
ComboFix2.txt 2009-08-08 13:59
.
Pre-Run: 279 054 651 392 bytes free
Post-Run: 21 adresárov, 279 119 474 688 voľných bajtov
.
- - End Of File - - 8AD5A1142FAFB2D6711CB7583A3B600C
mimochodom,wifina sa uz chytila
v HjT som uvedene veci fixol,sluzby som zastavil,vycistil som laptop ccleanerom a prikladam log z combofixu:
ComboFix 11-09-19.01 - Stanley 19.09.2011 13:07:43.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2460 [GMT 2:00]
Running from: e:\documents and settings\Stanley\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\windows\iun6002.exe
e:\windows\system32\comct332.ocx
e:\windows\system32\E_FD4BFBE.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-18 14:48 . 2011-06-24 14:10 139656 -c----w- e:\windows\system32\dllcache\rdpwd.sys
2011-09-18 14:47 . 2011-07-08 14:02 10496 -c----w- e:\windows\system32\dllcache\ndistapi.sys
2011-09-18 13:06 . 2011-09-06 20:36 20568 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2011-09-18 13:06 . 2011-09-06 20:37 320856 ----a-w- e:\windows\system32\drivers\aswSP.sys
2011-09-18 13:06 . 2011-09-06 20:36 34392 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2011-09-18 13:06 . 2011-09-06 20:36 52568 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2011-09-18 13:06 . 2011-09-06 20:38 442200 ----a-w- e:\windows\system32\drivers\aswSnx.sys
2011-09-18 13:06 . 2011-09-06 20:36 110552 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2011-09-18 13:06 . 2011-09-06 20:36 104536 ----a-w- e:\windows\system32\drivers\aswmon.sys
2011-09-18 13:06 . 2011-09-06 20:33 30808 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2011-09-18 13:05 . 2011-09-06 20:45 41184 ----a-w- e:\windows\avastSS.scr
2011-09-18 13:05 . 2011-09-06 20:45 199304 ----a-w- e:\windows\system32\aswBoot.exe
2011-09-18 13:05 . 2011-09-18 13:05 -------- d-----w- e:\program files\AVAST Software
2011-09-18 13:05 . 2011-09-18 13:05 -------- d-----w- e:\documents and settings\All Users\Application Data\AVAST Software
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- e:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-03 23:56 599040 ----a-w- e:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-03 22:15 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-11-18 07:54 10496 ----a-w- e:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-01-24 16:56 139656 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-03 23:56 667136 ----a-w- e:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-03 23:56 81920 ----a-w- e:\windows\system32\ieencode.dll
2011-06-21 18:18 . 2004-08-03 21:59 61952 ----a-w- e:\windows\system32\tdc.ocx
2011-06-21 12:58 . 2004-08-03 21:59 369664 ----a-w- e:\windows\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TMCC"="e:\program files\T-Mobile Communication Center\TMCC.exe" [2010-07-29 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-20 16872448]
"MsgTranAgt"="e:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"HControlUser"="e:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="e:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-06-26 217088]
"ASUS Screen Saver Protector"="e:\windows\ASScrPro.exe" [2009-01-24 33136]
"EEventManager"="e:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"avast"="e:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^CCC.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\CCC.lnk
backup=e:\windows\pss\CCC.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^RocketDock.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\RocketDock.lnk
backup=e:\windows\pss\RocketDock.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=e:\windows\pss\Ubisoft register.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-01-24 17:45 37232 ----a-w- e:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- e:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- e:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 10:19 62760 ----a-w- e:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 16:59 2289664 ----a-w- e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 08:59 570664 ----a-w- e:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 18:09 87336 ------w- e:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-03-21 14:54 544768 ----a-w- e:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-09-26 14:49 35328 ----a-w- e:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"e:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"e:\\Documents and Settings\\Stanley\\Desktop\\dune2000\\dune2000.dat"=
"e:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [18.9.2011 15:06 442200]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [18.9.2011 15:06 320856]
R2 Angelnt;Angelnt;e:\windows\system32\drivers\ANGELNT.SYS [15.3.2011 15:55 51072]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [18.9.2011 15:06 20568]
S3 ewusbnet;HUAWEI USB-NDIS miniport;e:\windows\system32\drivers\ewusbnet.sys [6.6.2011 11:00 114432]
S3 hwusbdev;Huawei DataCard USB PNP Device;e:\windows\system32\drivers\ewusbdev.sys [6.6.2011 11:00 100736]
S3 massfilter;ZTE Mass Storage Filter Driver;e:\windows\system32\drivers\massfilter.sys --> e:\windows\system32\drivers\massfilter.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 e:\windows\Tasks\Epson Printer Software Downloader.job
- e:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.254
FF - ProfilePath - e:\documents and settings\Stanley\Application Data\Mozilla\Firefox\Profiles\jaz32445.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - e:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AdobeUpdater - e:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-kvasoft - e:\windows\system32\kva8wr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 13:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(560)
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-09-19 13:19:57
ComboFix-quarantined-files.txt 2011-09-19 11:19
ComboFix2.txt 2009-08-08 13:59
.
Pre-Run: 279 054 651 392 bytes free
Post-Run: 21 adresárov, 279 119 474 688 voľných bajtov
.
- - End Of File - - 8AD5A1142FAFB2D6711CB7583A3B600C
mimochodom,wifina sa uz chytila
Klingoln
Re: Kontrola logu - problem s bezdrotovym pripojenim
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
E:\WINDOWS\system32\kva8wr.exe
Folder::
E:\Program Files\ESET
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kvasoft]
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Kontrola logu - problem s bezdrotovym pripojenim
Ahoj,
tu je novy log z combofixu:
ComboFix 11-09-19.01 - Stanley 19.09.2011 14:59:08.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2559 [GMT 2:00]
Running from: e:\documents and settings\Stanley\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Stanley\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"e:\windows\system32\kva8wr.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\program files\ESET
e:\program files\ESET\Install\advheur.nup
e:\program files\ESET\Install\archs.nup
e:\program files\ESET\Install\engine.nup
e:\program files\ESET\Install\charon.nup
e:\program files\ESET\Install\main.dll
e:\program files\ESET\Install\mainlang.dll
e:\program files\ESET\Install\mfc42.dll
e:\program files\ESET\Install\mfc42u.dll
e:\program files\ESET\Install\msvcrt.dll
e:\program files\ESET\Install\ntbasecz.nup
e:\program files\ESET\Install\ntbaseen.nup
e:\program files\ESET\Install\ntinetcz.nup
e:\program files\ESET\Install\ntineten.nup
e:\program files\ESET\Install\ntstdcz.nup
e:\program files\ESET\Install\ntstden.nup
e:\program files\ESET\Install\pwscan.nup
e:\program files\ESET\Install\readme.txt
e:\program files\ESET\Install\setup.exe
e:\program files\ESET\Install\setup.xml
e:\program files\ESET\Install\utilmod.nup
e:\program files\ESET\nod32.007
e:\program files\ESET\nod32fix.reg
e:\program files\ESET\unins000.dat
e:\program files\ESET\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-18 14:48 . 2011-06-24 14:10 139656 -c----w- e:\windows\system32\dllcache\rdpwd.sys
2011-09-18 14:47 . 2011-07-08 14:02 10496 -c----w- e:\windows\system32\dllcache\ndistapi.sys
2011-09-18 13:06 . 2011-09-06 20:36 20568 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2011-09-18 13:06 . 2011-09-06 20:37 320856 ----a-w- e:\windows\system32\drivers\aswSP.sys
2011-09-18 13:06 . 2011-09-06 20:36 34392 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2011-09-18 13:06 . 2011-09-06 20:36 52568 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2011-09-18 13:06 . 2011-09-06 20:38 442200 ----a-w- e:\windows\system32\drivers\aswSnx.sys
2011-09-18 13:06 . 2011-09-06 20:36 110552 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2011-09-18 13:06 . 2011-09-06 20:36 104536 ----a-w- e:\windows\system32\drivers\aswmon.sys
2011-09-18 13:06 . 2011-09-06 20:33 30808 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2011-09-18 13:05 . 2011-09-06 20:45 41184 ----a-w- e:\windows\avastSS.scr
2011-09-18 13:05 . 2011-09-06 20:45 199304 ----a-w- e:\windows\system32\aswBoot.exe
2011-09-18 13:05 . 2011-09-18 13:05 -------- d-----w- e:\program files\AVAST Software
2011-09-18 13:05 . 2011-09-18 13:05 -------- d-----w- e:\documents and settings\All Users\Application Data\AVAST Software
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- e:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-03 23:56 599040 ----a-w- e:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-03 22:15 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-11-18 07:54 10496 ----a-w- e:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-01-24 16:56 139656 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-03 23:56 667136 ----a-w- e:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-03 23:56 81920 ----a-w- e:\windows\system32\ieencode.dll
2011-06-21 18:18 . 2004-08-03 21:59 61952 ----a-w- e:\windows\system32\tdc.ocx
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TMCC"="e:\program files\T-Mobile Communication Center\TMCC.exe" [2010-07-29 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-20 16872448]
"MsgTranAgt"="e:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"HControlUser"="e:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="e:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-06-26 217088]
"ASUS Screen Saver Protector"="e:\windows\ASScrPro.exe" [2009-01-24 33136]
"avast"="e:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^CCC.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\CCC.lnk
backup=e:\windows\pss\CCC.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^RocketDock.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\RocketDock.lnk
backup=e:\windows\pss\RocketDock.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=e:\windows\pss\Ubisoft register.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-01-24 17:45 37232 ----a-w- e:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 08:13 673616 ------w- e:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- e:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- e:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 10:19 62760 ----a-w- e:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 16:59 2289664 ----a-w- e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 08:59 570664 ----a-w- e:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 18:09 87336 ------w- e:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-03-21 14:54 544768 ----a-w- e:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-09-26 14:49 35328 ----a-w- e:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"e:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"e:\\Documents and Settings\\Stanley\\Desktop\\dune2000\\dune2000.dat"=
"e:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [18.9.2011 15:06 442200]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [18.9.2011 15:06 320856]
R2 Angelnt;Angelnt;e:\windows\system32\drivers\ANGELNT.SYS [15.3.2011 15:55 51072]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [18.9.2011 15:06 20568]
S3 ewusbnet;HUAWEI USB-NDIS miniport;e:\windows\system32\drivers\ewusbnet.sys [6.6.2011 11:00 114432]
S3 hwusbdev;Huawei DataCard USB PNP Device;e:\windows\system32\drivers\ewusbdev.sys [6.6.2011 11:00 100736]
S3 massfilter;ZTE Mass Storage Filter Driver;e:\windows\system32\drivers\massfilter.sys --> e:\windows\system32\drivers\massfilter.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 e:\windows\Tasks\Epson Printer Software Downloader.job
- e:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.254
FF - ProfilePath - e:\documents and settings\Stanley\Application Data\Mozilla\Firefox\Profiles\jaz32445.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - e:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 - e:\program files\Eset\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-09-19 15:11:53
ComboFix-quarantined-files.txt 2011-09-19 13:11
ComboFix2.txt 2011-09-19 11:20
ComboFix3.txt 2009-08-08 13:59
.
Pre-Run: 279 185 453 056 bytes free
Post-Run: 21 adresárov, 279 163 092 992 voľných bajtov
.
- - End Of File - - B142719655201C5AAE5101A17ABC2061
tu je novy log z combofixu:
ComboFix 11-09-19.01 - Stanley 19.09.2011 14:59:08.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2559 [GMT 2:00]
Running from: e:\documents and settings\Stanley\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Stanley\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"e:\windows\system32\kva8wr.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\program files\ESET
e:\program files\ESET\Install\advheur.nup
e:\program files\ESET\Install\archs.nup
e:\program files\ESET\Install\engine.nup
e:\program files\ESET\Install\charon.nup
e:\program files\ESET\Install\main.dll
e:\program files\ESET\Install\mainlang.dll
e:\program files\ESET\Install\mfc42.dll
e:\program files\ESET\Install\mfc42u.dll
e:\program files\ESET\Install\msvcrt.dll
e:\program files\ESET\Install\ntbasecz.nup
e:\program files\ESET\Install\ntbaseen.nup
e:\program files\ESET\Install\ntinetcz.nup
e:\program files\ESET\Install\ntineten.nup
e:\program files\ESET\Install\ntstdcz.nup
e:\program files\ESET\Install\ntstden.nup
e:\program files\ESET\Install\pwscan.nup
e:\program files\ESET\Install\readme.txt
e:\program files\ESET\Install\setup.exe
e:\program files\ESET\Install\setup.xml
e:\program files\ESET\Install\utilmod.nup
e:\program files\ESET\nod32.007
e:\program files\ESET\nod32fix.reg
e:\program files\ESET\unins000.dat
e:\program files\ESET\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-18 14:48 . 2011-06-24 14:10 139656 -c----w- e:\windows\system32\dllcache\rdpwd.sys
2011-09-18 14:47 . 2011-07-08 14:02 10496 -c----w- e:\windows\system32\dllcache\ndistapi.sys
2011-09-18 13:06 . 2011-09-06 20:36 20568 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2011-09-18 13:06 . 2011-09-06 20:37 320856 ----a-w- e:\windows\system32\drivers\aswSP.sys
2011-09-18 13:06 . 2011-09-06 20:36 34392 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2011-09-18 13:06 . 2011-09-06 20:36 52568 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2011-09-18 13:06 . 2011-09-06 20:38 442200 ----a-w- e:\windows\system32\drivers\aswSnx.sys
2011-09-18 13:06 . 2011-09-06 20:36 110552 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2011-09-18 13:06 . 2011-09-06 20:36 104536 ----a-w- e:\windows\system32\drivers\aswmon.sys
2011-09-18 13:06 . 2011-09-06 20:33 30808 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2011-09-18 13:05 . 2011-09-06 20:45 41184 ----a-w- e:\windows\avastSS.scr
2011-09-18 13:05 . 2011-09-06 20:45 199304 ----a-w- e:\windows\system32\aswBoot.exe
2011-09-18 13:05 . 2011-09-18 13:05 -------- d-----w- e:\program files\AVAST Software
2011-09-18 13:05 . 2011-09-18 13:05 -------- d-----w- e:\documents and settings\All Users\Application Data\AVAST Software
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- e:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-03 23:56 599040 ----a-w- e:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-03 22:15 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-11-18 07:54 10496 ----a-w- e:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-01-24 16:56 139656 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-03 23:56 667136 ----a-w- e:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-03 23:56 81920 ----a-w- e:\windows\system32\ieencode.dll
2011-06-21 18:18 . 2004-08-03 21:59 61952 ----a-w- e:\windows\system32\tdc.ocx
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TMCC"="e:\program files\T-Mobile Communication Center\TMCC.exe" [2010-07-29 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-20 16872448]
"MsgTranAgt"="e:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"HControlUser"="e:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="e:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-06-26 217088]
"ASUS Screen Saver Protector"="e:\windows\ASScrPro.exe" [2009-01-24 33136]
"avast"="e:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^CCC.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\CCC.lnk
backup=e:\windows\pss\CCC.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^RocketDock.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\RocketDock.lnk
backup=e:\windows\pss\RocketDock.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Stanley^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=e:\documents and settings\Stanley\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=e:\windows\pss\Ubisoft register.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-01-24 17:45 37232 ----a-w- e:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 08:13 673616 ------w- e:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- e:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- e:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 10:19 62760 ----a-w- e:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 16:59 2289664 ----a-w- e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 08:59 570664 ----a-w- e:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 18:09 87336 ------w- e:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-03-21 14:54 544768 ----a-w- e:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-09-26 14:49 35328 ----a-w- e:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"e:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"e:\\Documents and Settings\\Stanley\\Desktop\\dune2000\\dune2000.dat"=
"e:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [18.9.2011 15:06 442200]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [18.9.2011 15:06 320856]
R2 Angelnt;Angelnt;e:\windows\system32\drivers\ANGELNT.SYS [15.3.2011 15:55 51072]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [18.9.2011 15:06 20568]
S3 ewusbnet;HUAWEI USB-NDIS miniport;e:\windows\system32\drivers\ewusbnet.sys [6.6.2011 11:00 114432]
S3 hwusbdev;Huawei DataCard USB PNP Device;e:\windows\system32\drivers\ewusbdev.sys [6.6.2011 11:00 100736]
S3 massfilter;ZTE Mass Storage Filter Driver;e:\windows\system32\drivers\massfilter.sys --> e:\windows\system32\drivers\massfilter.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 e:\windows\Tasks\Epson Printer Software Downloader.job
- e:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.254
FF - ProfilePath - e:\documents and settings\Stanley\Application Data\Mozilla\Firefox\Profiles\jaz32445.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - e:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 - e:\program files\Eset\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-09-19 15:11:53
ComboFix-quarantined-files.txt 2011-09-19 13:11
ComboFix2.txt 2011-09-19 11:20
ComboFix3.txt 2009-08-08 13:59
.
Pre-Run: 279 185 453 056 bytes free
Post-Run: 21 adresárov, 279 163 092 992 voľných bajtov
.
- - End Of File - - B142719655201C5AAE5101A17ABC2061
Klingoln
Re: Kontrola logu - problem s bezdrotovym pripojenim
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Možná by nebylo od věci aktualizovat ovladače k wifi.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Možná by nebylo od věci aktualizovat ovladače k wifi.
Re: Kontrola logu - problem s bezdrotovym pripojenim
Ahoj,
vsetko spravene, wifi funguje v poho...
Dik moc za pomoc
vsetko spravene, wifi funguje v poho...
Dik moc za pomoc
Klingoln
Přispějete na provoz fóra?